Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO_27052024.exe

Overview

General Information

Sample name:PO_27052024.exe
Analysis ID:1447834
MD5:4199d8995c4b86f6053c43cb70a87aa9
SHA1:ae7d740bc01ae87d643f98264efa3b995365a66f
SHA256:74a7dd343c4fac52d9d695d8d189a1bf3d5e5578622099bdf731544df385b75d
Tags:exeFormbook
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to log keystrokes (.Net Source)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • PO_27052024.exe (PID: 2724 cmdline: "C:\Users\user\Desktop\PO_27052024.exe" MD5: 4199D8995C4B86F6053C43CB70A87AA9)
    • PO_27052024.exe (PID: 2352 cmdline: "C:\Users\user\Desktop\PO_27052024.exe" MD5: 4199D8995C4B86F6053C43CB70A87AA9)
    • PO_27052024.exe (PID: 5956 cmdline: "C:\Users\user\Desktop\PO_27052024.exe" MD5: 4199D8995C4B86F6053C43CB70A87AA9)
    • SgrmBroker.exe (PID: 2352 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.alitextile.com", "Username": "9@alitextile.com", "Password": "Myname321@"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.3686376787.000000000319D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000004.00000002.3666284064.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000004.00000002.3666284064.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000000.00000002.1230653583.000000000390E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000002.1230653583.000000000390E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 5 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.PO_27052024.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              4.2.PO_27052024.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                4.2.PO_27052024.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  4.2.PO_27052024.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                  • 0x33f29:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                  • 0x33f9b:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                  • 0x34025:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                  • 0x340b7:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                  • 0x34121:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                  • 0x34193:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                  • 0x34229:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                  • 0x342b9:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                  0.2.PO_27052024.exe.3949a00.6.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 13 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 192.185.143.105, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\PO_27052024.exe, Initiated: true, ProcessId: 5956, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49707

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 4.2.PO_27052024.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.alitextile.com", "Username": "9@alitextile.com", "Password": "Myname321@"}
                    Multi AV Scanner detection for submitted file
                    Source: PO_27052024.exeReversingLabs: Detection: 39%
                    Source: PO_27052024.exeVirustotal: Detection: 57%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: PO_27052024.exeJoe Sandbox ML: detected
                    Source: PO_27052024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.7:49703 version: TLS 1.2
                    Source: PO_27052024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4x nop then jmp 069F6F2Bh0_2_069F6509
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4x nop then jmp 069F6F2Bh0_2_069F6509

                    Networking

                    barindex
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 4.2.PO_27052024.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_27052024.exe.390e5e0.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_27052024.exe.3949a00.6.raw.unpack, type: UNPACKEDPE
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                    Source: Joe Sandbox ViewIP Address: 192.185.143.105 192.185.143.105
                    Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                    Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                    Source: Joe Sandbox ViewASN Name: TUT-ASUS TUT-ASUS
                    Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: ip-api.com
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                    Source: global trafficDNS traffic detected: DNS query: ip-api.com
                    Source: global trafficDNS traffic detected: DNS query: mail.alitextile.com
                    Source: PO_27052024.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                    Source: PO_27052024.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                    Source: PO_27052024.exeString found in binary or memory: http://feeds.soundcloud.com/users/soundcloud:users:38128127/sounds.rss
                    Source: PO_27052024.exe, 00000000.00000002.1230653583.000000000390E000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3666284064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.000000000318A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                    Source: PO_27052024.exe, 00000004.00000002.3686376787.00000000034DF000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.0000000003520000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.alitextile.com
                    Source: PO_27052024.exeString found in binary or memory: http://ocsp.comodoca.com0
                    Source: PO_27052024.exe, 00000004.00000002.3697573375.0000000009E16000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3672764286.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3672018222.0000000001246000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.000000000319D000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3696729505.0000000009D48000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.000000000322F000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.0000000003520000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
                    Source: PO_27052024.exe, 00000004.00000002.3697573375.0000000009E16000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3672764286.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3672018222.0000000001246000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.000000000319D000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3696729505.0000000009D48000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.000000000322F000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.0000000003520000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
                    Source: PO_27052024.exe, 00000004.00000002.3686376787.000000000314B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: PO_27052024.exe, 00000004.00000002.3697573375.0000000009E16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.o?
                    Source: PO_27052024.exe, 00000004.00000002.3697573375.0000000009E16000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3672764286.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3672018222.0000000001246000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3692063718.0000000006B1D000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3697154303.0000000009DA1000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.0000000003520000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033F2000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3692189808.0000000006B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: PO_27052024.exe, 00000004.00000002.3697573375.0000000009E16000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3672764286.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3672018222.0000000001246000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3692063718.0000000006B1D000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3697154303.0000000009DA1000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.0000000003520000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033F2000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3692189808.0000000006B57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: PO_27052024.exe, 00000000.00000002.1230653583.000000000390E000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3666284064.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: PO_27052024.exe, 00000000.00000002.1230653583.000000000390E000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3666284064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.000000000314B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: PO_27052024.exeString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.7:49703 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.PO_27052024.exe.3949a00.6.raw.unpack, 3DlgK9re6m.cs.Net Code: TDa
                    Source: 0.2.PO_27052024.exe.390e5e0.5.raw.unpack, 3DlgK9re6m.cs.Net Code: TDa
                    Installs a global keyboard hook
                    Source: C:\Users\user\Desktop\PO_27052024.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\PO_27052024.exeJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 4.2.PO_27052024.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.PO_27052024.exe.3949a00.6.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.PO_27052024.exe.390e5e0.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.PO_27052024.exe.390e5e0.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.PO_27052024.exe.3949a00.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    .NET source code contains very large array initializations
                    Source: 0.2.PO_27052024.exe.82d0000.10.raw.unpack, .csLarge array initialization: : array initializer size 27103
                    Source: 0.2.PO_27052024.exe.27548cc.4.raw.unpack, .csLarge array initialization: : array initializer size 27103
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: PO_27052024.exe
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_04B7D5BC0_2_04B7D5BC
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_068F02D80_2_068F02D8
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_068FAA800_2_068FAA80
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_068FAA900_2_068FAA90
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_069F3CA00_2_069F3CA0
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_069F40D80_2_069F40D8
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_069F40C90_2_069F40C9
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_069F21C00_2_069F21C0
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_069F25E80_2_069F25E8
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_069F95E00_2_069F95E0
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_069F45100_2_069F4510
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_069F45010_2_069F4501
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_014A41F04_2_014A41F0
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_014AB8854_2_014AB885
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_014A4AC04_2_014A4AC0
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_014A3EA84_2_014A3EA8
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_06F466F84_2_06F466F8
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_06F4D69C4_2_06F4D69C
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_06F47E804_2_06F47E80
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_06F452A04_2_06F452A0
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_06F459EF4_2_06F459EF
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_06F4B9874_2_06F4B987
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_06F431684_2_06F43168
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_06F477A04_2_06F477A0
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_06F4EBE24_2_06F4EBE2
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_06F4EBE84_2_06F4EBE8
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_06F423484_2_06F42348
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_06F4F8D64_2_06F4F8D6
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_06F400404_2_06F40040
                    Source: PO_27052024.exeStatic PE information: invalid certificate
                    Source: PO_27052024.exe, 00000000.00000002.1228902157.0000000002785000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs PO_27052024.exe
                    Source: PO_27052024.exe, 00000000.00000002.1227858084.000000000091E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO_27052024.exe
                    Source: PO_27052024.exe, 00000000.00000002.1230653583.000000000390E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7f4f14b4-d46b-42ba-b19b-0932f3eca6e2.exe4 vs PO_27052024.exe
                    Source: PO_27052024.exe, 00000000.00000002.1230653583.000000000390E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PO_27052024.exe
                    Source: PO_27052024.exe, 00000000.00000002.1228902157.0000000002731000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs PO_27052024.exe
                    Source: PO_27052024.exe, 00000000.00000002.1228902157.000000000277E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7f4f14b4-d46b-42ba-b19b-0932f3eca6e2.exe4 vs PO_27052024.exe
                    Source: PO_27052024.exe, 00000000.00000002.1233511401.00000000082D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs PO_27052024.exe
                    Source: PO_27052024.exe, 00000000.00000002.1232714365.0000000006960000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PO_27052024.exe
                    Source: PO_27052024.exe, 00000004.00000002.3666284064.000000000043E000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilename7f4f14b4-d46b-42ba-b19b-0932f3eca6e2.exe4 vs PO_27052024.exe
                    Source: PO_27052024.exe, 00000004.00000002.3667608248.00000000010F9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs PO_27052024.exe
                    Source: PO_27052024.exeBinary or memory string: OriginalFilenamebYCc.exe" vs PO_27052024.exe
                    Source: PO_27052024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 4.2.PO_27052024.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.PO_27052024.exe.3949a00.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.PO_27052024.exe.390e5e0.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.PO_27052024.exe.390e5e0.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.PO_27052024.exe.3949a00.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: PO_27052024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.PO_27052024.exe.3949a00.6.raw.unpack, slKb.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PO_27052024.exe.3949a00.6.raw.unpack, mAKJ.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PO_27052024.exe.3949a00.6.raw.unpack, xQRSe0Fg.csCryptographic APIs: 'CreateDecryptor', 'TransformBlock'
                    Source: 0.2.PO_27052024.exe.3949a00.6.raw.unpack, n3rhMa.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.PO_27052024.exe.3949a00.6.raw.unpack, MQzE4FWn.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PO_27052024.exe.3949a00.6.raw.unpack, nSmgRyX5a1.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PO_27052024.exe.3949a00.6.raw.unpack, 6IMLmJtk.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PO_27052024.exe.3949a00.6.raw.unpack, 6IMLmJtk.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 0.2.PO_27052024.exe.3949a00.6.raw.unpack, 3HroK7qN.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PO_27052024.exe.3949a00.6.raw.unpack, 3HroK7qN.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, VoLqNbH7NBw8DyPF6f.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, VoLqNbH7NBw8DyPF6f.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, VoLqNbH7NBw8DyPF6f.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, xthsvSKDBwCmlwX3sW.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/1@3/3
                    Source: C:\Users\user\Desktop\PO_27052024.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO_27052024.exe.logJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeMutant created: NULL
                    Source: PO_27052024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: PO_27052024.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: PO_27052024.exeReversingLabs: Detection: 39%
                    Source: PO_27052024.exeVirustotal: Detection: 57%
                    Source: C:\Users\user\Desktop\PO_27052024.exeFile read: C:\Users\user\Desktop\PO_27052024.exe:Zone.IdentifierJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\PO_27052024.exe "C:\Users\user\Desktop\PO_27052024.exe"
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess created: C:\Users\user\Desktop\PO_27052024.exe "C:\Users\user\Desktop\PO_27052024.exe"
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess created: C:\Users\user\Desktop\PO_27052024.exe "C:\Users\user\Desktop\PO_27052024.exe"
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess created: C:\Users\user\Desktop\PO_27052024.exe "C:\Users\user\Desktop\PO_27052024.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess created: C:\Users\user\Desktop\PO_27052024.exe "C:\Users\user\Desktop\PO_27052024.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\PO_27052024.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: PO_27052024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: PO_27052024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: PO_27052024.exe, Form1.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                    Source: PO_27052024.exe, Form1.cs.Net Code: InitializeComponent contains xor as well as GetObject
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, VoLqNbH7NBw8DyPF6f.cs.Net Code: vHMcYp56Ig System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.PO_27052024.exe.82d0000.10.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.PO_27052024.exe.27548cc.4.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_04B7F110 pushad ; iretd 0_2_04B7F111
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_04B7F2F0 push esi; ret 0_2_04B7F2FA
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_04B7F2FB push edi; ret 0_2_04B7F30A
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_04B7F268 push ebx; ret 0_2_04B7F282
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_04B7F268 push esi; ret 0_2_04B7F2FA
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_04B7F30B push esp; ret 0_2_04B7F31A
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_068F0B01 push es; ret 0_2_068F0B10
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_068FF9D0 push eax; ret 0_2_068FFA2F
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_069F1EA3 pushad ; iretd 0_2_069F1EA4
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_069F1BE9 pushad ; iretd 0_2_069F1BEA
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 0_2_08082199 push eax; ret 0_2_080821A6
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_014AABA0 push esp; retf 4_2_014AAEE1
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_014A0C45 push ebx; retf 4_2_014A0C52
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_014A0C6D push edi; retf 4_2_014A0C7A
                    Source: PO_27052024.exeStatic PE information: section name: .text entropy: 7.968838201538731
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, GciElOgIAP9EdODLDH.csHigh entropy of concatenated method names: 'k6ItZ2hPW1', 'h0ttiwlENx', 'dNWtYQ21us', 'tjTtOwUkEf', 'KGmtLBkLYR', 'wxUtQRZqru', 'xKYtmSvG9G', 'U8CtdVLXqL', 'SdwtvcJh91', 'OdRtWIfvx1'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, QTm80DmE6Y15lg0D64q.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Uwae45wtFK', 'gqxeAq7cLO', 'OpleIVCe29', 'yYrexi9Vsn', 'QLqeSSOHX3', 'RbPeaPsKGD', 'z5xe55db13'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, YbCXITmol7Vq2TKq4r0.csHigh entropy of concatenated method names: 'Vm7hZ7l0Ia', 'FuvhiI78ee', 'AbEhYCbnZD', 'yUchODHywZ', 'hPChLP9Cr8', 'nWLhQaT3iW', 'bIUhm4EGPK', 'biyhdC2l84', 'Otkhvaex2C', 'hCQhWhKxyL'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, VoLqNbH7NBw8DyPF6f.csHigh entropy of concatenated method names: 'SZsrjkiaeo', 'lsHrEdFPEP', 'xg9rJUQese', 'n0Frgjx33c', 'xemrUggZ7h', 'EpArCWusUE', 'ArMrt00MOe', 'vNSrouH6Z6', 'xm3rRniXix', 'lR5rfh4Gc0'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, SGt4TNBQkPSXpMeN98.csHigh entropy of concatenated method names: 'GtMgOrWQsG', 'ft4gQ5YvlX', 'E5FgdCRHot', 'fw0gvOA4J8', 'X7SgqAJCn0', 'npVguc06cl', 'QbxgPkXsGw', 'ltQgyxcQyh', 'yqnghfYLj0', 'itege8NsXF'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, mybZBvs7EgbSXen7rX.csHigh entropy of concatenated method names: 'vwvPDoNMor', 'ijlP60UDPF', 'OPFyGmjZ3N', 'yFMyBPthbT', 'PspPnmJpq9', 'RgfPNLIV9s', 'lucPln07d0', 'k8pP4LaQmF', 'ahlPAtp03C', 'e0LPIJbZie'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, xthsvSKDBwCmlwX3sW.csHigh entropy of concatenated method names: 'eRJJ4uNjfJ', 'bCrJAe4I8Z', 'Cq9JIHWOyl', 'Hr7Jx5ExCa', 'aAnJSoVs3I', 'gtCJaLUi8R', 'xg1J5Ujrf5', 'BD4JDVVnyu', 'wVOJ9qsJQO', 'wKiJ6f6hPp'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, aPwWSDpaUA1QGKjjwR.csHigh entropy of concatenated method names: 'Dispose', 'QJ4B9sOS55', 'iH8VpRh2jp', 'Cd9KK3T0ap', 'i2hB6I1ZBa', 'VDUBz2rvJs', 'ProcessDialogKey', 'TXkVGGAZPc', 'WjDVBvHMLH', 'HQ2VVFv15u'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, njuXoX67fBSvw2wMrK.csHigh entropy of concatenated method names: 'FI5ULicVuw', 'ccoUmmHIXV', 'uVvgHPbI4P', 'bWIgkT9I7L', 'pAwgFgMOI4', 'AZMgs1V9tO', 'UVQg2NgWha', 'FCKg8wKrrN', 'wEVg3pFo06', 'ih8gbhirgc'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, aq4nKti5eNfmk0DeOS.csHigh entropy of concatenated method names: 'VTACjN1pdr', 'yEUCJ2UwQh', 'cQeCU1qhPm', 'w3GCtUVVBo', 'zPlComV8Lu', 'TcSUS1w3v4', 'y2BUaiWtCZ', 'gpJU56Wkhb', 'W9HUDTkNQJ', 'gsgU9o0KB5'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, zwiYDcWuwxgFBsJPy3.csHigh entropy of concatenated method names: 'knXBtcqiQt', 'IefBoaitMY', 'jOTBfZEivv', 'zgdBTCUKeg', 'IRqBquEFoi', 'goaBuR7rvr', 'Jm9TSOkT7fFgNIOq2v', 'deJiPUnCRBgym8Hwvw', 'cPvBBok55T', 'clRBrg9qBR'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, MkEOtB9gGpjMMw3c36.csHigh entropy of concatenated method names: 'eEqYtYQAE', 'SFUO0Wy3j', 'dcZQLSZ8p', 'EfXmEuWjF', 'zl1vb3XcW', 'JBJWjdtbd', 'JQ0PyEBMtCfaNNy27a', 'C8iCJ35L5W0LsGOUjq', 'THgyUrBaa', 'J6AeB7XCV'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, JV3k57zF8oQHbXICMF.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BffhwibwkH', 'oBuhqFqHym', 'ynPhu6k5Ny', 'Iy2hP0raGn', 'txrhyGJgAQ', 'x4rhh39FQd', 'CA3hecdpqE'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, QoN9My8WQTEuxu9ZKJ.csHigh entropy of concatenated method names: 'ToString', 'rHsunI0yyV', 'viYuptJw1R', 'gEduHGusNp', 'P1fukHdni5', 'hHTuFesXZ9', 'cpHusbk7ft', 'jS0u2ThKPU', 'nUbu8k2PE9', 'REpu3jT7Bl'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, cAjlohqWXtUJ8iL54q.csHigh entropy of concatenated method names: 'bI1yE9p7Nn', 'QkKyJl2Oqd', 'hdhygofteJ', 'VMFyU8CDSM', 'XUWyCiJy19', 'pMaytPNqfB', 'N4Lyof4P2s', 'nXByRPwYKl', 'ICVyfKsoY4', 'bLoyTrAshO'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, ftFTQpjBy6MOLTpmFQ.csHigh entropy of concatenated method names: 'PcrqbajboY', 'smvqNUbdFw', 'pn3q4gX1xE', 'YiiqAY1WKm', 'Ex3qp4AExh', 'O15qHkPPVe', 'toAqkYsfyf', 'qBhqFnLIua', 'JJjqsYn5oG', 'm7Zq22b3cD'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, JYpWdCP46XBbxe9e7M.csHigh entropy of concatenated method names: 'GMZtE0bTRP', 'aDstgHUNCD', 'TBbtCZJgP9', 'ryxC649xSZ', 'aM9Cz0tG6A', 'eBGtG6rNiO', 'DxwtBOY2XM', 'Q1WtVUNPAT', 'POotrObywd', 'hZntcZaQAS'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, YNWEeTu2SO8XyCB4hS.csHigh entropy of concatenated method names: 'vdnhBZAfbG', 'SSdhrEqSDV', 'G18hc5A0og', 'CuLhEXdvRV', 'QqqhJaREfY', 'COohUgyfnG', 'bEihCOM5jY', 'lNqy50cKhI', 'DNByDyLsC2', 'kVBy9YmboO'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, gYrtxtYp5pmyJyb4Su.csHigh entropy of concatenated method names: 'y3iwd4Rs2s', 'm8XwvVCunl', 'af6w78EFxM', 'aPEwpjYgcZ', 'rGqwkJtq8g', 'sHNwFo3X6y', 'EdIw2v6woE', 'PYvw8aRmFA', 'pErwbmlt2h', 'lFIwnniWNv'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, zMuaUfCE70WhkmayNJ.csHigh entropy of concatenated method names: 'z4jy7f6VVo', 'cbkypFFu5P', 'ICbyHDEZ9L', 'wCYykJH6HJ', 'oJ5y4B9oOX', 'yEsyFmjD5P', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, BDlcfTMEkDcKRbkfWp.csHigh entropy of concatenated method names: 'VLEu4AJRhns3UV6YYZT', 'mxHoiaJbenJpGvomv4f', 'qqTCyGwZ0p', 'JBECh4jKIr', 'tHxCeXWmOL', 'buwq65JUg5ucgnXlve0', 'tyuP19JcBrBfhmgjPU1'
                    Source: 0.2.PO_27052024.exe.6960000.9.raw.unpack, zVxJRM2YpVt3GNQR4g.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'i9oV99AdB4', 'cDkV65WOEU', 'TwLVzhrRbG', 'lXCrGA50sO', 'Ax7rBm53uB', 'VSlrV4hvvv', 'sNorrNYZiG', 'hHm6Na2oCLQMy2POtri'
                    Source: C:\Users\user\Desktop\PO_27052024.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: PO_27052024.exe PID: 2724, type: MEMORYSTR
                    Check if machine is in data center or colocation facility
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: PO_27052024.exe, 00000000.00000002.1230653583.000000000390E000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.000000000319D000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3666284064.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\PO_27052024.exeMemory allocated: D70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeMemory allocated: 2730000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeMemory allocated: 2540000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeMemory allocated: 8300000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeMemory allocated: 9300000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeMemory allocated: 94F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeMemory allocated: A4F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeMemory allocated: 1460000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeMemory allocated: 3140000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeMemory allocated: 16D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 599891Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 599547Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 599438Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 599313Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 599188Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 599063Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 598953Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 598806Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 598644Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 598531Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 598421Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 598313Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 595656Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 595547Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 595423Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 595297Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 595188Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 595063Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 594938Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 594828Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 594719Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 594594Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 594485Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 594360Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 594235Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 594110Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 593985Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 593860Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeWindow / User API: threadDelayed 3338Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeWindow / User API: threadDelayed 6464Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 2516Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -32281802128991695s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -599891s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -599766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -599656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -599547s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -599438s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -599313s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -599188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -599063s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -598953s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -598806s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -598644s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -598531s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -598421s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -598313s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -99875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -99765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -99656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -99546s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -99437s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -99327s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -99204s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -99078s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -98968s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -98859s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -98749s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -98640s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -98521s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -98406s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -98275s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -98165s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -98049s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -97701s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -97593s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -97482s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -595656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -595547s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -595423s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -595297s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -595188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -595063s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -594938s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -594828s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -594719s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -594594s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -594485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -594360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -594235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -594110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -593985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exe TID: 5452Thread sleep time: -593860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 599891Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 599547Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 599438Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 599313Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 599188Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 599063Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 598953Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 598806Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 598644Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 598531Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 598421Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 598313Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 99875Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 99765Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 99656Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 99546Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 99437Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 99327Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 99204Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 99078Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 98968Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 98859Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 98749Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 98640Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 98521Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 98406Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 98275Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 98165Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 98049Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 97701Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 97593Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 97482Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 595656Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 595547Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 595423Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 595297Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 595188Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 595063Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 594938Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 594828Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 594719Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 594594Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 594485Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 594360Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 594235Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 594110Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 593985Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeThread delayed: delay time: 593860Jump to behavior
                    Source: PO_27052024.exe, 00000004.00000002.3686376787.000000000319D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                    Source: PO_27052024.exe, 00000004.00000002.3666284064.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: vmware
                    Source: PO_27052024.exe, 00000004.00000002.3666284064.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: VMwareVBoxESelect * from Win32_ComputerSystem
                    Source: PO_27052024.exe, 00000004.00000002.3672764286.00000000012C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                    Source: C:\Users\user\Desktop\PO_27052024.exeCode function: 4_2_014A7ED0 CheckRemoteDebuggerPresent,4_2_014A7ED0
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\PO_27052024.exeMemory written: C:\Users\user\Desktop\PO_27052024.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess created: C:\Users\user\Desktop\PO_27052024.exe "C:\Users\user\Desktop\PO_27052024.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeProcess created: C:\Users\user\Desktop\PO_27052024.exe "C:\Users\user\Desktop\PO_27052024.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeQueries volume information: C:\Users\user\Desktop\PO_27052024.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeQueries volume information: C:\Users\user\Desktop\PO_27052024.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 4.2.PO_27052024.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_27052024.exe.3949a00.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_27052024.exe.390e5e0.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_27052024.exe.390e5e0.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_27052024.exe.3949a00.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.3666284064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1230653583.000000000390E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PO_27052024.exe PID: 2724, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: PO_27052024.exe PID: 5956, type: MEMORYSTR
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\PO_27052024.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\PO_27052024.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\PO_27052024.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: Yara matchFile source: 4.2.PO_27052024.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_27052024.exe.3949a00.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_27052024.exe.390e5e0.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_27052024.exe.390e5e0.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_27052024.exe.3949a00.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.3686376787.000000000319D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.3666284064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1230653583.000000000390E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PO_27052024.exe PID: 2724, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: PO_27052024.exe PID: 5956, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 4.2.PO_27052024.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_27052024.exe.3949a00.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_27052024.exe.390e5e0.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_27052024.exe.390e5e0.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_27052024.exe.3949a00.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.3666284064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1230653583.000000000390E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PO_27052024.exe PID: 2724, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: PO_27052024.exe PID: 5956, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts231
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts111
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		21
                    Input Capture                    		34
                    System Information Discovery                    		Remote Desktop Protocol1
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
                    Obfuscated Files or Information                    		Security Account Manager1
                    Query Registry                    		SMB/Windows Admin Shares1
                    Email Collection                    		2
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                    Software Packing                    		NTDS531
                    Security Software Discovery                    		Distributed Component Object Model21
                    Input Capture                    		13
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets1
                    Process Discovery                    		SSH1
                    Clipboard Data                    		Fallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials261
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items261
                    Virtualization/Sandbox Evasion                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                    Process Injection                    		Proc Filesystem1
                    System Network Configuration Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447834 Sample: PO_27052024.exe Startdate: 27/05/2024 Architecture: WINDOWS Score: 100 18 mail.alitextile.com 2->18 20 ip-api.com 2->20 22 api.ipify.org 2->22 30 Found malware configuration 2->30 32 Malicious sample detected (through community Yara rule) 2->32 34 Multi AV Scanner detection for submitted file 2->34 36 10 other signatures 2->36 7 PO_27052024.exe 3 2->7         started        signatures3 process4 signatures5 38 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 7->38 40 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 7->40 42 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->42 44 2 other signatures 7->44 10 PO_27052024.exe 15 2 7->10         started        14 PO_27052024.exe 7->14         started        16 SgrmBroker.exe 1 7->16         started        process6 dnsIp7 24 mail.alitextile.com 192.185.143.105, 49707, 49716, 49717 UNIFIEDLAYER-AS-1US United States 10->24 26 ip-api.com 208.95.112.1, 49705, 80 TUT-ASUS United States 10->26 28 api.ipify.org 104.26.13.205, 443, 49703 CLOUDFLARENETUS United States 10->28 46 Tries to steal Mail credentials (via file / registry access) 10->46 48 Tries to harvest and steal browser information (history, passwords, etc) 10->48 50 Installs a global keyboard hook 10->50 signatures8

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    PO_27052024.exe39%ReversingLabsByteCode-MSIL.Trojan.Barys
                    PO_27052024.exe57%VirustotalBrowse
                    PO_27052024.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    api.ipify.org1%VirustotalBrowse
                    ip-api.com0%VirustotalBrowse
                    mail.alitextile.com0%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    https://api.ipify.org/0%URL Reputationsafe
                    https://api.ipify.org0%URL Reputationsafe
                    https://account.dyn.com/0%URL Reputationsafe
                    http://x1.c.lencr.org/00%URL Reputationsafe
                    http://x1.i.lencr.org/00%URL Reputationsafe
                    http://r3.o.lencr.org00%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
                    http://ip-api.com/line/?fields=hosting0%URL Reputationsafe
                    http://r3.i.lencr.org/00%URL Reputationsafe
                    http://feeds.soundcloud.com/users/soundcloud:users:38128127/sounds.rss0%VirustotalBrowse
                    http://x1.c.lencr.o?0%VirustotalBrowse
                    http://feeds.soundcloud.com/users/soundcloud:users:38128127/sounds.rss0%Avira URL Cloudsafe
                    http://x1.c.lencr.o?0%Avira URL Cloudsafe
                    http://mail.alitextile.com0%Avira URL Cloudsafe
                    http://mail.alitextile.com0%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ipify.org
                    		104.26.13.205
                    		truefalseunknown
                    ip-api.com
                    		208.95.112.1
                    		truetrueunknown
                    mail.alitextile.com
                    		192.185.143.105
                    		truetrueunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://api.ipify.org/false
                    • URL Reputation: safe
                    		unknown
                    http://ip-api.com/line/?fields=hostingfalse
                    • URL Reputation: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://api.ipify.orgPO_27052024.exe, 00000000.00000002.1230653583.000000000390E000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3666284064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.000000000314B000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://account.dyn.com/PO_27052024.exe, 00000000.00000002.1230653583.000000000390E000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3666284064.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://x1.c.lencr.org/0PO_27052024.exe, 00000004.00000002.3697573375.0000000009E16000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3672764286.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3672018222.0000000001246000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3692063718.0000000006B1D000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3697154303.0000000009DA1000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.0000000003520000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033F2000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3692189808.0000000006B57000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://x1.i.lencr.org/0PO_27052024.exe, 00000004.00000002.3697573375.0000000009E16000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3672764286.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3672018222.0000000001246000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3692063718.0000000006B1D000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3697154303.0000000009DA1000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.0000000003520000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033F2000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3692189808.0000000006B57000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://mail.alitextile.comPO_27052024.exe, 00000004.00000002.3686376787.00000000034DF000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.0000000003520000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033F2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://r3.o.lencr.org0PO_27052024.exe, 00000004.00000002.3697573375.0000000009E16000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3672764286.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3672018222.0000000001246000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.000000000319D000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3696729505.0000000009D48000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.000000000322F000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.0000000003520000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033F2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://feeds.soundcloud.com/users/soundcloud:users:38128127/sounds.rssPO_27052024.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePO_27052024.exe, 00000004.00000002.3686376787.000000000314B000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/0PO_27052024.exefalse
                    • URL Reputation: safe
                    		unknown
                    http://x1.c.lencr.o?PO_27052024.exe, 00000004.00000002.3697573375.0000000009E16000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://r3.i.lencr.org/0PO_27052024.exe, 00000004.00000002.3697573375.0000000009E16000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3672764286.00000000012C5000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3672018222.0000000001246000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.000000000319D000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3696729505.0000000009D48000.00000004.00000020.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033C1000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.000000000322F000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.0000000003520000.00000004.00000800.00020000.00000000.sdmp, PO_27052024.exe, 00000004.00000002.3686376787.00000000033F2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    208.95.112.1
                    		ip-api.comUnited States
                    		53334TUT-ASUStrue
                    192.185.143.105
                    		mail.alitextile.comUnited States
                    		46606UNIFIEDLAYER-AS-1UStrue
                    104.26.13.205
                    		api.ipify.orgUnited States
                    		13335CLOUDFLARENETUSfalse

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1447834
                    Start date and time:2024-05-27 09:00:10 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 9m 7s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:20
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:PO_27052024.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@6/1@3/3
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 98%
                    • Number of executed functions: 111
                    • Number of non-executed functions: 12
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    03:01:00API Interceptor8600078x Sleep call for process: PO_27052024.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    208.95.112.1Reiven RFQ-27-05-2024.exeGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    ev1NIvTd6f.exeGet hashmaliciousUnknownBrowse
                    • /json/
                    https://mega.nz/file/wncXiYhZ#ABJEpmoiGH0hIeVVKQy7V_ALtGclDnJ4rFrDjwZ8kDEGet hashmaliciousDCRatBrowse
                    • ip-api.com/line/?fields=hosting
                    uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                    • ip-api.com/line/?fields=hosting
                    uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                    • ip-api.com/line/?fields=hosting
                    SecuriteInfo.com.FileRepMalware.1834.13764.exeGet hashmaliciousDiscord Token Stealer, XWormBrowse
                    • ip-api.com/line/?fields=hosting
                    NFs_468.msiGet hashmaliciousVMdetectBrowse
                    • ip-api.com/json/
                    z23mypdfscanner-invoice3535.batGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    2aFb7hE00o.exeGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    documentos.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    192.185.143.105PO_23052024.exeGet hashmaliciousAgentTeslaBrowse
                      PO_21052024.exeGet hashmaliciousAgentTeslaBrowse
                        PO_#20241705.exeGet hashmaliciousAgentTeslaBrowse
                          PO_20240516.exeGet hashmaliciousAgentTeslaBrowse
                            PO_202405014.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                              Purchase Order_#400086587.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                Purchase Order_#400388875.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                  cir0tBXcdO.exeGet hashmaliciousAgentTeslaBrowse
                                    104.26.13.205ReturnLegend.exeGet hashmaliciousStealitBrowse
                                    • api.ipify.org/?format=json
                                    SecuriteInfo.com.Trojan.DownLoaderNET.960.9931.28151.exeGet hashmaliciousPureLog Stealer, Targeted RansomwareBrowse
                                    • api.ipify.org/
                                    Sky-Beta-Setup.exeGet hashmaliciousStealitBrowse
                                    • api.ipify.org/?format=json
                                    ArenaWarSetup.exeGet hashmaliciousStealitBrowse
                                    • api.ipify.org/?format=json
                                    Sky-Beta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                    • api.ipify.org/?format=json
                                    E4sbo4F6Sz.exeGet hashmaliciousUnknownBrowse
                                    • api.ipify.org/
                                    E4sbo4F6Sz.exeGet hashmaliciousUnknownBrowse
                                    • api.ipify.org/
                                    SecuriteInfo.com.Win64.RATX-gen.31127.4101.exeGet hashmaliciousPureLog Stealer, Targeted RansomwareBrowse
                                    • api.ipify.org/

                                    Domains

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    ip-api.comReiven RFQ-27-05-2024.exeGet hashmaliciousAgentTeslaBrowse
                                    • 208.95.112.1
                                    ev1NIvTd6f.exeGet hashmaliciousUnknownBrowse
                                    • 208.95.112.1
                                    https://mega.nz/file/wncXiYhZ#ABJEpmoiGH0hIeVVKQy7V_ALtGclDnJ4rFrDjwZ8kDEGet hashmaliciousDCRatBrowse
                                    • 208.95.112.1
                                    uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                                    • 208.95.112.1
                                    uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                                    • 208.95.112.1
                                    SecuriteInfo.com.FileRepMalware.1834.13764.exeGet hashmaliciousDiscord Token Stealer, XWormBrowse
                                    • 208.95.112.1
                                    NFs_468.msiGet hashmaliciousVMdetectBrowse
                                    • 208.95.112.1
                                    z23mypdfscanner-invoice3535.batGet hashmaliciousAgentTeslaBrowse
                                    • 208.95.112.1
                                    2aFb7hE00o.exeGet hashmaliciousAgentTeslaBrowse
                                    • 208.95.112.1
                                    documentos.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                    • 208.95.112.1
                                    api.ipify.orgRemittance#26856.htmlGet hashmaliciousHTMLPhisherBrowse
                                    • 104.26.13.205
                                    https://interface01.nsxtlmv.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                    • 104.26.13.205
                                    http://christiantensen478345.pages.dev/help/contact/45367900411236/Get hashmaliciousUnknownBrowse
                                    • 172.67.74.152
                                    https://louiss-comxinh.pages.dev/help/contact/388061959224233Get hashmaliciousUnknownBrowse
                                    • 172.67.74.152
                                    http://worker-office-onedrive.td5xtn-b1lv7f1ymscd0.workers.dev/favicon.icoGet hashmaliciousHTMLPhisherBrowse
                                    • 172.67.74.152
                                    z23mypdfscanner-invoice3535.batGet hashmaliciousAgentTeslaBrowse
                                    • 104.26.12.205
                                    SOA APR 24.exeGet hashmaliciousAgentTeslaBrowse
                                    • 104.26.13.205
                                    REF0000QWERT544FILE.vbeGet hashmaliciousAgentTeslaBrowse
                                    • 104.26.12.205
                                    Eaqiwpu.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                    • 104.26.13.205
                                    hesaphareketi-01.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                    • 104.26.13.205
                                    mail.alitextile.comPO_23052024.exeGet hashmaliciousAgentTeslaBrowse
                                    • 192.185.143.105
                                    PO_21052024.exeGet hashmaliciousAgentTeslaBrowse
                                    • 192.185.143.105
                                    PO_#20241705.exeGet hashmaliciousAgentTeslaBrowse
                                    • 192.185.143.105
                                    PO_20240516.exeGet hashmaliciousAgentTeslaBrowse
                                    • 192.185.143.105
                                    PO_202405014.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                    • 192.185.143.105
                                    Purchase Order_#400086587.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                    • 192.185.143.105
                                    Purchase Order_#400388875.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                    • 192.185.143.105
                                    cir0tBXcdO.exeGet hashmaliciousAgentTeslaBrowse
                                    • 192.185.143.105

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    UNIFIEDLAYER-AS-1UShttp://mzm.bgd.mybluehost.me/wp-content/thnewest/Recibir_paquete.phpGet hashmaliciousUnknownBrowse
                                    • 162.241.225.111
                                    V4zFzdCyty.elfGet hashmaliciousMirai, MoobotBrowse
                                    • 66.116.195.138
                                    http://www.mecanigo.com.br/LBP/mopolude-de/Get hashmaliciousUnknownBrowse
                                    • 162.240.81.59
                                    https://iratifibra.com.br/wp-includes/css/pyrgj/incqbifgGet hashmaliciousHTMLPhisherBrowse
                                    • 108.179.252.19
                                    https://uch.mrn.mybluehost.me/MS/DHLM/Get hashmaliciousHTMLPhisherBrowse
                                    • 50.87.170.127
                                    file.exeGet hashmaliciousSystemBCBrowse
                                    • 192.185.116.205
                                    file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                    • 192.185.16.114
                                    https://24hours-left.com/Get hashmaliciousUnknownBrowse
                                    • 162.240.159.179
                                    XVM5nluelx.exeGet hashmaliciousBabuk, Djvu, SmokeLoaderBrowse
                                    • 192.185.16.114
                                    file.exeGet hashmaliciousBabuk, Djvu, SmokeLoaderBrowse
                                    • 192.185.16.114
                                    CLOUDFLARENETUS#U0426#U0438#U0442#U0430#U0442#U0430.exeGet hashmaliciousFormBookBrowse
                                    • 172.64.41.3
                                    TEILll7BsZ.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                    • 188.114.96.3
                                    https://verify-signinoutlexchangeadmin.com/MBill@microsoft.comGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                    • 104.17.2.184
                                    Pd3mM82Bs6.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                    • 188.114.97.3
                                    https://paypalgiftcardgenerator.pages.dev/Get hashmaliciousUnknownBrowse
                                    • 104.16.242.248
                                    https://brownpluss.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                    • 104.17.2.184
                                    setup_CodecInstaller_full.exeGet hashmaliciousEICARBrowse
                                    • 172.67.130.88
                                    MV XH DOLPHINPDF.exeGet hashmaliciousLokibotBrowse
                                    • 104.21.85.101
                                    WQs56g5xeC.exeGet hashmaliciousDCRatBrowse
                                    • 172.67.25.118
                                    xA4LQYIndy.exeGet hashmaliciousDCRatBrowse
                                    • 172.67.19.24
                                    TUT-ASUSReiven RFQ-27-05-2024.exeGet hashmaliciousAgentTeslaBrowse
                                    • 208.95.112.1
                                    ev1NIvTd6f.exeGet hashmaliciousUnknownBrowse
                                    • 208.95.112.1
                                    https://mega.nz/file/wncXiYhZ#ABJEpmoiGH0hIeVVKQy7V_ALtGclDnJ4rFrDjwZ8kDEGet hashmaliciousDCRatBrowse
                                    • 208.95.112.1
                                    uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                                    • 208.95.112.1
                                    uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                                    • 208.95.112.1
                                    SecuriteInfo.com.FileRepMalware.1834.13764.exeGet hashmaliciousDiscord Token Stealer, XWormBrowse
                                    • 208.95.112.1
                                    NFs_468.msiGet hashmaliciousVMdetectBrowse
                                    • 208.95.112.1
                                    z23mypdfscanner-invoice3535.batGet hashmaliciousAgentTeslaBrowse
                                    • 208.95.112.1
                                    2aFb7hE00o.exeGet hashmaliciousAgentTeslaBrowse
                                    • 208.95.112.1
                                    documentos.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                    • 208.95.112.1

                                    JA3 Fingerprints

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    3b5074b1b5d032e5620f69f9f700ff0e01vwXiyQ8K.exeGet hashmaliciousQuasarBrowse
                                    • 104.26.13.205
                                    xA4LQYIndy.exeGet hashmaliciousDCRatBrowse
                                    • 104.26.13.205
                                    https://kruekanlogin.gitbook.io/Get hashmaliciousUnknownBrowse
                                    • 104.26.13.205
                                    https://fbreview-requestnow.github.io/ajazGet hashmaliciousUnknownBrowse
                                    • 104.26.13.205
                                    https://mega.nz/file/wncXiYhZ#ABJEpmoiGH0hIeVVKQy7V_ALtGclDnJ4rFrDjwZ8kDEGet hashmaliciousDCRatBrowse
                                    • 104.26.13.205
                                    wtrD6RiHlm.exeGet hashmaliciousRedLineBrowse
                                    • 104.26.13.205
                                    https://newsklikdisini5bekbg0.3bsz4.xyz/Get hashmaliciousUnknownBrowse
                                    • 104.26.13.205
                                    http://worker-quiet-cherry-3fda.cbb2856.workers.dev/favicon.icoGet hashmaliciousHTMLPhisherBrowse
                                    • 104.26.13.205
                                    https://v2-ci8.pages.dev/appeal_case_ID/Get hashmaliciousUnknownBrowse
                                    • 104.26.13.205
                                    https://piscinaveronza.com/app/online/Get hashmaliciousUnknownBrowse
                                    • 104.26.13.205

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO_27052024.exe.log

                                    Download File
                                    Process:C:\Users\user\Desktop\PO_27052024.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):1216
                                    Entropy (8bit):5.34331486778365
                                    Encrypted:false
                                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                    MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                    SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                    SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                    SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                    Malicious:false
                                    Reputation:high, very likely benign file
                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Entropy (8bit):7.9615234029225865
                                    TrID:
                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                                    • Win32 Executable (generic) a (10002005/4) 49.93%
                                    • Windows Screen Saver (13104/52) 0.07%
                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                    • DOS Executable Generic (2002/1) 0.01%
                                    File name:PO_27052024.exe
                                    File size:676'360 bytes
                                    MD5:4199d8995c4b86f6053c43cb70a87aa9
                                    SHA1:ae7d740bc01ae87d643f98264efa3b995365a66f
                                    SHA256:74a7dd343c4fac52d9d695d8d189a1bf3d5e5578622099bdf731544df385b75d
                                    SHA512:e78a6a99ae8157f295a8c0cac9a0d72da5de4f4aa9e2fbaa131996e76eeb2906593d0e2bb6e82b8b733fd080cad5af1da5cea9b60be372942ac13122d6f5bbce
                                    SSDEEP:12288:iuxrYCFd6xhOIHq2tGUoa/Vyljum2dQbimFl8+IjkpqyhscnFQXkR:181xh7HqmGUosV2qQbim34EhRFQC
                                    TLSH:80E4225033BC9320CB3A1BF49AA116114BB96F527667D3099C8BB0FE653AF544E13B4B
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Sf..............0.................. ... ....@.. .......................`............@................................

                                    File Icon

                                    Icon Hash:040917344b4fd9cd

                                    Static PE Info

                                    General

                                    Entrypoint:0x4a1ace
                                    Entrypoint Section:.text
                                    Digitally signed:true
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                    Time Stamp:0x6653E1FE [Mon May 27 01:29:34 2024 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                    Authenticode Signature

                                    Signature Valid:false
                                    Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                    Signature Validation Error:The digital signature of the object did not verify
                                    Error Number:-2146869232
                                    Not Before, Not After
                                    • 13/11/2018 01:00:00 09/11/2021 00:59:59
                                    Subject Chain
                                    • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                    Version:3
                                    Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                    Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                    Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                    Serial:7C1118CBBADC95DA3752C46E47A27438

                                    Entrypoint Preview

                                    Instruction
                                    jmp dword ptr [00402000h]
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xa1a7c0x4f.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xa20000x1a50.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0xa1c000x3608
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xa40000xc.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x20000x9fad40x9fc00239d73e9c2d02b390b9ba0f83c570f4eFalse0.9662436424100157data7.968838201538731IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    .rsrc0xa20000x1a500x1c00b3ba5d878d2c7e6f09660a13aa250796False0.8069196428571429data7.169486233479109IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0xa40000xc0x200bd6fc07f789b07e2dced6d7c2663137dFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                    RT_ICON0xa21000x144dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9694054262074273
                                    RT_GROUP_ICON0xa35600x14data1.05
                                    RT_VERSION0xa35840x2ccdata0.4301675977653631
                                    RT_MANIFEST0xa38600x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                    Imports

                                    DLLImport
                                    mscoree.dll_CorExeMain

                                    Network Behavior

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    May 27, 2024 09:01:03.593501091 CEST49703443192.168.2.7104.26.13.205
                                    May 27, 2024 09:01:03.593542099 CEST44349703104.26.13.205192.168.2.7
                                    May 27, 2024 09:01:03.593653917 CEST49703443192.168.2.7104.26.13.205
                                    May 27, 2024 09:01:03.602706909 CEST49703443192.168.2.7104.26.13.205
                                    May 27, 2024 09:01:03.602727890 CEST44349703104.26.13.205192.168.2.7
                                    May 27, 2024 09:01:04.100577116 CEST44349703104.26.13.205192.168.2.7
                                    May 27, 2024 09:01:04.100688934 CEST49703443192.168.2.7104.26.13.205
                                    May 27, 2024 09:01:04.110878944 CEST49703443192.168.2.7104.26.13.205
                                    May 27, 2024 09:01:04.110898018 CEST44349703104.26.13.205192.168.2.7
                                    May 27, 2024 09:01:04.111294985 CEST44349703104.26.13.205192.168.2.7
                                    May 27, 2024 09:01:04.153408051 CEST49703443192.168.2.7104.26.13.205
                                    May 27, 2024 09:01:04.159626007 CEST49703443192.168.2.7104.26.13.205
                                    May 27, 2024 09:01:04.206510067 CEST44349703104.26.13.205192.168.2.7
                                    May 27, 2024 09:01:04.338947058 CEST44349703104.26.13.205192.168.2.7
                                    May 27, 2024 09:01:04.339031935 CEST44349703104.26.13.205192.168.2.7
                                    May 27, 2024 09:01:04.339493036 CEST49703443192.168.2.7104.26.13.205
                                    May 27, 2024 09:01:04.344737053 CEST49703443192.168.2.7104.26.13.205
                                    May 27, 2024 09:01:04.357269049 CEST4970580192.168.2.7208.95.112.1
                                    May 27, 2024 09:01:04.362400055 CEST8049705208.95.112.1192.168.2.7
                                    May 27, 2024 09:01:04.362497091 CEST4970580192.168.2.7208.95.112.1
                                    May 27, 2024 09:01:04.362554073 CEST4970580192.168.2.7208.95.112.1
                                    May 27, 2024 09:01:04.367635965 CEST8049705208.95.112.1192.168.2.7
                                    May 27, 2024 09:01:04.833679914 CEST8049705208.95.112.1192.168.2.7
                                    May 27, 2024 09:01:04.887787104 CEST4970580192.168.2.7208.95.112.1
                                    May 27, 2024 09:01:06.073101044 CEST4970580192.168.2.7208.95.112.1
                                    May 27, 2024 09:01:06.078418016 CEST8049705208.95.112.1192.168.2.7
                                    May 27, 2024 09:01:06.078495979 CEST4970580192.168.2.7208.95.112.1
                                    May 27, 2024 09:01:06.314575911 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:06.319488049 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:06.319564104 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:06.883760929 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:06.883930922 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:06.888889074 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:06.997371912 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:06.997693062 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:07.003170967 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:07.112205982 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:07.112565041 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:07.117511034 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:07.469686985 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:07.469747066 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:07.469785929 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:07.469901085 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:07.470099926 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:07.470431089 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:07.484626055 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:07.489816904 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:07.598262072 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:07.600922108 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:07.605865955 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:07.713583946 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:07.716625929 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:07.721554995 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:07.830171108 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:07.830548048 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:07.835524082 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:08.046979904 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:08.067811966 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:08.072829008 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:08.181256056 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:08.231529951 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:08.253045082 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:08.258064985 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:08.376226902 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:08.376435041 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:08.381339073 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:08.489114046 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:08.490050077 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:08.490127087 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:08.490148067 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:08.490263939 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:01:08.495102882 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:08.495297909 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:08.495326996 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:08.495354891 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:08.623452902 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:01:08.669032097 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:44.671274900 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:44.671281099 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:44.676321030 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:44.676460981 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:44.680823088 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:44.785044909 CEST58749707192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:44.785581112 CEST49707587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:45.260534048 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:45.260819912 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:45.265852928 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:45.387728930 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:45.388814926 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:45.393781900 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:45.509056091 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:45.513381958 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:45.518390894 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:45.646044970 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:45.646090031 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:45.646126986 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:45.646140099 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:45.652009010 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:45.656871080 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:45.782196999 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:45.786926031 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:45.792085886 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:45.904063940 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:45.904578924 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:45.909574986 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:46.021348000 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:46.021712065 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:46.026643038 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.339037895 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.339433908 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.339512110 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.339764118 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.339829922 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.340426922 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.340696096 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.340696096 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.345890045 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.457734108 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.459007978 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.464443922 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.586591005 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.590220928 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.595118046 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.706296921 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.710907936 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.711025000 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.711112022 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.711194992 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.714025021 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.715818882 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.715862036 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.716001987 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.716063976 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.716079950 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.716123104 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.718921900 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.718983889 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.719202995 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.719247103 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.719276905 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.719291925 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.719305038 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.719319105 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.719329119 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.719341040 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.719358921 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.719372034 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.720659971 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.720705032 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.720735073 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.720772982 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.720809937 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.720853090 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.720963955 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.721003056 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.723907948 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.723968983 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.724384069 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.724438906 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.724461079 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.724492073 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.724503994 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.724529028 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.724536896 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.724569082 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.724575043 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.724611044 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.725878000 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.725936890 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.725964069 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.726005077 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.726070881 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.726111889 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.726141930 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.726176977 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.726181030 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.726219893 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.729216099 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.729902983 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.729989052 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.730113983 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.730165005 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.730292082 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.730386019 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.730529070 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731003046 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731015921 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731026888 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731074095 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731089115 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731100082 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731368065 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731411934 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731436968 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731447935 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731473923 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731542110 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731561899 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731574059 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731611967 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731657982 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731703043 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731717110 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731729984 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731812000 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731823921 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731837034 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.731849909 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:47.745942116 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:02:47.750929117 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:48.071542978 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:02:48.122541904 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:03.678265095 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:03.683315039 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:03.795427084 CEST58749716192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:03.795978069 CEST49716587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:03.797213078 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:03.802186966 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:03.802248955 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:04.437592030 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:04.437851906 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:04.442789078 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:04.550570011 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:04.552681923 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:04.557590961 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:04.668086052 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:04.668874025 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:04.673820972 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:04.796624899 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:04.796643972 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:04.796654940 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:04.799264908 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:04.799264908 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:04.804259062 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:04.912386894 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:04.916790009 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:04.921828032 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.029244900 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.030239105 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:05.035151005 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.144419909 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.145014048 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:05.150087118 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.259921074 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.260869026 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:05.266060114 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.373836994 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.376892090 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:05.381974936 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.506247044 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.512722015 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:05.546415091 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.667531967 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.669017076 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:05.669017076 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:05.669126034 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:05.669126034 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:05.672729015 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:05.693394899 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.693413019 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.693456888 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:05.693763018 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.693820000 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.693870068 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:05.697315931 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.697339058 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.697375059 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:05.697400093 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:05.697832108 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.697896957 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:05.728530884 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:05.728615999 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:06.044404984 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:06.074099064 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:06.074157000 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:06.074189901 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:06.734751940 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:06.780121088 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:06.780189991 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:06.787853003 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:06.804023981 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:07.459199905 CEST49719587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:07.501451015 CEST58749719192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:07.501554012 CEST49719587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:07.856915951 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:07.879916906 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:08.098916054 CEST58749719192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:08.099049091 CEST49719587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:08.157995939 CEST58749719192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:08.169728041 CEST49719587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:08.258300066 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:08.272044897 CEST58749719192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:08.272243023 CEST49719587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:08.518531084 CEST58749719192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:08.518711090 CEST49719587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:08.766552925 CEST58749719192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:08.766793966 CEST49719587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:09.357234955 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:09.856940031 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:09.949295998 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:11.359497070 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:11.364327908 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:11.371239901 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:11.939224005 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:12.044612885 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:12.158510923 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:12.158638954 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:12.378506899 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:12.378601074 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:12.465843916 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:12.846813917 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:12.847573042 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:12.857016087 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:12.871445894 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:12.984203100 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:12.984462023 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:12.989448071 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.104871988 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.105432034 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.114372969 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.283516884 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.283539057 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.283550024 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.283791065 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.289354086 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.294368982 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.411185980 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.416038036 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.423459053 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.540627003 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.540899038 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.544488907 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.545842886 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.551156998 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.551224947 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.556102037 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.556205034 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.556294918 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.562747955 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.562757969 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.562767029 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.562946081 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.567769051 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.567823887 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.567835093 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.567853928 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.567871094 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.567871094 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.574393034 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.574403048 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.574445009 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.574522972 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.574688911 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.581227064 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.581238031 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.581278086 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.581284046 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.581443071 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.587486029 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.587496996 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.587534904 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.587589025 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.587703943 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.594319105 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.594331026 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.594379902 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.594968081 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.595016003 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.602300882 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.602312088 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.602374077 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.602622032 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.602669001 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.610724926 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.610735893 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.610743046 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.610780954 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.617718935 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.617906094 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.617969036 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.622798920 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.622858047 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.627804041 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.627854109 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.635603905 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.635615110 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.635669947 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.644315004 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.644326925 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.644335032 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.644387960 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.644423962 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.644438028 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.644689083 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.652851105 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.652862072 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.652872086 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.652879953 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.652918100 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.652952909 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.652956009 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.653254032 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.660818100 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.661115885 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.663661957 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.663674116 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.663739920 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.664047956 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.664235115 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.667021990 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.667032003 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.667040110 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.667092085 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.670249939 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.672024965 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.672034979 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.672972918 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.676630974 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.681731939 CEST58749717192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.682132959 CEST49717587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.944252014 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:13.944499016 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:13.976752996 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:14.044711113 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:14.090399027 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:14.090854883 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:14.127072096 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:14.258857965 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:14.259145021 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:14.297904015 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:14.411372900 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:14.411695004 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:14.411829948 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:14.411829948 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:14.411914110 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:14.441013098 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:14.441026926 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:14.441287994 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:14.441318989 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:14.442970991 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:14.857150078 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:14.911364079 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:14.911504984 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:14.911689043 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:15.341511965 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:15.373754978 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:15.374077082 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:15.407038927 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:15.407052040 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:15.857067108 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:16.544586897 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:17.842413902 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:19.563200951 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:19.628757000 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:19.628977060 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:20.221684933 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:20.221966028 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:20.247714043 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:20.291886091 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:20.408648968 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:20.408916950 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:20.682677984 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:20.682815075 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:20.700750113 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:20.764079094 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:20.883038044 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:20.884027004 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:20.957694054 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:21.087186098 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:21.087203026 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:21.087214947 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:21.087410927 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:21.088920116 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:21.150626898 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:21.264411926 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:21.265837908 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:21.550533056 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:21.552687883 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:21.560689926 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:21.630188942 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:21.750778913 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:21.751244068 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:21.772695065 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:21.830857038 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:21.836072922 CEST49722587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:21.852350950 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:21.852885008 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:22.061315060 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:22.154511929 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:22.154932022 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:22.442518950 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:22.442740917 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:22.857079029 CEST49722587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:22.935452938 CEST58749722192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:22.935570955 CEST49722587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:23.018819094 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:23.018968105 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:23.946518898 CEST58749722192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:23.946846008 CEST49722587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:24.138530016 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:24.138756037 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:25.060112000 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:25.120707989 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:25.120767117 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:25.121083975 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:25.962510109 CEST58749722192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:25.962850094 CEST49722587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:26.341658115 CEST49722587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:26.414751053 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:26.418577909 CEST58749722192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:26.418910027 CEST58749722192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:26.419073105 CEST49722587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:26.574542046 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:26.576833010 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:26.634610891 CEST58749722192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:26.636801958 CEST49722587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:26.854568958 CEST58749722192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:26.854692936 CEST49722587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:27.437407017 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:28.182512045 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:29.281393051 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:29.339029074 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:29.339101076 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:29.560194016 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:29.615032911 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:29.615291119 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:30.040417910 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:30.044815063 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:30.226516962 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:30.226630926 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:30.230252981 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:30.230472088 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:30.360852957 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:30.415198088 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:30.475718975 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:30.510483980 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:30.510633945 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:30.535990000 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:30.536173105 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:30.553843975 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:30.617063046 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:30.690407991 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:30.690582037 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:30.740793943 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:30.741350889 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:30.787446022 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:30.833534956 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:30.906817913 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:30.907341957 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:30.962825060 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:30.962851048 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:30.962861061 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:30.962924957 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:30.964176893 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:30.994381905 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:31.037013054 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:31.127408028 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:31.127422094 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:31.127432108 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:31.127531052 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:31.129904985 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:31.156347036 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:31.157160044 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:31.178643942 CEST58749721192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:31.178759098 CEST49721587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:31.185066938 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:31.201564074 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:31.301460981 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:31.302395105 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:31.320177078 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:31.320488930 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:31.339507103 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:31.357225895 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:31.454515934 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:31.454900980 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:31.465370893 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:35.479218006 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:35.479521036 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:35.487953901 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:35.594559908 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:35.595127106 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:35.604034901 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:35.631135941 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:35.631387949 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:35.648752928 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:35.724499941 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:35.724716902 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:35.732848883 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:35.772330046 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:35.772720098 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:35.782538891 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:35.850392103 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:35.850658894 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:35.913860083 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:35.916913033 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:36.094610929 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:36.094867945 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:36.154557943 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:36.156964064 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:36.247673035 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:36.247817039 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:36.347754955 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:36.352840900 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:36.653949976 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:36.654019117 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:36.842556953 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:36.842609882 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.288580894 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.288675070 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.342061996 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.342096090 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.463401079 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.463921070 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.463921070 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.463921070 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.464731932 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.468025923 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.468190908 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.541497946 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.541517973 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.541531086 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.541547060 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.541605949 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.542614937 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.619271994 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.619388103 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.667957067 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.668320894 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.668555975 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.668555975 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.668555975 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.683835030 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.683876038 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.683892012 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.684146881 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.730573893 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.741488934 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.741579056 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.742245913 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.742506981 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.807354927 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.807569027 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.808254957 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.808566093 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.873051882 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.873169899 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.873862028 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.874063015 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.947596073 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.947632074 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:37.947686911 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:37.947834969 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:38.062783957 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:38.251631021 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:38.296668053 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:38.298790932 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:38.345453978 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:38.345490932 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:38.345587969 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:38.345587969 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:38.747668028 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:38.747668982 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.353446960 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.362016916 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.362095118 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.368725061 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.368757963 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.368778944 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.368793964 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.376518965 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.376584053 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.376658916 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.383759022 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.383779049 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.383791924 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.383810997 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.383830070 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.383856058 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.390353918 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.390368938 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.390382051 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.390402079 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.390418053 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.390440941 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.401037931 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.401086092 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.401098013 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.401102066 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.401137114 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.401164055 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.409794092 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.409826040 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.409849882 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.409869909 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.415239096 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.415328979 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.422369957 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.422430038 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.427455902 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.427515030 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.434911013 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.435020924 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.439929962 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.439992905 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.442076921 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.442130089 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.455105066 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.455180883 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.467242002 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.467325926 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.478853941 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.478925943 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.483850956 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.483906984 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.483907938 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.483948946 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.483959913 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.483973026 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.483999014 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.484010935 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.484044075 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.484061956 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.484075069 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.484116077 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.492708921 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.492739916 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.492760897 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.492764950 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.492795944 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.492810965 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.492811918 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.492837906 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.492875099 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.492882013 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.492907047 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.492930889 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.492955923 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.506804943 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.506845951 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.506975889 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.507014990 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.738953114 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.857526064 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:39.991324902 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:39.994788885 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:40.044565916 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:40.242487907 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:40.242607117 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:40.746546030 CEST58749718192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:40.748764992 CEST49718587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:42.544773102 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:44.623378992 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:44.671988964 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:44.675123930 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:44.716739893 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:44.716764927 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:44.718857050 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:45.122700930 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:45.186697960 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.186783075 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:45.255567074 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.255592108 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.255686998 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:45.328452110 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.328468084 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.328561068 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:45.401249886 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.401262999 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.401273966 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.401350021 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:45.401612043 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:45.468353033 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.468367100 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.468444109 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.468625069 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:45.536118031 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.536230087 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.536257029 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.536288023 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:45.536407948 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:45.603883982 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.603918076 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.604067087 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:45.606621981 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.606831074 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:45.668292999 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.668524981 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:45.673104048 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:45.673211098 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:46.122885942 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:46.189064026 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:46.190566063 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:46.260993004 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:46.261023045 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:46.261280060 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:46.716464996 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:47.419955015 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:47.452805996 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:47.461708069 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:47.464868069 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:47.505157948 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:47.505426884 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:47.518285036 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:47.518445969 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:47.518515110 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:47.935363054 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:48.716605902 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:48.777884960 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:48.779069901 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:48.849503040 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:48.849721909 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:48.854907990 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:48.914676905 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:48.918791056 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:48.970241070 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:48.970257044 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:48.970264912 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:48.970941067 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:49.018343925 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.018357992 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.018407106 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.022989988 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:49.061959028 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.061969995 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.061978102 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.064819098 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:49.079078913 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.079144955 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.079188108 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.085045099 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:49.092677116 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.096827030 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:49.102113962 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.102123976 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.102132082 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.102174997 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.105247974 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:49.110331059 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.110346079 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.110354900 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.110415936 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.110424995 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.110492945 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.110603094 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:49.110603094 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:03:49.115722895 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.115732908 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.115787029 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.115796089 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.115803957 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.115812063 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.115833998 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.115843058 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.120558977 CEST58749720192.185.143.105192.168.2.7
                                    May 27, 2024 09:03:49.123080969 CEST49720587192.168.2.7192.185.143.105
                                    May 27, 2024 09:04:06.420871019 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:04:44.232249022 CEST49723587192.168.2.7192.185.143.105
                                    May 27, 2024 09:04:44.296643019 CEST58749723192.185.143.105192.168.2.7
                                    May 27, 2024 09:04:44.296843052 CEST49723587192.168.2.7192.185.143.105

                                    UDP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    May 27, 2024 09:01:03.578519106 CEST6481853192.168.2.71.1.1.1
                                    May 27, 2024 09:01:03.585933924 CEST53648181.1.1.1192.168.2.7
                                    May 27, 2024 09:01:04.349803925 CEST6511053192.168.2.71.1.1.1
                                    May 27, 2024 09:01:04.356674910 CEST53651101.1.1.1192.168.2.7
                                    May 27, 2024 09:01:06.073719025 CEST5107753192.168.2.71.1.1.1
                                    May 27, 2024 09:01:06.313970089 CEST53510771.1.1.1192.168.2.7

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                    May 27, 2024 09:01:03.578519106 CEST192.168.2.71.1.1.10xb353Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                    May 27, 2024 09:01:04.349803925 CEST192.168.2.71.1.1.10x6cdbStandard query (0)ip-api.comA (IP address)IN (0x0001)false
                                    May 27, 2024 09:01:06.073719025 CEST192.168.2.71.1.1.10xe2d9Standard query (0)mail.alitextile.comA (IP address)IN (0x0001)false

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                    May 27, 2024 09:01:03.585933924 CEST1.1.1.1192.168.2.70xb353No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                    May 27, 2024 09:01:03.585933924 CEST1.1.1.1192.168.2.70xb353No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                    May 27, 2024 09:01:03.585933924 CEST1.1.1.1192.168.2.70xb353No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                    May 27, 2024 09:01:04.356674910 CEST1.1.1.1192.168.2.70x6cdbNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                    May 27, 2024 09:01:06.313970089 CEST1.1.1.1192.168.2.70xe2d9No error (0)mail.alitextile.com192.185.143.105A (IP address)IN (0x0001)false

                                    HTTP Request Dependency Graph

                                    • api.ipify.org
                                    • ip-api.com

                                    HTTP Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.749705208.95.112.1805956C:\Users\user\Desktop\PO_27052024.exe
                                    TimestampBytes transferredDirectionData
                                    May 27, 2024 09:01:04.362554073 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                    Host: ip-api.com
                                    Connection: Keep-Alive
                                    May 27, 2024 09:01:04.833679914 CEST175INHTTP/1.1 200 OK
                                    Date: Mon, 27 May 2024 07:01:04 GMT
                                    Content-Type: text/plain; charset=utf-8
                                    Content-Length: 6
                                    Access-Control-Allow-Origin: *
                                    X-Ttl: 60
                                    X-Rl: 44
                                    Data Raw: 66 61 6c 73 65 0a
                                    Data Ascii: false


                                    HTTPS Proxied Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.749703104.26.13.2054435956C:\Users\user\Desktop\PO_27052024.exe
                                    TimestampBytes transferredDirectionData
                                    2024-05-27 07:01:04 UTC155OUTGET / HTTP/1.1
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                    Host: api.ipify.org
                                    Connection: Keep-Alive
                                    2024-05-27 07:01:04 UTC211INHTTP/1.1 200 OK
                                    Date: Mon, 27 May 2024 07:01:04 GMT
                                    Content-Type: text/plain
                                    Content-Length: 12
                                    Connection: close
                                    Vary: Origin
                                    CF-Cache-Status: DYNAMIC
                                    Server: cloudflare
                                    CF-RAY: 88a421ad5a5a43e0-EWR
                                    2024-05-27 07:01:04 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35
                                    Data Ascii: 8.46.123.175


                                    SMTP Packets

                                    TimestampSource PortDest PortSource IPDest IPCommands
                                    May 27, 2024 09:01:06.883760929 CEST58749707192.185.143.105192.168.2.7220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Mon, 27 May 2024 02:01:06 -0500
                                    220-We do not authorize the use of this system to transport unsolicited,
                                    220 and/or bulk e-mail.
                                    May 27, 2024 09:01:06.883930922 CEST49707587192.168.2.7192.185.143.105EHLO 124406
                                    May 27, 2024 09:01:06.997371912 CEST58749707192.185.143.105192.168.2.7250-cutlass.websitewelcome.com Hello 124406 [8.46.123.175]
                                    250-SIZE 52428800
                                    250-8BITMIME
                                    250-PIPELINING
                                    250-PIPECONNECT
                                    250-AUTH PLAIN LOGIN
                                    250-STARTTLS
                                    250 HELP
                                    May 27, 2024 09:01:06.997693062 CEST49707587192.168.2.7192.185.143.105STARTTLS
                                    May 27, 2024 09:01:07.112205982 CEST58749707192.185.143.105192.168.2.7220 TLS go ahead
                                    May 27, 2024 09:02:45.260534048 CEST58749716192.185.143.105192.168.2.7220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Mon, 27 May 2024 02:02:45 -0500
                                    220-We do not authorize the use of this system to transport unsolicited,
                                    220 and/or bulk e-mail.
                                    May 27, 2024 09:02:45.260819912 CEST49716587192.168.2.7192.185.143.105EHLO 124406
                                    May 27, 2024 09:02:45.387728930 CEST58749716192.185.143.105192.168.2.7250-cutlass.websitewelcome.com Hello 124406 [8.46.123.175]
                                    250-SIZE 52428800
                                    250-8BITMIME
                                    250-PIPELINING
                                    250-PIPECONNECT
                                    250-AUTH PLAIN LOGIN
                                    250-STARTTLS
                                    250 HELP
                                    May 27, 2024 09:02:45.388814926 CEST49716587192.168.2.7192.185.143.105STARTTLS
                                    May 27, 2024 09:02:45.509056091 CEST58749716192.185.143.105192.168.2.7220 TLS go ahead
                                    May 27, 2024 09:03:04.437592030 CEST58749717192.185.143.105192.168.2.7220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Mon, 27 May 2024 02:03:04 -0500
                                    220-We do not authorize the use of this system to transport unsolicited,
                                    220 and/or bulk e-mail.
                                    May 27, 2024 09:03:04.437851906 CEST49717587192.168.2.7192.185.143.105EHLO 124406
                                    May 27, 2024 09:03:04.550570011 CEST58749717192.185.143.105192.168.2.7250-cutlass.websitewelcome.com Hello 124406 [8.46.123.175]
                                    250-SIZE 52428800
                                    250-8BITMIME
                                    250-PIPELINING
                                    250-PIPECONNECT
                                    250-AUTH PLAIN LOGIN
                                    250-STARTTLS
                                    250 HELP
                                    May 27, 2024 09:03:04.552681923 CEST49717587192.168.2.7192.185.143.105STARTTLS
                                    May 27, 2024 09:03:04.668086052 CEST58749717192.185.143.105192.168.2.7220 TLS go ahead
                                    May 27, 2024 09:03:08.098916054 CEST58749719192.185.143.105192.168.2.7220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Mon, 27 May 2024 02:03:08 -0500
                                    220-We do not authorize the use of this system to transport unsolicited,
                                    220 and/or bulk e-mail.
                                    May 27, 2024 09:03:08.099049091 CEST49719587192.168.2.7192.185.143.105EHLO 124406
                                    May 27, 2024 09:03:08.272044897 CEST58749719192.185.143.105192.168.2.7250-cutlass.websitewelcome.com Hello 124406 [8.46.123.175]
                                    250-SIZE 52428800
                                    250-8BITMIME
                                    250-PIPELINING
                                    250-PIPECONNECT
                                    250-AUTH PLAIN LOGIN
                                    250-STARTTLS
                                    250 HELP
                                    May 27, 2024 09:03:08.518531084 CEST58749719192.185.143.105192.168.2.7250-cutlass.websitewelcome.com Hello 124406 [8.46.123.175]
                                    250-SIZE 52428800
                                    250-8BITMIME
                                    250-PIPELINING
                                    250-PIPECONNECT
                                    250-AUTH PLAIN LOGIN
                                    250-STARTTLS
                                    250 HELP
                                    May 27, 2024 09:03:08.766552925 CEST58749719192.185.143.105192.168.2.7250-cutlass.websitewelcome.com Hello 124406 [8.46.123.175]
                                    250-SIZE 52428800
                                    250-8BITMIME
                                    250-PIPELINING
                                    250-PIPECONNECT
                                    250-AUTH PLAIN LOGIN
                                    250-STARTTLS
                                    250 HELP
                                    May 27, 2024 09:03:11.939224005 CEST58749720192.185.143.105192.168.2.7220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Mon, 27 May 2024 02:03:11 -0500
                                    220-We do not authorize the use of this system to transport unsolicited,
                                    220 and/or bulk e-mail.
                                    May 27, 2024 09:03:12.158510923 CEST58749720192.185.143.105192.168.2.7220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Mon, 27 May 2024 02:03:11 -0500
                                    220-We do not authorize the use of this system to transport unsolicited,
                                    220 and/or bulk e-mail.
                                    May 27, 2024 09:03:12.378506899 CEST58749720192.185.143.105192.168.2.7220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Mon, 27 May 2024 02:03:11 -0500
                                    220-We do not authorize the use of this system to transport unsolicited,
                                    220 and/or bulk e-mail.
                                    May 27, 2024 09:03:12.465843916 CEST49720587192.168.2.7192.185.143.105EHLO 124406
                                    May 27, 2024 09:03:12.846813917 CEST58749720192.185.143.105192.168.2.7220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Mon, 27 May 2024 02:03:11 -0500
                                    220-We do not authorize the use of this system to transport unsolicited,
                                    220 and/or bulk e-mail.
                                    May 27, 2024 09:03:12.857016087 CEST49720587192.168.2.7192.185.143.105EHLO 124406
                                    May 27, 2024 09:03:12.984203100 CEST58749720192.185.143.105192.168.2.7250-cutlass.websitewelcome.com Hello 124406 [8.46.123.175]
                                    250-SIZE 52428800
                                    250-8BITMIME
                                    250-PIPELINING
                                    250-PIPECONNECT
                                    250-AUTH PLAIN LOGIN
                                    250-STARTTLS
                                    250 HELP
                                    May 27, 2024 09:03:12.984462023 CEST49720587192.168.2.7192.185.143.105STARTTLS
                                    May 27, 2024 09:03:13.104871988 CEST58749720192.185.143.105192.168.2.7220 TLS go ahead
                                    May 27, 2024 09:03:20.221684933 CEST58749721192.185.143.105192.168.2.7220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Mon, 27 May 2024 02:03:20 -0500
                                    220-We do not authorize the use of this system to transport unsolicited,
                                    220 and/or bulk e-mail.
                                    May 27, 2024 09:03:20.221966028 CEST49721587192.168.2.7192.185.143.105EHLO 124406
                                    May 27, 2024 09:03:20.408648968 CEST58749721192.185.143.105192.168.2.7250-cutlass.websitewelcome.com Hello 124406 [8.46.123.175]
                                    250-SIZE 52428800
                                    250-8BITMIME
                                    250-PIPELINING
                                    250-PIPECONNECT
                                    250-AUTH PLAIN LOGIN
                                    250-STARTTLS
                                    250 HELP
                                    May 27, 2024 09:03:20.408916950 CEST49721587192.168.2.7192.185.143.105STARTTLS
                                    May 27, 2024 09:03:20.682677984 CEST58749721192.185.143.105192.168.2.7250-cutlass.websitewelcome.com Hello 124406 [8.46.123.175]
                                    250-SIZE 52428800
                                    250-8BITMIME
                                    250-PIPELINING
                                    250-PIPECONNECT
                                    250-AUTH PLAIN LOGIN
                                    250-STARTTLS
                                    250 HELP
                                    May 27, 2024 09:03:20.700750113 CEST49721587192.168.2.7192.185.143.105STARTTLS
                                    May 27, 2024 09:03:20.883038044 CEST58749721192.185.143.105192.168.2.7220 TLS go ahead
                                    May 27, 2024 09:03:30.040417910 CEST58749718192.185.143.105192.168.2.7220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Mon, 27 May 2024 02:03:29 -0500
                                    220-We do not authorize the use of this system to transport unsolicited,
                                    220 and/or bulk e-mail.
                                    May 27, 2024 09:03:30.044815063 CEST49718587192.168.2.7192.185.143.105EHLO 124406
                                    May 27, 2024 09:03:30.226516962 CEST58749718192.185.143.105192.168.2.7220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Mon, 27 May 2024 02:03:29 -0500
                                    220-We do not authorize the use of this system to transport unsolicited,
                                    220 and/or bulk e-mail.
                                    May 27, 2024 09:03:30.230252981 CEST58749723192.185.143.105192.168.2.7220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Mon, 27 May 2024 02:03:30 -0500
                                    220-We do not authorize the use of this system to transport unsolicited,
                                    220 and/or bulk e-mail.
                                    May 27, 2024 09:03:30.230472088 CEST49723587192.168.2.7192.185.143.105EHLO 124406
                                    May 27, 2024 09:03:30.360852957 CEST49718587192.168.2.7192.185.143.105EHLO 124406
                                    May 27, 2024 09:03:30.475718975 CEST49723587192.168.2.7192.185.143.105EHLO 124406
                                    May 27, 2024 09:03:30.510483980 CEST58749723192.185.143.105192.168.2.7220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Mon, 27 May 2024 02:03:30 -0500
                                    220-We do not authorize the use of this system to transport unsolicited,
                                    220 and/or bulk e-mail.
                                    May 27, 2024 09:03:30.535990000 CEST58749718192.185.143.105192.168.2.7250-cutlass.websitewelcome.com Hello 124406 [8.46.123.175]
                                    250-SIZE 52428800
                                    250-8BITMIME
                                    250-PIPELINING
                                    250-PIPECONNECT
                                    250-AUTH PLAIN LOGIN
                                    250-STARTTLS
                                    250 HELP
                                    May 27, 2024 09:03:30.536173105 CEST49718587192.168.2.7192.185.143.105STARTTLS
                                    May 27, 2024 09:03:30.690407991 CEST58749723192.185.143.105192.168.2.7250-cutlass.websitewelcome.com Hello 124406 [8.46.123.175]
                                    250-SIZE 52428800
                                    250-8BITMIME
                                    250-PIPELINING
                                    250-PIPECONNECT
                                    250-AUTH PLAIN LOGIN
                                    250-STARTTLS
                                    250 HELP
                                    May 27, 2024 09:03:30.690582037 CEST49723587192.168.2.7192.185.143.105STARTTLS
                                    May 27, 2024 09:03:30.740793943 CEST58749718192.185.143.105192.168.2.7220 TLS go ahead
                                    May 27, 2024 09:03:30.906817913 CEST58749723192.185.143.105192.168.2.7220 TLS go ahead

                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:03:01:00
                                    Start date:27/05/2024
                                    Path:C:\Users\user\Desktop\PO_27052024.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\PO_27052024.exe"
                                    Imagebase:0x350000
                                    File size:676'360 bytes
                                    MD5 hash:4199D8995C4B86F6053C43CB70A87AA9
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1230653583.000000000390E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1230653583.000000000390E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:3
                                    Start time:03:01:01
                                    Start date:27/05/2024
                                    Path:C:\Users\user\Desktop\PO_27052024.exe
                                    Wow64 process (32bit):false
                                    Commandline:"C:\Users\user\Desktop\PO_27052024.exe"
                                    Imagebase:0x40000
                                    File size:676'360 bytes
                                    MD5 hash:4199D8995C4B86F6053C43CB70A87AA9
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:4
                                    Start time:03:01:02
                                    Start date:27/05/2024
                                    Path:C:\Users\user\Desktop\PO_27052024.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\PO_27052024.exe"
                                    Imagebase:0xc60000
                                    File size:676'360 bytes
                                    MD5 hash:4199D8995C4B86F6053C43CB70A87AA9
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.3686376787.000000000319D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.3666284064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.3666284064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                    Reputation:low
                                    Has exited:false

                                    General

                                    Target ID:6
                                    Start time:03:01:05
                                    Start date:27/05/2024
                                    Path:C:\Windows\System32\SgrmBroker.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\SgrmBroker.exe
                                    Imagebase:0x7ff6f54a0000
                                    File size:329'504 bytes
                                    MD5 hash:3BA1A18A0DC30A0545E7765CB97D8E63
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:false

                                    Disassembly

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:10.5%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:0%
                                      Total number of Nodes:198
                                      Total number of Limit Nodes:12
                                      execution_graph 38461 4b7acb0 38465 4b7ada8 38461->38465 38472 4b7ad97 38461->38472 38462 4b7acbf 38466 4b7adb9 38465->38466 38469 4b7add4 38465->38469 38479 4b7a0cc 38466->38479 38469->38462 38473 4b7adb9 38472->38473 38476 4b7add4 38472->38476 38474 4b7a0cc GetModuleHandleW 38473->38474 38475 4b7adc4 38474->38475 38475->38476 38477 4b7b030 2 API calls 38475->38477 38478 4b7b040 2 API calls 38475->38478 38476->38462 38477->38476 38478->38476 38480 4b7af98 GetModuleHandleW 38479->38480 38482 4b7adc4 38480->38482 38482->38469 38483 4b7b040 38482->38483 38488 4b7b030 38482->38488 38484 4b7a0cc GetModuleHandleW 38483->38484 38485 4b7b054 38483->38485 38484->38485 38487 4b7b079 38485->38487 38493 4b7a130 38485->38493 38487->38469 38489 4b7a0cc GetModuleHandleW 38488->38489 38490 4b7b054 38489->38490 38491 4b7b079 38490->38491 38492 4b7a130 LoadLibraryExW 38490->38492 38491->38469 38492->38491 38494 4b7b220 LoadLibraryExW 38493->38494 38496 4b7b299 38494->38496 38496->38487 38497 68f73c8 38500 68f558c 38497->38500 38499 68f7418 38501 68f5597 38500->38501 38502 68f7543 38501->38502 38504 68f77b7 38501->38504 38502->38499 38506 68f77ec 38504->38506 38505 68f7851 38505->38502 38506->38505 38510 68f79f3 38506->38510 38515 68f7a00 38506->38515 38507 68f7847 38507->38502 38511 68f7a3f 38510->38511 38512 68f7b67 38511->38512 38520 68f7e79 38511->38520 38525 68f7e88 38511->38525 38512->38507 38516 68f7a3f 38515->38516 38517 68f7b67 38516->38517 38518 68f7e79 FindCloseChangeNotification 38516->38518 38519 68f7e88 FindCloseChangeNotification 38516->38519 38517->38507 38518->38517 38519->38517 38521 68f7e96 38520->38521 38522 68f7eb5 38520->38522 38530 68f560c 38521->38530 38522->38512 38526 68f7e96 38525->38526 38527 68f7eb5 38525->38527 38528 68f560c FindCloseChangeNotification 38526->38528 38527->38512 38529 68f7eb1 38528->38529 38529->38512 38531 68f8000 FindCloseChangeNotification 38530->38531 38532 68f7eb1 38531->38532 38532->38512 38701 4b7d040 38702 4b7d086 38701->38702 38706 4b7d628 38702->38706 38709 4b7d618 38702->38709 38703 4b7d173 38712 4b7d27c 38706->38712 38710 4b7d656 38709->38710 38711 4b7d27c DuplicateHandle 38709->38711 38710->38703 38711->38710 38713 4b7d690 DuplicateHandle 38712->38713 38714 4b7d656 38713->38714 38714->38703 38561 69f56f3 38565 69f6001 38561->38565 38580 69f6010 38561->38580 38562 69f5702 38566 69f600f 38565->38566 38567 69f6032 38566->38567 38595 69f65c6 38566->38595 38600 69f6567 38566->38600 38604 69f6e07 38566->38604 38609 69f6eaa 38566->38609 38613 69f6c72 38566->38613 38618 69f6655 38566->38618 38622 69f6c58 38566->38622 38627 69f645b 38566->38627 38631 69f6afc 38566->38631 38638 69f6542 38566->38638 38643 69f6524 38566->38643 38648 69f6bc6 38566->38648 38567->38562 38581 69f602a 38580->38581 38582 69f6afc 4 API calls 38581->38582 38583 69f645b 2 API calls 38581->38583 38584 69f6c58 2 API calls 38581->38584 38585 69f6655 2 API calls 38581->38585 38586 69f6c72 2 API calls 38581->38586 38587 69f6eaa 2 API calls 38581->38587 38588 69f6e07 2 API calls 38581->38588 38589 69f6567 2 API calls 38581->38589 38590 69f65c6 2 API calls 38581->38590 38591 69f6bc6 2 API calls 38581->38591 38592 69f6524 2 API calls 38581->38592 38593 69f6032 38581->38593 38594 69f6542 2 API calls 38581->38594 38582->38593 38583->38593 38584->38593 38585->38593 38586->38593 38587->38593 38588->38593 38589->38593 38590->38593 38591->38593 38592->38593 38593->38562 38594->38593 38596 69f6bcd 38595->38596 38597 69f64b3 38595->38597 38596->38597 38653 69f4f78 38596->38653 38657 69f4f80 38596->38657 38597->38567 38597->38597 38602 69f4f78 WriteProcessMemory 38600->38602 38603 69f4f80 WriteProcessMemory 38600->38603 38601 69f6595 38601->38567 38602->38601 38603->38601 38605 69f6e10 38604->38605 38607 69f4f78 WriteProcessMemory 38605->38607 38608 69f4f80 WriteProcessMemory 38605->38608 38606 69f64b3 38606->38567 38606->38606 38607->38606 38608->38606 38661 69f4eb8 38609->38661 38665 69f4ec0 38609->38665 38610 69f6ec8 38614 69f6c78 38613->38614 38615 69f64b3 38614->38615 38669 69f4d38 38614->38669 38673 69f4d31 38614->38673 38615->38567 38677 69f506c 38618->38677 38681 69f5070 38618->38681 38619 69f64b3 38619->38567 38619->38619 38623 69f6bcd 38622->38623 38624 69f64b3 38623->38624 38625 69f4f78 WriteProcessMemory 38623->38625 38626 69f4f80 WriteProcessMemory 38623->38626 38624->38567 38625->38623 38626->38623 38685 69f51fd 38627->38685 38689 69f5208 38627->38689 38693 69f4de8 38631->38693 38697 69f4de0 38631->38697 38632 69f64b3 38632->38567 38633 69f6b16 38633->38632 38634 69f4d38 ResumeThread 38633->38634 38635 69f4d31 ResumeThread 38633->38635 38634->38632 38635->38632 38640 69f6547 38638->38640 38639 69f64b3 38639->38567 38640->38639 38641 69f4d38 ResumeThread 38640->38641 38642 69f4d31 ResumeThread 38640->38642 38641->38639 38642->38639 38644 69f6aae 38643->38644 38646 69f4de8 Wow64SetThreadContext 38644->38646 38647 69f4de0 Wow64SetThreadContext 38644->38647 38645 69f6ac9 38646->38645 38647->38645 38649 69f6bcc 38648->38649 38650 69f64b3 38649->38650 38651 69f4f78 WriteProcessMemory 38649->38651 38652 69f4f80 WriteProcessMemory 38649->38652 38650->38567 38651->38649 38652->38649 38654 69f4fc8 WriteProcessMemory 38653->38654 38656 69f501f 38654->38656 38656->38596 38658 69f4fc8 WriteProcessMemory 38657->38658 38660 69f501f 38658->38660 38660->38596 38662 69f4f00 VirtualAllocEx 38661->38662 38664 69f4f3d 38662->38664 38664->38610 38666 69f4f00 VirtualAllocEx 38665->38666 38668 69f4f3d 38666->38668 38668->38610 38670 69f4d78 ResumeThread 38669->38670 38672 69f4da9 38670->38672 38672->38615 38674 69f4d78 ResumeThread 38673->38674 38676 69f4da9 38674->38676 38676->38615 38678 69f50bb ReadProcessMemory 38677->38678 38680 69f50ff 38678->38680 38680->38619 38682 69f50bb ReadProcessMemory 38681->38682 38684 69f50ff 38682->38684 38684->38619 38686 69f5291 CreateProcessA 38685->38686 38688 69f5453 38686->38688 38690 69f5291 CreateProcessA 38689->38690 38692 69f5453 38690->38692 38694 69f4e2d Wow64SetThreadContext 38693->38694 38696 69f4e75 38694->38696 38696->38633 38698 69f4e2d Wow64SetThreadContext 38697->38698 38700 69f4e75 38698->38700 38700->38633 38533 69f7750 38534 69f78db 38533->38534 38536 69f7776 38533->38536 38536->38534 38537 69f7278 38536->38537 38538 69f79d0 PostMessageW 38537->38538 38539 69f7a3c 38538->38539 38539->38536 38540 4b74668 38541 4b7467a 38540->38541 38542 4b74686 38541->38542 38544 4b74779 38541->38544 38545 4b7479d 38544->38545 38549 4b74888 38545->38549 38553 4b74878 38545->38553 38551 4b748af 38549->38551 38550 4b7498c 38550->38550 38551->38550 38557 4b744b0 38551->38557 38555 4b748af 38553->38555 38554 4b7498c 38554->38554 38555->38554 38556 4b744b0 CreateActCtxA 38555->38556 38556->38554 38558 4b75918 CreateActCtxA 38557->38558 38560 4b759db 38558->38560 38715 68f4570 38716 68f458e 38715->38716 38719 68f3834 38716->38719 38718 68f45ad 38721 68f383f 38719->38721 38720 68f4651 38720->38718 38721->38720 38724 68f5160 38721->38724 38722 68f4755 38722->38718 38725 68f516a 38724->38725 38725->38722 38726 68f5213 DrawTextExW 38725->38726 38727 68f524e 38726->38727 38727->38722

                                      Executed Functions

                                      Function 068F02D8 Relevance: .9, Instructions: 931COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232635150.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c280dc5f34caf8f34337484bc3ba21eabd7f1df4116b53fa36d81623d8a5cff9
                                      • Instruction ID: cb40f566e2af4c194ec421d9bc9d7d683ea71eb169704fd57456215a5c5cbcf9
                                      • Opcode Fuzzy Hash: c280dc5f34caf8f34337484bc3ba21eabd7f1df4116b53fa36d81623d8a5cff9
                                      • Instruction Fuzzy Hash: 1AA22831E102598FDB55DF68C8986EDB7B1FF89300F1482A9D90AA7350EB74AE85CF50
                                      Function 08084B62 Relevance: 30.6, Strings: 24, Instructions: 565COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: fq$ fq$ fq$ fq$ fq$ fq$ fq$Teq$Teq$Teq$XXq$XXq$XXq$XXq$XXq$XXq$XXq$$q$$q$$q$$q$$q$$q$$q
                                      • API String ID: 0-744876897
                                      • Opcode ID: 8e5c7d7de1fbc4e1711610f433d927867c4fe2bb1b0aca8f68cdd0dd99d2787f
                                      • Instruction ID: f82165466f123e1180ffd7d10efbd1255c0139b557eb77d8f6c94bcf2be49cea
                                      • Opcode Fuzzy Hash: 8e5c7d7de1fbc4e1711610f433d927867c4fe2bb1b0aca8f68cdd0dd99d2787f
                                      • Instruction Fuzzy Hash: B2227430E0021DCFDB54EB99D855B6DB7B3BB89302F244569E842AF395CB709C82CB95
                                      Function 080833E8 Relevance: 15.4, Strings: 12, Instructions: 432COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 532 80833e8-808343c call 8083b75 690 808343c call 8083c20 532->690 691 808343c call 8083c30 532->691 692 808343c call 8083d20 532->692 535 8083442-80834a7 call 8082d8c 545 80834a9-80834ac 535->545 546 80834ae 545->546 547 80834b5-80834bc 545->547 546->547 548 80834c8-80834ce 546->548 549 80835c9-80835cf 546->549 550 8083869-80838e0 546->550 551 80835aa-80835b6 546->551 552 808376a-8083771 546->552 553 808352d-8083537 546->553 554 80835a0-80835a5 546->554 555 80836c3-80836c7 546->555 556 8083666-808366a 546->556 557 8083779 546->557 558 808353a-808353e 546->558 559 808363b-808364e 546->559 560 808379b-8083828 546->560 561 80836fd 546->561 562 8083551-8083557 546->562 563 80836f3-80836f8 546->563 564 8083755-8083762 546->564 565 8083736-8083745 546->565 566 8083650 547->566 567 80834c2-80834c6 547->567 582 80834d0-80834d2 548->582 583 80834d4-80834e0 548->583 580 80835d1-80835d3 549->580 581 80835d5-80835e1 549->581 664 80838f8-8083900 550->664 665 80838e2-80838e8 550->665 576 80835b8 551->576 577 80835c2-80835c7 551->577 578 808377c-8083781 552->578 579 8083773-8083777 552->579 553->558 554->545 584 80836c9-80836d2 555->584 585 80836ea 555->585 574 808368b 556->574 575 808366c-8083675 556->575 557->578 569 808354a-808354f 558->569 570 8083540 558->570 571 8083655 559->571 671 8083831-8083833 560->671 586 8083700-8083725 561->586 572 8083559-808355b 562->572 573 808355d-8083569 562->573 568 808365a-808365d 563->568 564->552 612 808374e-8083753 565->612 613 8083747 565->613 566->571 567->545 568->556 595 808365f 568->595 587 8083545 569->587 570->587 571->568 588 808356b-808359b 572->588 573->588 598 808368e-8083690 574->598 596 808367c-808367f 575->596 597 8083677-808367a 575->597 591 80835bd 576->591 577->591 623 8083786-8083789 578->623 592 808372a-808372d 579->592 593 80835e3-80835f8 580->593 581->593 600 80834e2-8083501 582->600 583->600 601 80836d9-80836e6 584->601 602 80836d4-80836d7 584->602 603 80836ed 585->603 586->592 587->545 588->545 591->545 592->565 604 808372f 592->604 643 8083600-8083636 593->643 595->550 595->552 595->555 595->556 595->557 595->560 595->561 595->563 595->564 595->565 605 8083a24 595->605 606 8083905-8083913 595->606 607 80839fb-8083a1c 595->607 608 8083952-80839c5 595->608 609 8083a35-8083a3c 595->609 611 8083689 596->611 597->611 614 80836bc-80836c1 598->614 615 8083692-808369c 598->615 638 8083509-8083516 600->638 617 80836e8 601->617 602->617 603->563 604->550 604->552 604->557 604->560 604->564 604->565 604->605 604->606 604->607 604->608 604->609 634 8083a2b-8083a30 605->634 640 808392b-8083932 606->640 641 8083915-808391b 606->641 694 8083a1e call 808bbe8 607->694 695 8083a1e call 808bbf8 607->695 678 80839cb-80839e4 608->678 611->598 622 808374c 612->622 613->622 627 80836ba 614->627 615->586 626 808369e-80836af 615->626 617->603 622->592 623->560 637 808378b 623->637 626->586 635 80836b1-80836b8 626->635 627->568 634->623 635->627 637->550 637->560 637->605 637->606 637->607 637->608 637->609 638->566 646 808351c-8083528 638->646 681 8083937 call 8089e39 640->681 682 8083937 call 8084acc 640->682 683 8083937 call 8089c5f 640->683 684 8083937 call 8089e31 640->684 685 8083937 call 8089d34 640->685 686 8083937 call 8089d64 640->686 687 8083937 call 808a554 640->687 688 8083937 call 8089e35 640->688 647 808391d 641->647 648 808391f-8083921 641->648 643->545 646->545 647->640 648->640 651 808393d-808393f call 808ace9 657 8083945-808394d 651->657 657->623 664->623 667 80838ea 665->667 668 80838ec-80838ee 665->668 667->664 668->664 673 808384b-8083855 671->673 674 8083835-808383b 671->674 673->578 677 808385b-8083864 673->677 675 808383d 674->675 676 808383f-8083841 674->676 675->673 676->673 677->623 678->578 680 80839ea-80839f6 678->680 680->623 681->651 682->651 683->651 684->651 685->651 686->651 687->651 688->651 690->535 691->535 692->535 694->605 695->605
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Teq$Teq$Teq$Teq$Teq$Teq$Teq$Teq$$q$$q$$q$$q
                                      • API String ID: 0-104986846
                                      • Opcode ID: 3398c8961806f555e86e29c84f2f130818a89587a223d67365f9701ada9c3e96
                                      • Instruction ID: 62a4d3b7e72992fe3a13edf069c423a616d09d6e12c9754efb69c278fa3ba479
                                      • Opcode Fuzzy Hash: 3398c8961806f555e86e29c84f2f130818a89587a223d67365f9701ada9c3e96
                                      • Instruction Fuzzy Hash: ABF19474B00218DFEB14AB69D45976DBBE3BFC8B06F158429E542DB384CA74DC82CB91
                                      Function 08084FF5 Relevance: 10.2, Strings: 8, Instructions: 207COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 696 8084ff5 697 8084ff6-8085005 696->697 699 808501d-8085037 697->699 700 8085007-808500d 697->700 704 8085039-8085042 699->704 705 808505a 699->705 701 808500f 700->701 702 8085011-8085013 700->702 701->699 702->699 706 8085049-8085056 704->706 707 8085044-8085047 704->707 708 808505d-8085084 705->708 709 8085058 706->709 707->709 804 8085086 call 80861a0 708->804 805 8085086 call 80861b0 708->805 709->708 712 808508c-8085094 713 8084fe1-8084fe4 712->713 713->697 714 8084fe6 713->714 714->697 715 8085099-808509d 714->715 716 80851e9-80851ee 714->716 717 808517b-808518e 714->717 718 808524d-8085251 714->718 719 808534d-8085361 714->719 720 808511e-8085122 714->720 721 8085200-8085213 714->721 722 8085243-8085248 714->722 723 80851f3-80851fb 714->723 724 8085364-808536d 714->724 725 80852e7-80852eb 714->725 726 808509f-80850a8 715->726 727 80850c0 715->727 716->713 751 8085370-8085376 717->751 752 8085194-80851a9 717->752 732 8085253-808525c 718->732 733 8085274 718->733 728 8085124-808512d 720->728 729 8085145 720->729 757 808522b-8085232 721->757 758 8085215-808521c 721->758 722->713 723->713 730 80852ed-80852f6 725->730 731 808530e 725->731 734 80850aa-80850ad 726->734 735 80850af-80850bc 726->735 743 80850c3-80850c7 727->743 739 808512f-8085132 728->739 740 8085134-8085141 728->740 745 8085148-808516c 729->745 741 80852f8-80852fb 730->741 742 80852fd-808530a 730->742 746 8085311-808532c 731->746 747 808525e-8085261 732->747 748 8085263-8085270 732->748 737 8085277-808527b 733->737 750 80850be 734->750 735->750 753 808527d-8085286 737->753 754 808529e 737->754 759 8085143 739->759 740->759 760 808530c 741->760 742->760 755 80850c9-80850d2 743->755 756 80850ea 743->756 745->751 775 8085172-8085176 745->775 788 8085338-8085342 746->788 789 808532e 746->789 749 8085272 747->749 748->749 749->737 750->743 782 80851bb 752->782 783 80851ab-80851b9 752->783 765 8085288-808528b 753->765 766 808528d-808529a 753->766 769 80852a1-80852ad 754->769 767 80850d9-80850e6 755->767 768 80850d4-80850d7 755->768 770 80850ed-8085119 756->770 757->751 772 8085238-8085241 757->772 758->751 771 8085222 758->771 759->745 760->746 777 808529c 765->777 766->777 778 80850e8 767->778 768->778 791 80852af-80852b5 769->791 792 80852c5-80852d2 769->792 770->713 780 8085226 771->780 772->780 775->713 777->769 778->770 780->713 790 80851bd-80851bf 782->790 783->790 788->751 794 8085344-808534b 788->794 793 8085333 789->793 795 80851d9-80851e2 790->795 796 80851c1-80851c7 790->796 797 80852b9-80852bb 791->797 798 80852b7 791->798 792->751 799 80852d8-80852e2 792->799 793->713 794->793 795->716 801 80851c9 796->801 802 80851cb-80851d7 796->802 797->792 798->792 799->713 801->795 802->795 804->712 805->712
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: fq$ fq$Teq$XXq$$q$$q$$q$$q
                                      • API String ID: 0-3618247764
                                      • Opcode ID: f59b6b8a3edcc8f5951a6c54a6de25ba8adb80f999c71dbaae0afde6a1be58fc
                                      • Instruction ID: 53450956f99824b75eec56eafdecb8d53d357075039d605b0e304d4ab18fce6e
                                      • Opcode Fuzzy Hash: f59b6b8a3edcc8f5951a6c54a6de25ba8adb80f999c71dbaae0afde6a1be58fc
                                      • Instruction Fuzzy Hash: E4718530E04218DFDB649B98E945BADB7B3EB45313F18416AE482AB291C7309CC2CF55
                                      Function 08084FDC Relevance: 10.2, Strings: 8, Instructions: 202COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 806 8084fdc 807 8084fe1-8084fe4 806->807 808 8084ff6-8085005 807->808 809 8084fe6 807->809 843 808501d-8085037 808->843 844 8085007-808500d 808->844 809->808 810 8085099-808509d 809->810 811 80851e9-80851ee 809->811 812 808517b-808518e 809->812 813 808524d-8085251 809->813 814 808534d-8085361 809->814 815 808511e-8085122 809->815 816 8085200-8085213 809->816 817 8085243-8085248 809->817 818 80851f3-80851fb 809->818 819 8085364-808536d 809->819 820 80852e7-80852eb 809->820 821 808509f-80850a8 810->821 822 80850c0 810->822 811->807 849 8085370-8085376 812->849 850 8085194-80851a9 812->850 828 8085253-808525c 813->828 829 8085274 813->829 823 8085124-808512d 815->823 824 8085145 815->824 857 808522b-8085232 816->857 858 8085215-808521c 816->858 817->807 818->807 825 80852ed-80852f6 820->825 826 808530e 820->826 830 80850aa-80850ad 821->830 831 80850af-80850bc 821->831 839 80850c3-80850c7 822->839 835 808512f-8085132 823->835 836 8085134-8085141 823->836 841 8085148-808516c 824->841 837 80852f8-80852fb 825->837 838 80852fd-808530a 825->838 842 8085311-808532c 826->842 845 808525e-8085261 828->845 846 8085263-8085270 828->846 833 8085277-808527b 829->833 848 80850be 830->848 831->848 851 808527d-8085286 833->851 852 808529e 833->852 859 8085143 835->859 836->859 860 808530c 837->860 838->860 853 80850c9-80850d2 839->853 854 80850ea 839->854 841->849 876 8085172-8085176 841->876 894 8085338-8085342 842->894 895 808532e 842->895 881 8085039-8085042 843->881 882 808505a 843->882 855 808500f 844->855 856 8085011-8085013 844->856 847 8085272 845->847 846->847 847->833 848->839 885 80851bb 850->885 886 80851ab-80851b9 850->886 865 8085288-808528b 851->865 866 808528d-808529a 851->866 869 80852a1-80852ad 852->869 867 80850d9-80850e6 853->867 868 80850d4-80850d7 853->868 870 80850ed-8085119 854->870 855->843 856->843 857->849 873 8085238-8085241 857->873 858->849 872 8085222 858->872 859->841 860->842 878 808529c 865->878 866->878 879 80850e8 867->879 868->879 897 80852af-80852b5 869->897 898 80852c5-80852d2 869->898 870->807 883 8085226 872->883 873->883 876->807 878->869 879->870 891 8085049-8085056 881->891 892 8085044-8085047 881->892 893 808505d-8085084 882->893 883->807 896 80851bd-80851bf 885->896 886->896 899 8085058 891->899 892->899 914 8085086 call 80861a0 893->914 915 8085086 call 80861b0 893->915 894->849 901 8085344-808534b 894->901 900 8085333 895->900 902 80851d9-80851e2 896->902 903 80851c1-80851c7 896->903 904 80852b9-80852bb 897->904 905 80852b7 897->905 898->849 906 80852d8-80852e2 898->906 899->893 900->807 901->900 902->811 910 80851c9 903->910 911 80851cb-80851d7 903->911 904->898 905->898 906->807 910->902 911->902 912 808508c-8085094 912->807 914->912 915->912
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: fq$ fq$Teq$XXq$$q$$q$$q$$q
                                      • API String ID: 0-3618247764
                                      • Opcode ID: 9c04721374788a2795dd40a5627814ab9b2121a80a3abeaca7dc5a38d1f6adbf
                                      • Instruction ID: b863732aca7cb1f0d93a34f0fd79580056f12abcb080ba93024e500f246c6671
                                      • Opcode Fuzzy Hash: 9c04721374788a2795dd40a5627814ab9b2121a80a3abeaca7dc5a38d1f6adbf
                                      • Instruction Fuzzy Hash: D1716330E04218DFDB64AB98D945BADB7B3EB45313F19416AE982AB291C7309CC2CF55
                                      Function 08088B50 Relevance: 7.7, Strings: 6, Instructions: 207COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 916 8088b50-8088b80 917 8088ba2-8088ba7 916->917 918 8088b82-8088b85 916->918 917->918 919 8088b8e-8088ba0 918->919 920 8088b87 918->920 919->918 920->917 920->919 921 8088ba9 920->921 922 8088c6d-8088c72 920->922 923 8088bee-8088bf0 920->923 924 8088caf-8088cb3 920->924 925 8088d8f-8088d94 920->925 926 8088d23-8088d25 920->926 927 8088bc5-8088bc8 920->927 928 8088d78-8088d7c 920->928 929 8088c38-8088c42 920->929 930 8088d99-8088dbf 920->930 931 8088d19-8088d1e 920->931 932 8088c1a-8088c21 920->932 933 8088cfe-8088d05 920->933 934 8088bbe-8088bc3 920->934 935 8088cdf-8088ce9 920->935 936 8088df4-8088dfd 920->936 937 8088c77-8088c8d 920->937 954 8088bac-8088bae 921->954 922->918 944 8088c0e 923->944 945 8088bf2-8088bf8 923->945 950 8088cd4 924->950 951 8088cb5-8088cbe 924->951 925->918 940 8088d43 926->940 941 8088d27-8088d2d 926->941 942 8088e0c 927->942 943 8088bce-8088bd8 927->943 946 8088d88-8088d8d 928->946 947 8088d7e 928->947 939 8088e11-8088e2a 929->939 949 8088c48-8088c59 929->949 986 8088dc1 930->986 987 8088dc4-8088dce 930->987 931->918 932->939 948 8088c27-8088c33 932->948 938 8088d0b-8088d14 933->938 933->939 934->918 935->939 955 8088cef-8088cf9 935->955 936->942 952 8088dff-8088e07 936->952 937->954 978 8088c93-8088c9d 937->978 938->918 959 8088d45-8088d64 940->959 956 8088d2f-8088d31 941->956 957 8088d33-8088d3f 941->957 942->939 943->939 958 8088bde-8088be7 943->958 960 8088c10-8088c11 944->960 961 8088bfa-8088bfc 945->961 962 8088bfe-8088c0a 945->962 946->925 963 8088d83 946->963 947->963 948->918 949->939 965 8088c5f-8088c68 949->965 967 8088cd7-8088cde 950->967 968 8088cc0-8088cc3 951->968 969 8088cc5-8088cc8 951->969 952->918 970 8088bb0 954->970 971 8088bb7-8088bbc 954->971 955->918 974 8088d41 956->974 957->974 975 8088be9 958->975 976 8088bec 958->976 959->939 985 8088d6a-8088d73 959->985 960->932 977 8088c0c 961->977 962->977 963->918 965->918 979 8088cd2 968->979 969->979 973 8088bb5 970->973 971->934 971->973 973->918 974->959 975->976 976->918 977->960 978->939 984 8088ca3-8088caa 978->984 979->967 984->918 985->918 986->987 988 8088dd0-8088dd2 987->988 989 8088dd4 987->989 990 8088dd7-8088de9 988->990 989->990 990->939 992 8088deb-8088def 990->992 992->918
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: LRq$LRq$LRq$LRq$$q$$q
                                      • API String ID: 0-108259318
                                      • Opcode ID: 0a90da0d2ac666be64bed850c3d7480573d045c50781c191c03635badf255f73
                                      • Instruction ID: 3fb6f71d773433978b6a03d6c8039a7dee18f8ffcf2c20fac1c4bdd16ef52505
                                      • Opcode Fuzzy Hash: 0a90da0d2ac666be64bed850c3d7480573d045c50781c191c03635badf255f73
                                      • Instruction Fuzzy Hash: CF718C71A04218CFD714AFADC4447ADBBF3EB85313F88C17AE496AB292C6349D80CB55
                                      Function 08083C30 Relevance: 7.7, Strings: 6, Instructions: 156COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 993 8083c30-8083c3a 994 8083c5c-8083c8e 993->994 997 8083c96 994->997 998 8083c98-8083c9d 997->998 999 8083c3c-8083c3f 998->999 1000 8083c48-8083c5a 999->1000 1001 8083c41 999->1001 1000->999 1001->994 1001->998 1001->1000 1002 8083c9f-8083cc6 1001->1002 1006 8083cc8-8083cd6 1002->1006 1007 8083cf9-8083d2d 1002->1007 1006->1007 1008 8083cd8-8083ceb 1006->1008 1011 8083d2f-8083d41 1007->1011 1012 8083cb3 1007->1012 1008->1007 1009 8083ced-8083cf8 1008->1009 1015 8083d63-8083d72 1011->1015 1013 8083c40-8083c41 1012->1013 1014 8083cb5-8083cc6 1012->1014 1013->994 1013->998 1013->1000 1013->1002 1014->1006 1014->1007 1016 8083d78-8083d7f 1015->1016 1017 8083d74 1015->1017 1019 8083e2f-8083e42 1016->1019 1020 8083d85-8083d94 1016->1020 1018 8083d76 1017->1018 1021 8083d43-8083d46 1018->1021 1020->1018 1023 8083d48 1021->1023 1024 8083d4f-8083d61 1021->1024 1023->1015 1023->1024 1025 8083e1a-8083e2e 1023->1025 1026 8083de5-8083de7 1023->1026 1027 8083d96-8083dd5 1023->1027 1024->1021 1029 8083de9-8083def 1026->1029 1030 8083e03 1026->1030 1027->1019 1041 8083dd7-8083de0 1027->1041 1031 8083df1-8083df3 1029->1031 1032 8083df5-8083df7 1029->1032 1033 8083e05-8083e15 1030->1033 1036 8083e01 1031->1036 1032->1036 1033->1021 1036->1033 1041->1021
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 8q$8q$8q$LRq$LRq$$q
                                      • API String ID: 0-2554755
                                      • Opcode ID: 13d44a9f4c40569cd1f2d14c532dfce0fc17abbf963bc91f200a725352813ce2
                                      • Instruction ID: 17af51a4ac25bbe32a0b3cc2580192e290b463c1c7543e4a715080fb5b664cd6
                                      • Opcode Fuzzy Hash: 13d44a9f4c40569cd1f2d14c532dfce0fc17abbf963bc91f200a725352813ce2
                                      • Instruction Fuzzy Hash: 43515630608394DFD716662DA81536A7FD7AFC2A03F1584BED4C5CB3C6CA388882C792
                                      Function 08088B4C Relevance: 3.9, Strings: 3, Instructions: 178COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1042 8088b4c-8088b80 1043 8088ba2-8088ba7 1042->1043 1044 8088b82-8088b85 1043->1044 1045 8088b8e-8088ba0 1044->1045 1046 8088b87 1044->1046 1045->1044 1046->1043 1046->1045 1047 8088ba9 1046->1047 1048 8088c6d-8088c72 1046->1048 1049 8088bee-8088bf0 1046->1049 1050 8088caf-8088cb3 1046->1050 1051 8088d8f-8088d94 1046->1051 1052 8088d23-8088d25 1046->1052 1053 8088bc5-8088bc8 1046->1053 1054 8088d78-8088d7c 1046->1054 1055 8088c38-8088c42 1046->1055 1056 8088d99-8088dbf 1046->1056 1057 8088d19-8088d1e 1046->1057 1058 8088c1a-8088c21 1046->1058 1059 8088cfe-8088d05 1046->1059 1060 8088bbe-8088bc3 1046->1060 1061 8088cdf-8088ce9 1046->1061 1062 8088df4-8088dfd 1046->1062 1063 8088c77-8088c8d 1046->1063 1080 8088bac-8088bae 1047->1080 1048->1044 1070 8088c0e 1049->1070 1071 8088bf2-8088bf8 1049->1071 1076 8088cd4 1050->1076 1077 8088cb5-8088cbe 1050->1077 1051->1044 1066 8088d43 1052->1066 1067 8088d27-8088d2d 1052->1067 1068 8088e0c 1053->1068 1069 8088bce-8088bd8 1053->1069 1072 8088d88-8088d8d 1054->1072 1073 8088d7e 1054->1073 1065 8088e11-8088e2a 1055->1065 1075 8088c48-8088c59 1055->1075 1112 8088dc1 1056->1112 1113 8088dc4-8088dce 1056->1113 1057->1044 1058->1065 1074 8088c27-8088c33 1058->1074 1064 8088d0b-8088d14 1059->1064 1059->1065 1060->1044 1061->1065 1081 8088cef-8088cf9 1061->1081 1062->1068 1078 8088dff-8088e07 1062->1078 1063->1080 1104 8088c93-8088c9d 1063->1104 1064->1044 1085 8088d45-8088d64 1066->1085 1082 8088d2f-8088d31 1067->1082 1083 8088d33-8088d3f 1067->1083 1068->1065 1069->1065 1084 8088bde-8088be7 1069->1084 1086 8088c10-8088c11 1070->1086 1087 8088bfa-8088bfc 1071->1087 1088 8088bfe-8088c0a 1071->1088 1072->1051 1089 8088d83 1072->1089 1073->1089 1074->1044 1075->1065 1091 8088c5f-8088c68 1075->1091 1093 8088cd7-8088cde 1076->1093 1094 8088cc0-8088cc3 1077->1094 1095 8088cc5-8088cc8 1077->1095 1078->1044 1096 8088bb0 1080->1096 1097 8088bb7-8088bbc 1080->1097 1081->1044 1100 8088d41 1082->1100 1083->1100 1101 8088be9 1084->1101 1102 8088bec 1084->1102 1085->1065 1111 8088d6a-8088d73 1085->1111 1086->1058 1103 8088c0c 1087->1103 1088->1103 1089->1044 1091->1044 1105 8088cd2 1094->1105 1095->1105 1099 8088bb5 1096->1099 1097->1060 1097->1099 1099->1044 1100->1085 1101->1102 1102->1044 1103->1086 1104->1065 1110 8088ca3-8088caa 1104->1110 1105->1093 1110->1044 1111->1044 1112->1113 1114 8088dd0-8088dd2 1113->1114 1115 8088dd4 1113->1115 1116 8088dd7-8088de9 1114->1116 1115->1116 1116->1065 1118 8088deb-8088def 1116->1118 1118->1044
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: LRq$LRq$$q
                                      • API String ID: 0-3129049701
                                      • Opcode ID: 03ccb8c9d90da510d799969a0d75d9b84f5b1d4681c0764bd35e6398735f777c
                                      • Instruction ID: b680c755b3da58958dc42b557e9f721d9cb3ebe1eb6150273ae124e8ac6b5ddf
                                      • Opcode Fuzzy Hash: 03ccb8c9d90da510d799969a0d75d9b84f5b1d4681c0764bd35e6398735f777c
                                      • Instruction Fuzzy Hash: 05616C71A05218CFD754AFACC844BBDB7F3EB85353F89C17AE495AB292D23489C08B51
                                      Function 08083707 Relevance: 2.7, Strings: 2, Instructions: 206COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1141 8083707-808370e 1142 8083710-8083725 1141->1142 1143 8083705 1141->1143 1145 808372a-808372d 1142->1145 1143->1142 1146 808372f 1145->1146 1147 8083736-8083745 1145->1147 1146->1147 1148 8083779 1146->1148 1149 8083869-80838e0 1146->1149 1150 808376a-8083771 1146->1150 1151 808379b-8083828 1146->1151 1152 80839fb-8083a1c 1146->1152 1153 8083952-80839c5 1146->1153 1154 8083a24 1146->1154 1155 8083755-8083762 1146->1155 1156 8083905-8083913 1146->1156 1157 8083a35-8083a3c 1146->1157 1168 808374e-8083753 1147->1168 1169 8083747 1147->1169 1158 808377c-8083781 1148->1158 1197 80838f8-8083900 1149->1197 1198 80838e2-80838e8 1149->1198 1150->1158 1159 8083773-8083777 1150->1159 1204 8083831-8083833 1151->1204 1213 8083a1e call 808bbe8 1152->1213 1214 8083a1e call 808bbf8 1152->1214 1203 80839cb-80839e4 1153->1203 1162 8083a2b-8083a30 1154->1162 1155->1150 1172 808392b-8083932 1156->1172 1173 8083915-808391b 1156->1173 1171 8083786-8083789 1158->1171 1159->1145 1162->1171 1170 808374c 1168->1170 1169->1170 1170->1145 1171->1151 1181 808378b 1171->1181 1215 8083937 call 8089e39 1172->1215 1216 8083937 call 8084acc 1172->1216 1217 8083937 call 8089c5f 1172->1217 1218 8083937 call 8089e31 1172->1218 1219 8083937 call 8089d34 1172->1219 1220 8083937 call 8089d64 1172->1220 1221 8083937 call 808a554 1172->1221 1222 8083937 call 8089e35 1172->1222 1179 808391d 1173->1179 1180 808391f-8083921 1173->1180 1179->1172 1180->1172 1181->1149 1181->1151 1181->1152 1181->1153 1181->1154 1181->1156 1181->1157 1182 808393d-808393f call 808ace9 1187 8083945-808394d 1182->1187 1187->1171 1197->1171 1200 80838ea 1198->1200 1201 80838ec-80838ee 1198->1201 1200->1197 1201->1197 1203->1158 1211 80839ea-80839f6 1203->1211 1205 808384b-8083855 1204->1205 1206 8083835-808383b 1204->1206 1205->1158 1209 808385b-8083864 1205->1209 1207 808383d 1206->1207 1208 808383f-8083841 1206->1208 1207->1205 1208->1205 1209->1171 1211->1171 1213->1154 1214->1154 1215->1182 1216->1182 1217->1182 1218->1182 1219->1182 1220->1182 1221->1182 1222->1182
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $q$$q
                                      • API String ID: 0-3126353813
                                      • Opcode ID: 042050248628d7e1d639b30ca76ebcaf2ceb7b5300e604e5de79ebf3da1086f8
                                      • Instruction ID: f0a8423d20ccc9ae08694421eb71d1cb9a62303bdc2128e4ba8e952dceaec13f
                                      • Opcode Fuzzy Hash: 042050248628d7e1d639b30ca76ebcaf2ceb7b5300e604e5de79ebf3da1086f8
                                      • Instruction Fuzzy Hash: FD719274B00214DFDB24AB64E819B6D7BA3FFC4B46F158529F642DB384CA74C882CB91
                                      Function 08083792 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1332 8083792-8083799 1333 808379b-8083828 1332->1333 1334 8083781 1332->1334 1375 8083831-8083833 1333->1375 1335 8083786-8083789 1334->1335 1335->1333 1337 808378b 1335->1337 1337->1333 1338 8083869-80838e0 1337->1338 1339 80839fb-8083a1c 1337->1339 1340 8083952-80839c5 1337->1340 1341 8083a24 1337->1341 1342 8083905-8083913 1337->1342 1343 8083a35-8083a3c 1337->1343 1373 80838f8-8083900 1338->1373 1374 80838e2-80838e8 1338->1374 1397 8083a1e call 808bbe8 1339->1397 1398 8083a1e call 808bbf8 1339->1398 1385 80839cb-80839e4 1340->1385 1345 8083a2b-8083a30 1341->1345 1351 808392b-8083932 1342->1351 1352 8083915-808391b 1342->1352 1345->1335 1388 8083937 call 8089e39 1351->1388 1389 8083937 call 8084acc 1351->1389 1390 8083937 call 8089c5f 1351->1390 1391 8083937 call 8089e31 1351->1391 1392 8083937 call 8089d34 1351->1392 1393 8083937 call 8089d64 1351->1393 1394 8083937 call 808a554 1351->1394 1395 8083937 call 8089e35 1351->1395 1356 808391d 1352->1356 1357 808391f-8083921 1352->1357 1356->1351 1357->1351 1358 808393d-808393f call 808ace9 1363 8083945-808394d 1358->1363 1363->1335 1373->1335 1377 80838ea 1374->1377 1378 80838ec-80838ee 1374->1378 1379 808384b-8083855 1375->1379 1380 8083835-808383b 1375->1380 1377->1373 1378->1373 1383 808385b-8083864 1379->1383 1384 808377c 1379->1384 1381 808383d 1380->1381 1382 808383f-8083841 1380->1382 1381->1379 1382->1379 1383->1335 1384->1334 1385->1384 1387 80839ea-80839f6 1385->1387 1387->1335 1388->1358 1389->1358 1390->1358 1391->1358 1392->1358 1393->1358 1394->1358 1395->1358 1397->1341 1398->1341
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: $q$$q
                                      • API String ID: 0-3126353813
                                      • Opcode ID: 0aa266a36827542d25b26c1ca67288a928adbaed64c36eaa67f8a54a82f9b5e9
                                      • Instruction ID: 5ce6cbd1fcccce474f6faeb41a301e02f595ec3e8e4b856cb00dd8a4b2c85046
                                      • Opcode Fuzzy Hash: 0aa266a36827542d25b26c1ca67288a928adbaed64c36eaa67f8a54a82f9b5e9
                                      • Instruction Fuzzy Hash: 5751A534B01214EFD714AB74E819B6D7BA3EFC4745F158529FA11DB384CA748C42CB91
                                      Function 0808E450 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1399 808e450-808e473 1400 808e47a-808e5b5 call 808e428 1399->1400 1401 808e475 1399->1401 1412 808e590-808e591 1400->1412 1413 808e4c5-808e4ca 1400->1413 1401->1400 1412->1413 1415 808e4cc-808e4cd 1413->1415 1416 808e4ee-808e556 1413->1416 1415->1416 1420 808e662-808e66c 1416->1420 1424 808e648-808e65c 1420->1424 1425 808e511-808e635 1420->1425 1424->1420 1432 808e63d-808e647 1425->1432
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Teq$Teq
                                      • API String ID: 0-2938103587
                                      • Opcode ID: 39279552e629e2407c7de886effdb2a2f4c7e98d30d55ca3ee7a876f8df9b07f
                                      • Instruction ID: 025c948c39a43bc82e3bdd974bcabfcd624f5360482e1bb92661301675014675
                                      • Opcode Fuzzy Hash: 39279552e629e2407c7de886effdb2a2f4c7e98d30d55ca3ee7a876f8df9b07f
                                      • Instruction Fuzzy Hash: D461D4B4E04208CFDB04DFA9D844AEEBBB6FF88305F149029E919AB355DB705945CF50
                                      Function 08085D10 Relevance: 2.6, Strings: 2, Instructions: 94COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1433 8085d10-8085d33 1434 8085d38-8085d3b 1433->1434 1436 8085d3d 1434->1436 1437 8085d44-8085d50 1434->1437 1436->1437 1438 8085e29-8085e30 1436->1438 1439 8085ddb-8085de7 1436->1439 1440 8085d5c-8085d6f 1436->1440 1441 8085ded 1436->1441 1442 8085dae-8085db3 1436->1442 1443 8085dbf-8085dd6 1436->1443 1444 8085df0 1436->1444 1445 8085d93-8085d9a 1436->1445 1446 8085db5-8085dba 1436->1446 1447 8085df7-8085dfc 1436->1447 1448 8085e33-8085e42 1437->1448 1449 8085d56-8085d5a 1437->1449 1439->1441 1453 8085d78-8085d7f 1440->1453 1454 8085d71 1440->1454 1441->1444 1450 8085d91 1442->1450 1443->1434 1444->1447 1445->1448 1455 8085da0-8085dac 1445->1455 1446->1434 1451 8085dfe 1447->1451 1452 8085e01-8085e0e 1447->1452 1449->1434 1450->1434 1451->1452 1458 8085e10-8085e14 1452->1458 1459 8085e22-8085e27 1452->1459 1453->1448 1460 8085d85-8085d8c 1453->1460 1454->1442 1454->1445 1454->1450 1455->1450 1458->1448 1461 8085e16-8085e1a 1458->1461 1459->1438 1462 8085e1d 1459->1462 1460->1450 1461->1462 1462->1434
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: l.q$l.q
                                      • API String ID: 0-1956521479
                                      • Opcode ID: 78cbee520b31c4b1432e647d8d29e428a485385bce5c379e5a7228a17761d6bd
                                      • Instruction ID: b12a3d9c5a884cced2a0ca6ae238f39e2c8246e98bed329c653f8b7670259971
                                      • Opcode Fuzzy Hash: 78cbee520b31c4b1432e647d8d29e428a485385bce5c379e5a7228a17761d6bd
                                      • Instruction Fuzzy Hash: EB31C831A05644CFC7159F2CCC456AEBBF2EF06312F44496AE8A5D73A1D334D891CB51
                                      Function 08087180 Relevance: 2.6, Strings: 2, Instructions: 70COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1463 8087180-80871a6 1464 80871ab-80871ae 1463->1464 1465 80871b0 1464->1465 1466 80871b7-808724c 1464->1466 1465->1466 1467 808723c-8087241 1465->1467 1468 808720d 1465->1468 1469 80871dd-80871e3 1465->1469 1470 8087210-8087215 1465->1470 1471 8087232-8087237 1465->1471 1472 80871d3-80871db 1465->1472 1473 80871c4-80871c6 call 80875d9 1465->1473 1474 8087217-808722a 1465->1474 1466->1469 1468->1470 1476 80871ed-8087202 1469->1476 1470->1464 1471->1464 1472->1464 1479 80871cc-80871d1 1473->1479 1474->1471 1482 808724e-8087256 1476->1482 1483 8087204-808720b 1476->1483 1479->1464 1483->1464
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Hq$Hq
                                      • API String ID: 0-925789375
                                      • Opcode ID: f7b976b2c007cd56c7377cb0d8013fa1b6a762b72248070be61ca750b04a0dd0
                                      • Instruction ID: 14c328b6daa37a37b6f672cbbe1d638cd5d7c0a2ac019e0a885b31e45c4ad356
                                      • Opcode Fuzzy Hash: f7b976b2c007cd56c7377cb0d8013fa1b6a762b72248070be61ca750b04a0dd0
                                      • Instruction Fuzzy Hash: E221D870608390DFE722966CED54B6A7FB5EB85311F14046AF086CB696C2789D85C711
                                      Function 069F51FD Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 069F543E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: CreateProcess
                                      • String ID:
                                      • API String ID: 963392458-0
                                      • Opcode ID: 67a854452867b9ab89163996637b2fc67d6acee3a9ec10de04c4619aa83832a5
                                      • Instruction ID: 350d3261fdea0b74e0c50aff7959baa70b8289710b8852547cb837fe1414e3da
                                      • Opcode Fuzzy Hash: 67a854452867b9ab89163996637b2fc67d6acee3a9ec10de04c4619aa83832a5
                                      • Instruction Fuzzy Hash: B6A19C71D10719CFEB60CFA8C840BEDBBB2BF48310F1685A9D909A7240DB749981CF91
                                      Function 069F5208 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 069F543E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: CreateProcess
                                      • String ID:
                                      • API String ID: 963392458-0
                                      • Opcode ID: ce54caa3fff06e0b79db1cc723789c55ddc6bae8301343ca06af6b58eb78d38a
                                      • Instruction ID: 55b93a44a35abda52f3b3b1e78326b102cecb9c5df5f92c67adc388dce364f0b
                                      • Opcode Fuzzy Hash: ce54caa3fff06e0b79db1cc723789c55ddc6bae8301343ca06af6b58eb78d38a
                                      • Instruction Fuzzy Hash: 7E919C71D10719CFEB64CFA8C840BEDBBB2BF48310F1681A9E919A7640DB749985CF91
                                      Function 04B744B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateActCtxA.KERNEL32(?), ref: 04B759C9
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1231705458.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4b70000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: 0889c9419686f1edcf8793f35a1ab0d9aaf3694960218d94ffe10a0f58bf201f
                                      • Instruction ID: 9d0d66ea40cfea98920b883cb0a29884e06bd0bc4ae571f80226c7259deaaa7d
                                      • Opcode Fuzzy Hash: 0889c9419686f1edcf8793f35a1ab0d9aaf3694960218d94ffe10a0f58bf201f
                                      • Instruction Fuzzy Hash: 2041E071D00719DBEB24DFA9C84478DBBF1FF49304F20806AD418AB251DB756946CF90
                                      Function 04B7590D Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateActCtxA.KERNEL32(?), ref: 04B759C9
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1231705458.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4b70000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: 3acb846924e0770b337f860d0fff0ac8f3b18126ee220ff0d507b0aeb0e0778e
                                      • Instruction ID: 1c4af992f72310d35b3a0da0a012ba33759e1c9c3a2e803e125b311b331be04a
                                      • Opcode Fuzzy Hash: 3acb846924e0770b337f860d0fff0ac8f3b18126ee220ff0d507b0aeb0e0778e
                                      • Instruction Fuzzy Hash: 3341EFB1D00719CBEB24DFA9C88478DBBF2BF49304F2081AAD418AB261DB756946CF40
                                      Function 068F52A0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                      Download Yara Rule
                                      APIs
                                      • DrawTextExW.USER32(?,?,?,?,?,?), ref: 068F523F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232635150.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: DrawText
                                      • String ID:
                                      • API String ID: 2175133113-0
                                      • Opcode ID: 02cbf47a6df8295c1270ff34cf2db256c48250b29d8953b2af1283f82d12d1d8
                                      • Instruction ID: 077ee6cdd2a597c6d997f1299ce5436d3d3f9047fe46880b1e5705c1a6c3d706
                                      • Opcode Fuzzy Hash: 02cbf47a6df8295c1270ff34cf2db256c48250b29d8953b2af1283f82d12d1d8
                                      • Instruction Fuzzy Hash: 7D214771D247405FD7308BAED8047AEFFE49F6A324F08816EE349C7542C275954ACB62
                                      Function 04B7D751 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                      Download Yara Rule
                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,04B7D656,?,?,?,?,?), ref: 04B7D717
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1231705458.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4b70000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: 3ddb7678af5b1b620f42e1cc0fac3f6f82887dabebac67096f727cddd53fbdeb
                                      • Instruction ID: bf18bc80bdf0a808173a754fcad3bdb62868bd6ba52999e93f19cde18b851fbb
                                      • Opcode Fuzzy Hash: 3ddb7678af5b1b620f42e1cc0fac3f6f82887dabebac67096f727cddd53fbdeb
                                      • Instruction Fuzzy Hash: CB317E78A403848FE304DF65E4447797BB2EBC8322F51856AE9129B3D5CABD4C45CB21
                                      Function 068F5160 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                      Download Yara Rule
                                      APIs
                                      • DrawTextExW.USER32(?,?,?,?,?,?), ref: 068F523F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232635150.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: DrawText
                                      • String ID:
                                      • API String ID: 2175133113-0
                                      • Opcode ID: 32a54966f4978859d083f3a6c4d13d37eea37a3cd52b16d169986d5471e4a090
                                      • Instruction ID: bcdb1fb6c86f884d6d22d3c203a05b4659d1df380f420b6fb2fb2250366ef035
                                      • Opcode Fuzzy Hash: 32a54966f4978859d083f3a6c4d13d37eea37a3cd52b16d169986d5471e4a090
                                      • Instruction Fuzzy Hash: 43216B769003499FDB11CFA9D840AAEBBF5EF58310F14841AEA55E7211C331E555CFA1
                                      Function 069F4F78 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 069F5010
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: MemoryProcessWrite
                                      • String ID:
                                      • API String ID: 3559483778-0
                                      • Opcode ID: b8947a87f3c70dad0f39d9a6cd4bdf6aeb3b397ba3faea48e5c13012e7ac2c66
                                      • Instruction ID: 5ca4bf67fbf001d930434537c680b937a76f377d1749bb7e287e9946b14411b5
                                      • Opcode Fuzzy Hash: b8947a87f3c70dad0f39d9a6cd4bdf6aeb3b397ba3faea48e5c13012e7ac2c66
                                      • Instruction Fuzzy Hash: 6A212475D103499FDB20CFA9C881BEEBBF1FF48314F14842AE959A7240C7799941CBA0
                                      Function 068F51A0 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                      Download Yara Rule
                                      APIs
                                      • DrawTextExW.USER32(?,?,?,?,?,?), ref: 068F523F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232635150.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: DrawText
                                      • String ID:
                                      • API String ID: 2175133113-0
                                      • Opcode ID: 9b0056dde8e6d4c5c16f05c8b2aeef2cfcd711d2904a27bd1dba8158314fdb19
                                      • Instruction ID: 9ac269a79f78def7982cb8184ca28e1c31a287a766727d9fc3313fd585e0c152
                                      • Opcode Fuzzy Hash: 9b0056dde8e6d4c5c16f05c8b2aeef2cfcd711d2904a27bd1dba8158314fdb19
                                      • Instruction Fuzzy Hash: 2031DFB5D103099FDB10CF99D880AAEBBF5FF58320F24842AE919A7210D775A945CFA1
                                      Function 068F51A8 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                      Download Yara Rule
                                      APIs
                                      • DrawTextExW.USER32(?,?,?,?,?,?), ref: 068F523F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232635150.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: DrawText
                                      • String ID:
                                      • API String ID: 2175133113-0
                                      • Opcode ID: 7a4862bb0e1409e9b82f536cd400a9ece32408f989ae2de6b1ecfb3a900fe19f
                                      • Instruction ID: 8bda68f5245e160a2ea1861fc3b44340f8147a447dadad537c85d7ded5cf42fa
                                      • Opcode Fuzzy Hash: 7a4862bb0e1409e9b82f536cd400a9ece32408f989ae2de6b1ecfb3a900fe19f
                                      • Instruction Fuzzy Hash: 0E21EEB5D003099FDB10CF9AD884A9EFBF5FB58320F14842AEA19A7210D775A944CFA1
                                      Function 069F4F80 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 069F5010
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: MemoryProcessWrite
                                      • String ID:
                                      • API String ID: 3559483778-0
                                      • Opcode ID: b81975fe2e9015df3e602afaa489eb9865b86d21de6bcc92a5196c7fd4795d1a
                                      • Instruction ID: f0255966b762d0e27e13a25df3e998dfb5380e3ca8c1ba48b444f876c1ed094c
                                      • Opcode Fuzzy Hash: b81975fe2e9015df3e602afaa489eb9865b86d21de6bcc92a5196c7fd4795d1a
                                      • Instruction Fuzzy Hash: 30216671D003099FDB10CFAAC881BDEBBF5FF48310F50842AE919A7240C7799940CBA0
                                      Function 069F4DE0 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 069F4E66
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: ContextThreadWow64
                                      • String ID:
                                      • API String ID: 983334009-0
                                      • Opcode ID: 2c2b72f01c2591d118ba91b648bd23326d2088a1a49488b47ef9c60cd657acb8
                                      • Instruction ID: ca5478acb9a642ef3fa7302f45f59ae629b5972ffe8d05e43a8fa216bea65c15
                                      • Opcode Fuzzy Hash: 2c2b72f01c2591d118ba91b648bd23326d2088a1a49488b47ef9c60cd657acb8
                                      • Instruction Fuzzy Hash: 48213471D003498FDB10DFAAC485BEEBBF4AF48224F64842AD569A7641CB789945CFA0
                                      Function 069F506C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                      Download Yara Rule
                                      APIs
                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 069F50F0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: MemoryProcessRead
                                      • String ID:
                                      • API String ID: 1726664587-0
                                      • Opcode ID: 997135c6942711c48c1b92327ffc35fe421051c483cd37d7c8d0fab97b9e673d
                                      • Instruction ID: ed5fa037d98804c0d010072974028f3d790cdbe483f17a062ce5b18ab2258e7b
                                      • Opcode Fuzzy Hash: 997135c6942711c48c1b92327ffc35fe421051c483cd37d7c8d0fab97b9e673d
                                      • Instruction Fuzzy Hash: 0E212271C003499FDB10DFAAC881BEEBBF5FF48310F51842AE919A7240C7799901CBA0
                                      Function 04B7D27C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                      Download Yara Rule
                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,04B7D656,?,?,?,?,?), ref: 04B7D717
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1231705458.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4b70000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: ab455056b7bd95534671d89f7673978623e77a6a8cf3c7f673921a100a883805
                                      • Instruction ID: a9dc94637a401c26668b0cdcf5d37048acc10c766066a64800572f50ad1fceee
                                      • Opcode Fuzzy Hash: ab455056b7bd95534671d89f7673978623e77a6a8cf3c7f673921a100a883805
                                      • Instruction Fuzzy Hash: FA2105B5D00348AFDB10CF9AD884ADEBBF9EB48310F14805AE928B3310D375A940CFA5
                                      Function 069F5070 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                      Download Yara Rule
                                      APIs
                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 069F50F0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: MemoryProcessRead
                                      • String ID:
                                      • API String ID: 1726664587-0
                                      • Opcode ID: b51150771a944f84bdbf0a336b5fdcc479a630a97225c3faa2bb8683af7a62e8
                                      • Instruction ID: 126ec9e1675e5fc1b6493975782ba1806a069afa3f2a46345aa42c0c0f4859f0
                                      • Opcode Fuzzy Hash: b51150771a944f84bdbf0a336b5fdcc479a630a97225c3faa2bb8683af7a62e8
                                      • Instruction Fuzzy Hash: 47212571D003499FDB10DFAAC881BEEBBF5FF48310F51842AE919A7240C779A901CBA4
                                      Function 069F4DE8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 069F4E66
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: ContextThreadWow64
                                      • String ID:
                                      • API String ID: 983334009-0
                                      • Opcode ID: 11ffd4e6570c2d49d05c868fe0a018e7e7f58d40504e28759cc024151ed99b5c
                                      • Instruction ID: 2ffd7b03ae9a641e877d5cdce85f96941a7b57f24a206f0c4acb798f64e01fec
                                      • Opcode Fuzzy Hash: 11ffd4e6570c2d49d05c868fe0a018e7e7f58d40504e28759cc024151ed99b5c
                                      • Instruction Fuzzy Hash: 67213571D103098FDB10DFAAC485BEEBBF4EF48324F55842AD529A7241CB78A945CFA4
                                      Function 04B7D68F Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                      Download Yara Rule
                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,04B7D656,?,?,?,?,?), ref: 04B7D717
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1231705458.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4b70000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: 0a88a1ceb530e92ba37672c48bfabcc3893f5b3e9db1df72bb169ca29b2d8133
                                      • Instruction ID: 7f482c609ffdf19a9244dab44f9b07e7a896c4c1f3f65605c52d2dd7035496b8
                                      • Opcode Fuzzy Hash: 0a88a1ceb530e92ba37672c48bfabcc3893f5b3e9db1df72bb169ca29b2d8133
                                      • Instruction Fuzzy Hash: C521E4B5D002489FDB10CF9AD484ADEBFF5EB48310F14801AE928A3350C379A941CFA1
                                      Function 069F4EB8 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 069F4F2E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID:
                                      • API String ID: 4275171209-0
                                      • Opcode ID: f74ad0848234a0b87382f191102d53e04327573385ba047c75ffa66f202532af
                                      • Instruction ID: d6904b500ab20f46451fd5bfdb232b2a1f0821f9919f3067182ad4edb72d4a1e
                                      • Opcode Fuzzy Hash: f74ad0848234a0b87382f191102d53e04327573385ba047c75ffa66f202532af
                                      • Instruction Fuzzy Hash: C4218631C002498FDB20CFAAD845BEEBFF1EF48320F208819E919A7250CB3A9501CF90
                                      Function 04B7A130 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,04B7B079,00000800,00000000,00000000), ref: 04B7B28A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1231705458.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4b70000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: 13215e4dba4370c20524b861649c0e6bbb1d48300fba58222d302b33ef1a10c4
                                      • Instruction ID: b56fee9c9658e24aef4da7151d8daeb78c1e2fe4bd23ee077be6ed58b82aeb30
                                      • Opcode Fuzzy Hash: 13215e4dba4370c20524b861649c0e6bbb1d48300fba58222d302b33ef1a10c4
                                      • Instruction Fuzzy Hash: CF1133B6D043089FDB20CF9AC444BDEFBF4EB48314F10842AD929A7210C375A505CFA4
                                      Function 069F4EC0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 069F4F2E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID:
                                      • API String ID: 4275171209-0
                                      • Opcode ID: ccfa93387f5ddefd1198ee9acb4aaa7418a137ab72119b3ba56167d209c1d16b
                                      • Instruction ID: 4415850cbfc809bea27222ed965808444a404a44481ec526d8fdc2dc8e310bbc
                                      • Opcode Fuzzy Hash: ccfa93387f5ddefd1198ee9acb4aaa7418a137ab72119b3ba56167d209c1d16b
                                      • Instruction Fuzzy Hash: C2112671D003499FDB20DFAAC845BDFBBF5EB48324F248419E519A7250CB75A941CFA0
                                      Function 069F4D31 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: ResumeThread
                                      • String ID:
                                      • API String ID: 947044025-0
                                      • Opcode ID: 5cb8b845f147899a1ec5f36581617a976a30c3703b3d70b3cb93491410e9c90d
                                      • Instruction ID: 0f7eebae4886ca083278b9421a1626888ec3767abc934e183f20c4661be22a89
                                      • Opcode Fuzzy Hash: 5cb8b845f147899a1ec5f36581617a976a30c3703b3d70b3cb93491410e9c90d
                                      • Instruction Fuzzy Hash: 3E116475D003498FDB20DFAAD4457EEFBF5AF88224F24881EC559A7640CA796801CF94
                                      Function 04B7B21F Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,04B7B079,00000800,00000000,00000000), ref: 04B7B28A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1231705458.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4b70000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: 17a3e0f4f3cc57e8baf6279d09d45f053408be6be44f4b7b7ca662f15efdede8
                                      • Instruction ID: e68cf9a90a1f24cd5ff2604bdd437d2034481c97fe613e98c07fc6f43c69b642
                                      • Opcode Fuzzy Hash: 17a3e0f4f3cc57e8baf6279d09d45f053408be6be44f4b7b7ca662f15efdede8
                                      • Instruction Fuzzy Hash: C31112B6C043098FDB20CF9AD444ADEFBF4EB48314F10842AD929A7210C779A545CFA5
                                      Function 068F560C Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                      Download Yara Rule
                                      APIs
                                      • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,068F7EB1,?,?), ref: 068F8058
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232635150.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: ChangeCloseFindNotification
                                      • String ID:
                                      • API String ID: 2591292051-0
                                      • Opcode ID: 2c98632d1940e41a97f782f3f9a58a372e3318ad054359e4b701f4de06092f03
                                      • Instruction ID: dcd7cc1797053d2cba4f310311a2e9f86bfc5d4c597e9020ae11e0db92df5309
                                      • Opcode Fuzzy Hash: 2c98632d1940e41a97f782f3f9a58a372e3318ad054359e4b701f4de06092f03
                                      • Instruction Fuzzy Hash: DB1158B18003498FDB20DF99C445BDEBBF4EB48320F108419D618A7240D779A944CFA4
                                      Function 068F7FF8 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                      Download Yara Rule
                                      APIs
                                      • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,068F7EB1,?,?), ref: 068F8058
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232635150.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: ChangeCloseFindNotification
                                      • String ID:
                                      • API String ID: 2591292051-0
                                      • Opcode ID: 9de6390cd091b96afcc8f26538d8d36b3ec9664e2efce6ff0ce1fbc2b9216967
                                      • Instruction ID: 55f4f688d092806ef7c8615a3c814c003f8c3b0230d3993640a978580d0556f8
                                      • Opcode Fuzzy Hash: 9de6390cd091b96afcc8f26538d8d36b3ec9664e2efce6ff0ce1fbc2b9216967
                                      • Instruction Fuzzy Hash: BF1146B58003498FCB20DF99C445BDEBFF4EB48320F10841ADA68A7241C779A545CFA1
                                      Function 04B7A0CC Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,04B7ADC4), ref: 04B7AFFE
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1231705458.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4b70000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: HandleModule
                                      • String ID:
                                      • API String ID: 4139908857-0
                                      • Opcode ID: 0be2dc3f98d814cd96ad573302d51f2d68e362e0c14e9c0e1f70c27edb7b2dac
                                      • Instruction ID: 420a11bc129fbf88bc78a3d068f7e573ce2b199a2adaf8e0ab9ab979e5477609
                                      • Opcode Fuzzy Hash: 0be2dc3f98d814cd96ad573302d51f2d68e362e0c14e9c0e1f70c27edb7b2dac
                                      • Instruction Fuzzy Hash: F31102B5D047498FDB20DF9AC444BDEFBF4EB88314F10846AD529A7210D379A545CFA1
                                      Function 069F79C8 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 069F7A2D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: MessagePost
                                      • String ID:
                                      • API String ID: 410705778-0
                                      • Opcode ID: 0eef282d797a8caa4234dec5289875c13a276fb66e055c27f5fac6bad74e74d4
                                      • Instruction ID: d03c3e329d16e090515d1f1152f8f254a39d8b63e8c669a80733d6573d485b4d
                                      • Opcode Fuzzy Hash: 0eef282d797a8caa4234dec5289875c13a276fb66e055c27f5fac6bad74e74d4
                                      • Instruction Fuzzy Hash: FB11F5B58003499FDB10DF9AD885BDEFFF8EB48324F21841AD518A7610C379AA44CFA1
                                      Function 069F4D38 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: ResumeThread
                                      • String ID:
                                      • API String ID: 947044025-0
                                      • Opcode ID: faf3b3ef77272c96b6e537f4f3fdd7cebc6dbcd22064eec28ebf7168060091cb
                                      • Instruction ID: cf334028f3ac698c7536c54994a45494e5b1a1c4d7b4039c797341862433c62f
                                      • Opcode Fuzzy Hash: faf3b3ef77272c96b6e537f4f3fdd7cebc6dbcd22064eec28ebf7168060091cb
                                      • Instruction Fuzzy Hash: 46112571D003498FDB20DFAAC8457DEFBF5EB88224F24841AD519A7640CB79A941CBA4
                                      Function 069F7278 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 069F7A2D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: MessagePost
                                      • String ID:
                                      • API String ID: 410705778-0
                                      • Opcode ID: 241421a182e2bce1c007cd80cfadda538c07e9c9f4510a0e22e1056cded9317d
                                      • Instruction ID: 6e5767e9be47a6afc1211e697f80f3db63ff1e73f3f0513e722243542c520569
                                      • Opcode Fuzzy Hash: 241421a182e2bce1c007cd80cfadda538c07e9c9f4510a0e22e1056cded9317d
                                      • Instruction Fuzzy Hash: 371133B58003489FDB20DF9AD845BDEFFF8EB48320F21841AE518A7610C375AA44CFA0
                                      Function 04B7AF97 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,04B7ADC4), ref: 04B7AFFE
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1231705458.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4b70000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: HandleModule
                                      • String ID:
                                      • API String ID: 4139908857-0
                                      • Opcode ID: a394574eb80080cb04cd5eba4a6587e400570acb126610d93e638db9025ed175
                                      • Instruction ID: fae0f2719fce0a33a13cdcd1e76cd4f32b4984eab5b8d5b37e6a9d2bcec6b112
                                      • Opcode Fuzzy Hash: a394574eb80080cb04cd5eba4a6587e400570acb126610d93e638db9025ed175
                                      • Instruction Fuzzy Hash: 3D11E0B6C046498FDB20DF9AD444BDEFBF4EB88324F10846AD529A7210D379A545CFA1
                                      Function 080878F7 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: V
                                      • API String ID: 0-1342839628
                                      • Opcode ID: d4cf0f2ef736cc2ac6870fe8a33d584c1d57392501a50c062155cb54b5d79902
                                      • Instruction ID: 1ed1c5758560aa7d1af63b5f58d68fb94d514adf7b40b440c441af11c4191592
                                      • Opcode Fuzzy Hash: d4cf0f2ef736cc2ac6870fe8a33d584c1d57392501a50c062155cb54b5d79902
                                      • Instruction Fuzzy Hash: 42516F30A45214DFDB14AF6DD9547BDBAF3EF44302F24806AE4E69A29AC7349AC0CB11
                                      Function 08089B90 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Teq
                                      • API String ID: 0-1098410595
                                      • Opcode ID: eef9c87ce08fc60c8ace3b09ee3dc0d560e392245d24974fd188e16e4845d36f
                                      • Instruction ID: 09861d1b9f16de8deaeb44640a9557838424273aba9621e161d99f7fe74e05ed
                                      • Opcode Fuzzy Hash: eef9c87ce08fc60c8ace3b09ee3dc0d560e392245d24974fd188e16e4845d36f
                                      • Instruction Fuzzy Hash: 67112E31F00219CBCB64FBB998117FEBAF6AB88311B244079C544E7344EB358D51CBA5
                                      Function 08082FE4 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 0,Aq
                                      • API String ID: 0-777562071
                                      • Opcode ID: 5c05c76e71b91418735391aaaa01fbfa6ea49cf9d1f8691090a4f18e61b1208b
                                      • Instruction ID: fc74806b9b41199a1f10fc0f22219c972f72ddf1c570c56c3be8261a893fc02c
                                      • Opcode Fuzzy Hash: 5c05c76e71b91418735391aaaa01fbfa6ea49cf9d1f8691090a4f18e61b1208b
                                      • Instruction Fuzzy Hash: 30F02736B08314CFDB21AB65EC9056D7F22EFD0203B04815BC4828E226DB34A90AC751
                                      Function 08082F88 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 0,Aq
                                      • API String ID: 0-777562071
                                      • Opcode ID: 4fbc1459b04c8d19c0580361568d57a85a8dab2b3ae7665fa3d4b4fadc71d1e4
                                      • Instruction ID: d277e07f5495945a78630e62efc7844e89d4586c8f22e5bef7a9ad93931d05ba
                                      • Opcode Fuzzy Hash: 4fbc1459b04c8d19c0580361568d57a85a8dab2b3ae7665fa3d4b4fadc71d1e4
                                      • Instruction Fuzzy Hash: 4AF0EC357007189BD724F625DC90D9FBB5BFFC4211B108519D5098F305CE306D0D8292
                                      Function 08084762 Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: )k^
                                      • API String ID: 0-3255266018
                                      • Opcode ID: c15e69b0d27fddc8e9d0a6ed48cdf286e061500285c452ea5e2f2a3a05314d24
                                      • Instruction ID: abcf83eb8cd8e0da025637ab72cc428e471ac71507bf6a17f7cd70a41c7466d9
                                      • Opcode Fuzzy Hash: c15e69b0d27fddc8e9d0a6ed48cdf286e061500285c452ea5e2f2a3a05314d24
                                      • Instruction Fuzzy Hash: DCD02EA2B48A36CF8B2A3651590012C3ADFAA923A330810AFC5CA8A040D6004887831E
                                      Function 08080040 Relevance: .2, Instructions: 219COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 132a8017974ee82de32bc880f5b43a94cc69725c7bccfa63bf4e6a015e4eb03b
                                      • Instruction ID: a275de3f6e9c1d809d402222be64adae684f817cb85f6df8090927e5f39e946c
                                      • Opcode Fuzzy Hash: 132a8017974ee82de32bc880f5b43a94cc69725c7bccfa63bf4e6a015e4eb03b
                                      • Instruction Fuzzy Hash: E481F338710A10CFCB44EF28D498A697BF6FF89605B1581A9E502CB375DB71EC45CB80
                                      Function 080875D9 Relevance: .2, Instructions: 175COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8d4d0b1c3cc1408938555d0d9ead43fc8f5b94dbe814b32fb4e6e8fc719d3375
                                      • Instruction ID: 79866e6443fe4852c7db2a891b8b3cfd24b9baf7146461d084401abe8a33d68e
                                      • Opcode Fuzzy Hash: 8d4d0b1c3cc1408938555d0d9ead43fc8f5b94dbe814b32fb4e6e8fc719d3375
                                      • Instruction Fuzzy Hash: 03719131A05205CFCB14DF5CC584A6DBBB3FF44312F658A9AD0969B6AAC370E891CB90
                                      Function 08084ACC Relevance: .2, Instructions: 163COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 003f8bb36df75308e70476300429419af74709d59ec0409cc945ca669a174c26
                                      • Instruction ID: 6cda612413e8b0979ebd25cdd546aa5c966ae385a7da4773308dcbc3edc5a8c5
                                      • Opcode Fuzzy Hash: 003f8bb36df75308e70476300429419af74709d59ec0409cc945ca669a174c26
                                      • Instruction Fuzzy Hash: 97512571A093859FC707EB388C9857E7FB6EE8325034A45DBC095CF193DA38990AC726
                                      Function 0808ACE9 Relevance: .2, Instructions: 150COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a3c8b2ab220aceea97450c5a54c571330992cb65a097a180050f9e8e5f3a8798
                                      • Instruction ID: 6e94f69b4185909794a11837a51342eaf1e46db637973cff5a99f95c15f3da62
                                      • Opcode Fuzzy Hash: a3c8b2ab220aceea97450c5a54c571330992cb65a097a180050f9e8e5f3a8798
                                      • Instruction Fuzzy Hash: 15517834B00218DFE704EBA9C845BBE76B3FB84712F548526E585AB7C5DA348D81CB51
                                      Function 08086F5A Relevance: .1, Instructions: 126COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d3bcc0360f71aaf4d95e93575d6c9bd2a6066df00f33e218181864ca6949fcf2
                                      • Instruction ID: b90e0cdd742bea5d6a52f3742421ac80e5cee96a5a1583cd135c67986383900c
                                      • Opcode Fuzzy Hash: d3bcc0360f71aaf4d95e93575d6c9bd2a6066df00f33e218181864ca6949fcf2
                                      • Instruction Fuzzy Hash: F64191A8409BC0CFC3239B79A5545417FF0EE8721274A89EFC4C5CFAA3C679985AC716
                                      Function 08080540 Relevance: .1, Instructions: 121COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a92319b6660347ed9a7b96c3fbc0ccf264b284d701df6a389b4343d546efdd95
                                      • Instruction ID: ac6389b8198734867fdbe20f08d6329732be18ecb9b1eda97d17cc16ad22a1b5
                                      • Opcode Fuzzy Hash: a92319b6660347ed9a7b96c3fbc0ccf264b284d701df6a389b4343d546efdd95
                                      • Instruction Fuzzy Hash: 4F41B074E00604CFEB64FBB8C4547AE7AB2EB88316F145429D542B7360DF3589C6CBA1
                                      Function 08083C20 Relevance: .1, Instructions: 116COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 77014ed3f3357fe7ed2fc4dfadc1e806963a990c107e08fca881bbc5b3012201
                                      • Instruction ID: 829b48db453a9746cbe5a81f13ebdb62ca53709fd5a69f5ec2ac3cc890ab2472
                                      • Opcode Fuzzy Hash: 77014ed3f3357fe7ed2fc4dfadc1e806963a990c107e08fca881bbc5b3012201
                                      • Instruction Fuzzy Hash: F2414870A04254DFD7119B6898146BEBBE3BBC5A13F16C0BAE6D5CB382C6768882C750
                                      Function 080887F8 Relevance: .1, Instructions: 111COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f5aacbb6d9011e48da0e9fc46a6b4b3bab6a4113566ba5c06c44072c5772c661
                                      • Instruction ID: deb80283e0ac2178d84c6f44f8877e5b4dbdb05ab57981b3bf5e8c4897b48392
                                      • Opcode Fuzzy Hash: f5aacbb6d9011e48da0e9fc46a6b4b3bab6a4113566ba5c06c44072c5772c661
                                      • Instruction Fuzzy Hash: 49415D70E05619DFDB54EF69C9102AEB7F2FF49312F84C13AD4EAA6284D3349581CAA1
                                      Function 08080013 Relevance: .1, Instructions: 94COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3760f8312763b531544f589444b84bc0be3c862683c722efb945e3236d8f7dd6
                                      • Instruction ID: 72ca28786ca1f870736cbf9d95cbf1843781d1f8b8a738c38cec46eb2424ca02
                                      • Opcode Fuzzy Hash: 3760f8312763b531544f589444b84bc0be3c862683c722efb945e3236d8f7dd6
                                      • Instruction Fuzzy Hash: DB318D34B156518FC706EB38C8948AD7BF6AF4A60170940EAE841CF3B2DB71EC05CB92
                                      Function 080861A0 Relevance: .1, Instructions: 89COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e45c6e5ef2b7b4ad621ab99a621ad9bc5b5d376ed8a9c5d21f6159ea86024006
                                      • Instruction ID: 64904e0207d2fc52a1acbaf741c87c2fa087ff5aff95c399cc08f3da0cda80ea
                                      • Opcode Fuzzy Hash: e45c6e5ef2b7b4ad621ab99a621ad9bc5b5d376ed8a9c5d21f6159ea86024006
                                      • Instruction Fuzzy Hash: 4931F570908659CFDB409FADC90567FBBF3EF95212F19816AE8B5D3283D2358480C751
                                      Function 080861B0 Relevance: .1, Instructions: 84COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7490f021dfd8e7ccb397b4e009616dde81f809bc304999d89325902c8d717fdd
                                      • Instruction ID: feeb9d97483ee35f3e8e51b64eac55714ebaeca7a93da5bb92cd701b7d632d3d
                                      • Opcode Fuzzy Hash: 7490f021dfd8e7ccb397b4e009616dde81f809bc304999d89325902c8d717fdd
                                      • Instruction Fuzzy Hash: 5531E570A04619CFDB449FADC90567FB7F3FF94212F19816AE8B5D3282D236C5818691
                                      Function 0808BBF8 Relevance: .1, Instructions: 78COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2c5edd7111cae9a7d9b43e84323afe5d2aeb98df960d99ce3ed1be614ba5d283
                                      • Instruction ID: 9de8bf27ed7412f13b93ac3d0b12cffde5e0a31cc95f908b9e10baec879cd731
                                      • Opcode Fuzzy Hash: 2c5edd7111cae9a7d9b43e84323afe5d2aeb98df960d99ce3ed1be614ba5d283
                                      • Instruction Fuzzy Hash: 23216D30704704DFD3246B15986572A7FA3AF89732F54887DE5878F382CE609C82C755
                                      Function 008FD4C4 Relevance: .1, Instructions: 75COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1227773938.00000000008FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FD000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8fd000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3fe67288ecefa808907fc05580565f6e9422da52ecf8a76ce8b7d53fb5ac885e
                                      • Instruction ID: ec990e5a8a5eba7a3ce52017dae29793366f8b30e5dbc2b6394056db3997bc7d
                                      • Opcode Fuzzy Hash: 3fe67288ecefa808907fc05580565f6e9422da52ecf8a76ce8b7d53fb5ac885e
                                      • Instruction Fuzzy Hash: 18213371504308DFDB14DF20D9C0B26BF62FB98328F20C169EA098B246C336D816DAA2
                                      Function 0090D1D4 Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1227836643.000000000090D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_90d000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6b6b3af36165226dc5f6345044241af8d7a201eea0741b9f1af66bc4b96e63a0
                                      • Instruction ID: 36e77b6a5847b714fc7edd4d1a13e2135150877fa5602dc488c6d375d1e07e4c
                                      • Opcode Fuzzy Hash: 6b6b3af36165226dc5f6345044241af8d7a201eea0741b9f1af66bc4b96e63a0
                                      • Instruction Fuzzy Hash: 69210771605300EFDB15DF98D9C0B25BB65FB84314F20C96DE8494B2D6C33AD846CB61
                                      Function 0090D01C Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1227836643.000000000090D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_90d000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f00b905c568a0b697ea51858cf2f429eab873c3ed4bd0254cece8987dd390b45
                                      • Instruction ID: 8237fd84bbc66ca6e00512538449576f9e0785d266c5358aee21eaaaafd0f12d
                                      • Opcode Fuzzy Hash: f00b905c568a0b697ea51858cf2f429eab873c3ed4bd0254cece8987dd390b45
                                      • Instruction Fuzzy Hash: C921F275605300DFDB14DF54D9C4B26BBB5EB84324F20C96DD84E4B286C33AD847CA62
                                      Function 08080808 Relevance: .1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 17212a4b656c782b2557df404f25ecb266b7f68364ac4fa50557a03cc8e3f02c
                                      • Instruction ID: be189ea87f64e9fe24794225038127b97185b375a5af111fc57096597f8310ff
                                      • Opcode Fuzzy Hash: 17212a4b656c782b2557df404f25ecb266b7f68364ac4fa50557a03cc8e3f02c
                                      • Instruction Fuzzy Hash: 0521C571A10219EFDB05AFA4D844A9EBBB6FF89304F458515F101BB224DF34A845CB91
                                      Function 08080807 Relevance: .1, Instructions: 69COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 180eb5807de860427510452b4613c7f1c800eb8cbabe4c283d851966712d2c79
                                      • Instruction ID: 54b5a95561de5c663867daf72c5825c0e03c6155c5cb191a54331f129a121082
                                      • Opcode Fuzzy Hash: 180eb5807de860427510452b4613c7f1c800eb8cbabe4c283d851966712d2c79
                                      • Instruction Fuzzy Hash: D121C571A10219EFDB05AFA4D884A9EBBB6FF89304F458515F101BB224DF34A845CB91
                                      Function 0808BBE8 Relevance: .1, Instructions: 68COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2cb50bb201c717c5ed83d736132891fac1f82327593a2fd23215508bc3131b5c
                                      • Instruction ID: 6a15e779241cf181680d261cec05027536e73cf34f0f462c74ce008373aa1d93
                                      • Opcode Fuzzy Hash: 2cb50bb201c717c5ed83d736132891fac1f82327593a2fd23215508bc3131b5c
                                      • Instruction Fuzzy Hash: CC113A30744704EFD3206A159861B6E7FA3EF85732F44897EE5864F292CA7098C1C759
                                      Function 08089C5F Relevance: .1, Instructions: 59COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 27cac80d83fd38daa2ed3b247a627890237733f186e21e8e68d862b15b17c9ee
                                      • Instruction ID: 6fe5ef6bf7137cf5e1eb6a18409aa7e11c18985c3711c228a55a0c57890a6be2
                                      • Opcode Fuzzy Hash: 27cac80d83fd38daa2ed3b247a627890237733f186e21e8e68d862b15b17c9ee
                                      • Instruction Fuzzy Hash: D6112375A007498F8B45FB7C8C404BFBBF7EEC5260714492DD968D7341EE3089068362
                                      Function 0808EE48 Relevance: .1, Instructions: 59COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 19bb63e6119be774d3068f81439391015e36127f4c279f4b58e52b9fffe92d87
                                      • Instruction ID: f61d9b0f14bd1bd5de2bfe1b6a6eb2b8fbf63256f9b0f4aefe86182a604208c9
                                      • Opcode Fuzzy Hash: 19bb63e6119be774d3068f81439391015e36127f4c279f4b58e52b9fffe92d87
                                      • Instruction Fuzzy Hash: 2521BDB4D04209DFCB44DF99D5809AEBBF6FB49301F609069D849A7715D7709E80CFA1
                                      Function 08083B75 Relevance: .1, Instructions: 57COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0fa124054981894e9663ef8c7558b02c72ab1cb2ae15d368a55c94a29f0f8e3b
                                      • Instruction ID: 11314273f82dc48b7e08911010726de263a494aa510660cf245796166b88576e
                                      • Opcode Fuzzy Hash: 0fa124054981894e9663ef8c7558b02c72ab1cb2ae15d368a55c94a29f0f8e3b
                                      • Instruction Fuzzy Hash: AA11A3B4A08255CEC720DB6D84601BDFBF6AF85613F16C46BD2E2C7292D239D881C720
                                      Function 008FD4BF Relevance: .1, Instructions: 56COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1227773938.00000000008FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008FD000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8fd000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                      • Instruction ID: 9bdb722c5d3f8799c499f0c7048c58fd495e660aa0222f5649ee066cb2ba151a
                                      • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                      • Instruction Fuzzy Hash: C6110376504384CFCB05CF10D5C0B26BF72FB98324F24C6A9DA494B256C336D85ACBA2
                                      Function 0090D017 Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1227836643.000000000090D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_90d000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                      • Instruction ID: bbcc078f981f254e288ebc282d7bab997eebf1f4dbce4d1498cf9885f1a4b771
                                      • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                      • Instruction Fuzzy Hash: 86118B75504280DFCB15CF54D5C4B15BBB2FB84324F24C6AAD8494B696C33AD84ACBA2
                                      Function 0090D1CF Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1227836643.000000000090D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_90d000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                      • Instruction ID: 6fe5d3a8dbb709dccec73dd8c3432b0e9109c78b8ff78886c810c1ad7982cf6a
                                      • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                      • Instruction Fuzzy Hash: 0611DD76505280DFDB05CF58C5C0B15FBB2FB84324F24C6ADD8494B696C33AD84ACB61
                                      Function 080870A8 Relevance: .0, Instructions: 50COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a2dc0fb6a09813b05ce2aa8459d28d153f990831015e1981b845b56e1908a7b4
                                      • Instruction ID: 90154415630776a6a56e53d006f67c16810f9adebb2e5b938d3b9cf54e3bc4d8
                                      • Opcode Fuzzy Hash: a2dc0fb6a09813b05ce2aa8459d28d153f990831015e1981b845b56e1908a7b4
                                      • Instruction Fuzzy Hash: 69115E70508648CFC760DF68F5482297FB1FB4A315B3045EDD4CA8A647CA7788E2CB45
                                      Function 080828C8 Relevance: .0, Instructions: 47COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 46029c49aebc18c175cacfe89839441007b8c1c8f9034caaafd3aa7346f6d323
                                      • Instruction ID: 90d38215e819e8111978442a88f66351377c111e3f488252c2ec60f8d09546b5
                                      • Opcode Fuzzy Hash: 46029c49aebc18c175cacfe89839441007b8c1c8f9034caaafd3aa7346f6d323
                                      • Instruction Fuzzy Hash: EA115B74D0020D9FDB41EFF8D841AAEBFB2FF48301F1085AAD155EB255EA341A06DB92
                                      Function 080870B8 Relevance: .0, Instructions: 46COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: adc1c40bcc7abf29b67d8b7a3da88f915ef8b6774b0be0a6b83255bc00261913
                                      • Instruction ID: 9de759d201fc671c96ea0efcd07683eb3200bc10552e2fce4f3a171df129d4e9
                                      • Opcode Fuzzy Hash: adc1c40bcc7abf29b67d8b7a3da88f915ef8b6774b0be0a6b83255bc00261913
                                      • Instruction Fuzzy Hash: 64015B70504608CFC760EF58F5482257BA1F74A316B7045EDD4CA86647CA7788F2CB45
                                      Function 080805CA Relevance: .0, Instructions: 45COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9a81e850141b47ad34b9fe7882a6f404a748ee78c1487c3f7ca961263d6a079b
                                      • Instruction ID: 5c97ce6244994551ef04afef5f8ed6a1eb2e6bf0669d8c34244086055e9c74a3
                                      • Opcode Fuzzy Hash: 9a81e850141b47ad34b9fe7882a6f404a748ee78c1487c3f7ca961263d6a079b
                                      • Instruction Fuzzy Hash: 3F018470E40609CFEB54FFB9C4543AD79A2EB88312F144439D541B62A0CB7949C5CFA6
                                      Function 080828D8 Relevance: .0, Instructions: 40COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 79fc2750f3d069a9716adea813351a9e6965e54fe70586783877a614c70326f0
                                      • Instruction ID: a0ae6cec707557b58c238bc137162c3605423e12d4c05d60563f2e5feddbb98b
                                      • Opcode Fuzzy Hash: 79fc2750f3d069a9716adea813351a9e6965e54fe70586783877a614c70326f0
                                      • Instruction Fuzzy Hash: 6C011E74D0020D9FDB45EFE8D440AAEBBB2FF48301F1085A9D155E7354EB351A069F81
                                      Function 08087020 Relevance: .0, Instructions: 38COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ae20eb83fb51fac1db8f65ba5518dc2c90a796295915db8d184ab59381ed5c3c
                                      • Instruction ID: c1e4ada7169aee9e03928b0a172f68d079c64987207b96fe2365a0bc581fc0b8
                                      • Opcode Fuzzy Hash: ae20eb83fb51fac1db8f65ba5518dc2c90a796295915db8d184ab59381ed5c3c
                                      • Instruction Fuzzy Hash: D6018070500F14CFC324DF1AF688912BBF0FB8972078189ADD5CA87A66DB71A4A5CB45
                                      Function 0808297A Relevance: .0, Instructions: 35COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3bcd54ac11d4612cfeb27c6cc7bca5dc05ae02fb82c5af3622129a37c6ae3592
                                      • Instruction ID: 0d104917fe224d17c93f19c2eb6bfbf5386f03d312acf3795de4a31ec36029f8
                                      • Opcode Fuzzy Hash: 3bcd54ac11d4612cfeb27c6cc7bca5dc05ae02fb82c5af3622129a37c6ae3592
                                      • Instruction Fuzzy Hash: 5EF04F34D0020DDFDB15EBA4E844D9EBB76FF48302F1045A5E156AB614DF352A46DB81
                                      Function 0808DC8C Relevance: .0, Instructions: 35COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 52d64d583131e1cd6c7bd2ca88befd1e1f86a33076b5c44f9e6e292cf8c15d58
                                      • Instruction ID: e69249f6bd455531b39dcba704a64fe054adbdf276cc1fa1df426d1e12b30ba5
                                      • Opcode Fuzzy Hash: 52d64d583131e1cd6c7bd2ca88befd1e1f86a33076b5c44f9e6e292cf8c15d58
                                      • Instruction Fuzzy Hash: FF016274E0D259CFDB50EB28C8856ED7BBAAF49202F0494E9D48D96257C67019C4CF12
                                      Function 08089D34 Relevance: .0, Instructions: 30COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b7d5c5f4e974faa009a0233190171ec66f59e45aaa882a4c13cf071e7e79706b
                                      • Instruction ID: 53ce2eb407a6ee7ffdb5fe98c683ce05b6af6c0a83ec1c9fdbe70934d12bf181
                                      • Opcode Fuzzy Hash: b7d5c5f4e974faa009a0233190171ec66f59e45aaa882a4c13cf071e7e79706b
                                      • Instruction Fuzzy Hash: 04F0A92145F3C08FC303AB7888A81A93F72AE5720170A04CBC1C08F463C56804AEE32B
                                      Function 0808DCD5 Relevance: .0, Instructions: 29COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e03fe3a2a4a2e3d50c3cde763e0649199316c5ee836b6575f6c7e8f4caba557a
                                      • Instruction ID: 90edc7aa8438170a2ffd5d9b9541a9bb13fb0eb0a6dc8e031dfd94a0eab0ab23
                                      • Opcode Fuzzy Hash: e03fe3a2a4a2e3d50c3cde763e0649199316c5ee836b6575f6c7e8f4caba557a
                                      • Instruction Fuzzy Hash: C6F0B470E0A249CBC764EF58C8966EC7777AB00102F1095A9D08A9B1A6D6704DC4CF12
                                      Function 08080625 Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ed8cc13e3c435aeceac5f5327aa9171773b534a806e564d293290db81ba33578
                                      • Instruction ID: 954ad6b5f2425d60e1b4c64b6fb0bc8b7a22ae2e16e33607aa4992547a73df83
                                      • Opcode Fuzzy Hash: ed8cc13e3c435aeceac5f5327aa9171773b534a806e564d293290db81ba33578
                                      • Instruction Fuzzy Hash: 72F01270E4070ACFEB54FFB994187AE7AA2AF84312F00843DC151AA2A1DF794495CF95
                                      Function 0808EF98 Relevance: .0, Instructions: 24COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 06a6f9855bc21c9421aee1560f75900385dc94fcc2cb3fb2d0f93f03ba2add55
                                      • Instruction ID: 119e7d4c6164a20cb0535a1885c778c687db5e68d297039e06aa1edcacb91678
                                      • Opcode Fuzzy Hash: 06a6f9855bc21c9421aee1560f75900385dc94fcc2cb3fb2d0f93f03ba2add55
                                      • Instruction Fuzzy Hash: 8BF01570D04208EFCB50EFA8E544AADBBF5FB49311F1081ADD84493342D3309A80DF84
                                      Function 0808DAC0 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 435ecc946cbc699eac14bcc13f81007ada1aff16b112e5b5a7d343f5d63fa412
                                      • Instruction ID: b631852a883f80f18b18692d51ff115e6d168e63c21f8f93126b7c1f025db22f
                                      • Opcode Fuzzy Hash: 435ecc946cbc699eac14bcc13f81007ada1aff16b112e5b5a7d343f5d63fa412
                                      • Instruction Fuzzy Hash: C2D05E2009A394AFC7162364BE6D7D73F759B03629B1503AEE88A8A0D3C3A40485D736
                                      Function 0808B40C Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2d58c84e8000ea30e847e12548dbe4fbfd9bb0235bab1c04c25dc8d40c730374
                                      • Instruction ID: 4c49c656a1b5b12dafb444c0c1a68f862d90eb1d5ddfdf74ae6e229db49c0fad
                                      • Opcode Fuzzy Hash: 2d58c84e8000ea30e847e12548dbe4fbfd9bb0235bab1c04c25dc8d40c730374
                                      • Instruction Fuzzy Hash: CBE012B1D4020ADFC740EFA8C505B5EBBF1AF08304F10C4A9D018EB211E7B08A018F82
                                      Function 0808B410 Relevance: .0, Instructions: 18COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2de9818134fd157e5d86f646356667d4aabe74b8732beab10921793372f454ff
                                      • Instruction ID: d14b741b132b024fbb8da32a9102319213affb7d680a83a204421e019c54707d
                                      • Opcode Fuzzy Hash: 2de9818134fd157e5d86f646356667d4aabe74b8732beab10921793372f454ff
                                      • Instruction Fuzzy Hash: 66E012B1D4020ADFC740EFA9C905B5EBBF1AB08200F10C4A9C018E7211E7B086008F85
                                      Function 08084AA0 Relevance: .0, Instructions: 14COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7e10436c9998596b1013da4512cc9f899d10a49c034e268d6077d2d418eabc9d
                                      • Instruction ID: c5f91d32ad779d25750924800e87fa9855f1ae093725b6a9a02023beb4c2f09d
                                      • Opcode Fuzzy Hash: 7e10436c9998596b1013da4512cc9f899d10a49c034e268d6077d2d418eabc9d
                                      • Instruction Fuzzy Hash: 10D0A92A40A390CED723FBA8CAA8A997FD1AE6220170888CAE0C40E022C520801CC70B
                                      Function 08080500 Relevance: .0, Instructions: 11COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c34d9c0fe89c336d178e9e45fbc748578fc65d72ae2b7ab65834436382e23b52
                                      • Instruction ID: 4ccd07a47b4791b6bb9d40ad0f3c6da4defedfd2f6aed41f92c0b64b8776b2e2
                                      • Opcode Fuzzy Hash: c34d9c0fe89c336d178e9e45fbc748578fc65d72ae2b7ab65834436382e23b52
                                      • Instruction Fuzzy Hash: 10D0A736C0A394DFDF21DF24E8B40443F205E01619705C2CBE8404E15AD9685E05CF83
                                      Function 0808DAD0 Relevance: .0, Instructions: 10COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3341ed807fe4543325a2ffb23c4929729cca045f74dbbdf4c121e333fa1014d7
                                      • Instruction ID: e469ac9fa6ce0da233758166dd29a8d9605dfc97087814b8fa685daa14e13369
                                      • Opcode Fuzzy Hash: 3341ed807fe4543325a2ffb23c4929729cca045f74dbbdf4c121e333fa1014d7
                                      • Instruction Fuzzy Hash: A5C04C310846189BD2547795F70D32677ACE70162AF40027DDA49414934BA054D0C669
                                      Function 0808B900 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7b442e9046ac042babfa1cbb19d78eca07197e56f2a8bf8cd03e1da57b407296
                                      • Instruction ID: 3e92179ede61d5c7952f534ebf32cca9d60a5ea4c6c0cb85bd4bf726d3b5f82f
                                      • Opcode Fuzzy Hash: 7b442e9046ac042babfa1cbb19d78eca07197e56f2a8bf8cd03e1da57b407296
                                      • Instruction Fuzzy Hash: 1FC08C3440D3C46FCB03D320EAAC164BFA0AF52318B1806EDA4888E09BD2A60988C387
                                      Function 08089D64 Relevance: .0, Instructions: 8COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 55bad49673f9e6914f560b982278004b51b692753f1d85d312d6a529c279defc
                                      • Instruction ID: b174a24ff14b71bb77c1170b744b1e55e3d6c8961fb11b5a558e7a432634eceb
                                      • Opcode Fuzzy Hash: 55bad49673f9e6914f560b982278004b51b692753f1d85d312d6a529c279defc
                                      • Instruction Fuzzy Hash: F9B012656A5344E395C477AC8C44B2E6943AFF1702B109C03B355A4040C46084FDE22B
                                      Function 08089B64 Relevance: .0, Instructions: 6COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 03f52e6dd85403dcdf3a58136cd75283346f57f666699d02b1e29f781cee19d1
                                      • Instruction ID: 2273261e95f3ac1fcf7436bd41eae1aec0a00d88431950fcfec46ff82c3d39c7
                                      • Opcode Fuzzy Hash: 03f52e6dd85403dcdf3a58136cd75283346f57f666699d02b1e29f781cee19d1
                                      • Instruction Fuzzy Hash: 88B0123E0205809D9B137F908404D61BFE6FF59608348C488E5C40A132C5119024EB1A
                                      Function 0808A554 Relevance: .0, Instructions: 6COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f0cc45a981c5bf67391d898784449f9ebd0dc830eecca35268dd935c7ac322a5
                                      • Instruction ID: 24351c604eccc73a2bfa7bd1d8dfa6ec087f2b9577a9a6fca0fbaea320e8fd9b
                                      • Opcode Fuzzy Hash: f0cc45a981c5bf67391d898784449f9ebd0dc830eecca35268dd935c7ac322a5
                                      • Instruction Fuzzy Hash: CDB0126509438460C68127A49901B1DABD01FFA700F24580AEFC800041812000B6E717
                                      Function 08082980 Relevance: .0, Instructions: 5COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6d5406cefa9b762c67a04dfabe03c80ae9a4d31a227a415561eebea44aee7299
                                      • Instruction ID: 005a12b9302ed3dcaea744197b62c222a6df3f3a87514c6c6c983917e63de296
                                      • Opcode Fuzzy Hash: 6d5406cefa9b762c67a04dfabe03c80ae9a4d31a227a415561eebea44aee7299
                                      • Instruction Fuzzy Hash: 8490023508460C8B46402795740D955775EB544516B844461AA4D415015A5574108595
                                      Function 08086C90 Relevance: .0, Instructions: 3COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1233308262.0000000008080000.00000040.00000800.00020000.00000000.sdmp, Offset: 08080000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_8080000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 168882d26c4b8112753ebd516f2ea22d4c6b24f4b967cbdd9fdc59691c66b592
                                      • Instruction ID: 7466d477a86a04f749a2679ccd08bf9acc923f0a856bdd16093ec3da714b871a
                                      • Opcode Fuzzy Hash: 168882d26c4b8112753ebd516f2ea22d4c6b24f4b967cbdd9fdc59691c66b592
                                      • Instruction Fuzzy Hash: 6BA00174809205EEDB109A55A10C26CBA65AB1436AF018069D862527428B7901C49F05

                                      Non-executed Functions

                                      Function 069F95E0 Relevance: .4, Instructions: 374COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1eeb7955f5815d6dccc106bb57fa252e9daaddbe7c6a79a5f7d8452b6b10e40f
                                      • Instruction ID: fe272cff2edb9c564c9c2c79c0b80495ec0b3bdf1ab18f6ec7e6863afbc28691
                                      • Opcode Fuzzy Hash: 1eeb7955f5815d6dccc106bb57fa252e9daaddbe7c6a79a5f7d8452b6b10e40f
                                      • Instruction Fuzzy Hash: D4D1DF30B103008FEBA9DB75C410BAEB7FAAF89304F2544ADD25A9B690CB35E941CB51
                                      Function 069F25E8 Relevance: .3, Instructions: 320COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a7588a1d6240fd60d6258bfa8de1806cce442f2b527923f65b856f77287882ad
                                      • Instruction ID: 4b884af5a6a4630ea4d71abaaf2e2ffa12bccb7fd719bfd104104a4cc5eb1f0b
                                      • Opcode Fuzzy Hash: a7588a1d6240fd60d6258bfa8de1806cce442f2b527923f65b856f77287882ad
                                      • Instruction Fuzzy Hash: 77E11974E102598FDB14DFA8C580AAEFBF2BF89304F2481A9D555AB356C734AD41CFA0
                                      Function 069F3CA0 Relevance: .3, Instructions: 312COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 522733745bd59490d2191023ea0f22c8487cfdbaf6757aa4791babba15e66468
                                      • Instruction ID: a4635cd05e6b75d973514e5dac9fd10640ae3602417ebbe172717c7ab760a3a7
                                      • Opcode Fuzzy Hash: 522733745bd59490d2191023ea0f22c8487cfdbaf6757aa4791babba15e66468
                                      • Instruction Fuzzy Hash: 2FE12774E102198FDB14DFA8C580AAEFBF2BF89304F248169D555AB356C734AD41CFA0
                                      Function 069F40D8 Relevance: .3, Instructions: 312COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e4d6cd6fe115b3440cd8688a48e8c4e5425927bbbb6c5c0ae46789d94a6c1848
                                      • Instruction ID: c6f60d20cf87d2946b785523519701e3428c8372f8c61dfa98e6b5f1531d17dd
                                      • Opcode Fuzzy Hash: e4d6cd6fe115b3440cd8688a48e8c4e5425927bbbb6c5c0ae46789d94a6c1848
                                      • Instruction Fuzzy Hash: 8FE11974E102598FDB14DFA8C580AAEFBF2BF89305F248169D555AB356C730AD42CFA0
                                      Function 069F21C0 Relevance: .3, Instructions: 312COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ab9ec194f7d03c5cc9bdb4eecd64245e2dbe898da951282d735f18b3da5c9815
                                      • Instruction ID: 7f990a359a8e9549dd52590671954349c86a47155dc704d4c41985c2527b8e2e
                                      • Opcode Fuzzy Hash: ab9ec194f7d03c5cc9bdb4eecd64245e2dbe898da951282d735f18b3da5c9815
                                      • Instruction Fuzzy Hash: F9E128B4E102198FDB14DFA8C590AAEFBB2FF89304F248169D555AB359D730AD42CF60
                                      Function 069F4510 Relevance: .3, Instructions: 312COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6d57c4b982694be2ac04082ededb15a2f2d02bb773cc1d4a777b7cb725db98f3
                                      • Instruction ID: 1c4c8aa53c675d89873643e7e76c6459562bee479c7e06cf19a749ddc0e8024e
                                      • Opcode Fuzzy Hash: 6d57c4b982694be2ac04082ededb15a2f2d02bb773cc1d4a777b7cb725db98f3
                                      • Instruction Fuzzy Hash: 6CE12674E102598FDB14DFA8C580AAEFBF2BF89305F248169D555AB356C730AD41CFA0
                                      Function 068FAA80 Relevance: .3, Instructions: 273COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232635150.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 82511cd5b8539a5c3a6364d36bde7d84a399b7f83de31059ca7a18487d7f2036
                                      • Instruction ID: 2ec99029b1aa0aab43cdfb3c6bf5db937f1cfad4d9aea4b9e7ab6b71d3df4456
                                      • Opcode Fuzzy Hash: 82511cd5b8539a5c3a6364d36bde7d84a399b7f83de31059ca7a18487d7f2036
                                      • Instruction Fuzzy Hash: 15D1D635D10B5A8ACB10EB69D990A9DB7B1FFD5300F20C79AD14977214EB70AAC9CB41
                                      Function 068FAA90 Relevance: .3, Instructions: 264COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232635150.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_68f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3e4aec379575c70875dfd9c406fd69a2976b4b2748ba93b58bba51ad84d56002
                                      • Instruction ID: d5ec312ea0e0e91d17ed15bea5cc26808fefab634410883ca9953181f1cece51
                                      • Opcode Fuzzy Hash: 3e4aec379575c70875dfd9c406fd69a2976b4b2748ba93b58bba51ad84d56002
                                      • Instruction Fuzzy Hash: 09D1C535D10B5A8ACB10EB69D990A9DB7B1FFD5300F20C79AD10A77214EB70AAC9CB51
                                      Function 04B7D5BC Relevance: .3, Instructions: 264COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1231705458.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4b70000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b30116efac980e4b79cdfd7900b31756b70e3957ae8b7315aff9c0fee8190a21
                                      • Instruction ID: 65f5a4242e5b2f2cd8bae508059cf31e711cd0e97cd4d98dd72bf2b801d833c1
                                      • Opcode Fuzzy Hash: b30116efac980e4b79cdfd7900b31756b70e3957ae8b7315aff9c0fee8190a21
                                      • Instruction Fuzzy Hash: 9EA17E32E00209CFDF05DFB5C8805AEB7B2FF89305B1585AAE815BB265DB35E916CB50
                                      Function 069F40C9 Relevance: .1, Instructions: 135COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c6689b3fc50149370757931df19700a94aa20f470f2222a531c55f94ebb84c49
                                      • Instruction ID: 25893cfb177cb029e1c9b25d499b45da55fb6c69444d003d3d21524aed190cf1
                                      • Opcode Fuzzy Hash: c6689b3fc50149370757931df19700a94aa20f470f2222a531c55f94ebb84c49
                                      • Instruction Fuzzy Hash: 39512874E142598FDB14CFA9C5805AEFBF2BF89304F2481AAD458AB256C7359D42CFA0
                                      Function 069F4501 Relevance: .1, Instructions: 135COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0ff5846f7f06b34137fcd222e4a707b4dfd7cfd0691e69f652cad4983b404413
                                      • Instruction ID: 0149ae776d2bc6a9fa26a76e395a29ef8c7f19b8fc87df5ad4c67a849c9d7ef4
                                      • Opcode Fuzzy Hash: 0ff5846f7f06b34137fcd222e4a707b4dfd7cfd0691e69f652cad4983b404413
                                      • Instruction Fuzzy Hash: DD511774E102598FDB18DFA9C5805AEBBF2BF89300F2481A9D458AB356D7349D42CF60
                                      Function 069F6509 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1232952867.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_69f0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bbef8284f5492911cfc45cfd38b8371c911fa75efab02924d2ba37689d83cb30
                                      • Instruction ID: 46a64f0bdbe59a6f904e098276c838c3ed5f9efa7ab5fdbc2eb9d875fcfd8161
                                      • Opcode Fuzzy Hash: bbef8284f5492911cfc45cfd38b8371c911fa75efab02924d2ba37689d83cb30
                                      • Instruction Fuzzy Hash: 5FD02323C5F3844ED741464028000F4EF3C5F87026F0734D3CB0C9394381105D2D9799

                                      Execution Graph

                                      Execution Coverage:13.6%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:3.1%
                                      Total number of Nodes:98
                                      Total number of Limit Nodes:8
                                      execution_graph 22329 14a0848 22331 14a084e 22329->22331 22330 14a091b 22331->22330 22333 14a137f 22331->22333 22334 14a137e 22333->22334 22336 14a1383 22333->22336 22334->22331 22335 14a14aa 22335->22331 22336->22335 22340 14a8c88 22336->22340 22345 6f4c937 22336->22345 22349 6f4c948 22336->22349 22341 14a8c92 22340->22341 22342 14a8cac 22341->22342 22353 6f4aeb7 22341->22353 22357 6f4aec8 22341->22357 22342->22336 22346 6f4c95a 22345->22346 22348 6f4c9d1 22346->22348 22361 6f4c57c 22346->22361 22348->22336 22350 6f4c95a 22349->22350 22351 6f4c57c GetModuleHandleW 22350->22351 22352 6f4c9d1 22350->22352 22351->22352 22352->22336 22354 6f4aec8 22353->22354 22355 6f4b0ee 22354->22355 22356 6f4b108 GlobalMemoryStatusEx 22354->22356 22355->22342 22356->22354 22359 6f4aedd 22357->22359 22358 6f4b0ee 22358->22342 22359->22358 22360 6f4b108 GlobalMemoryStatusEx 22359->22360 22360->22359 22362 6f4c587 22361->22362 22366 6f4daf3 22362->22366 22375 6f4db08 22362->22375 22363 6f4cbaa 22363->22348 22367 6f4db08 22366->22367 22384 6f4d530 22367->22384 22370 6f4dbb6 22371 6f4dbe2 22370->22371 22393 6f4d540 22370->22393 22371->22371 22373 6f4d530 GetModuleHandleW 22373->22370 22376 6f4db0d 22375->22376 22377 6f4d530 GetModuleHandleW 22376->22377 22378 6f4db9a 22377->22378 22382 6f4d530 GetModuleHandleW 22378->22382 22383 6f4dfd9 GetModuleHandleW 22378->22383 22379 6f4dbb6 22380 6f4d540 GetModuleHandleW 22379->22380 22381 6f4dbe2 22379->22381 22380->22381 22382->22379 22383->22379 22386 6f4d53b 22384->22386 22385 6f4db9a 22385->22373 22388 6f4dfd9 22385->22388 22386->22385 22397 6f4e24f 22386->22397 22389 6f4dff3 22388->22389 22391 6f4dff7 22388->22391 22389->22370 22390 6f4e060 22390->22370 22391->22390 22392 6f4e24f GetModuleHandleW 22391->22392 22392->22390 22394 6f4e530 GetModuleHandleW 22393->22394 22396 6f4e5a5 22394->22396 22396->22371 22398 6f4e25a 22397->22398 22399 6f4d540 GetModuleHandleW 22398->22399 22400 6f4e37a 22399->22400 22401 6f4d540 GetModuleHandleW 22400->22401 22402 6f4e3f4 22400->22402 22403 6f4e3c8 22401->22403 22402->22385 22403->22402 22404 6f4d540 GetModuleHandleW 22403->22404 22404->22402 22405 120d044 22406 120d05c 22405->22406 22407 120d0b6 22406->22407 22413 6f4d664 22406->22413 22417 6f4d5d8 22406->22417 22421 6f4d64d 22406->22421 22425 6f4f782 22406->22425 22429 6f4f790 22406->22429 22414 6f4d669 22413->22414 22433 6f4d69c 22414->22433 22416 6f4f8c7 22416->22407 22418 6f4d5dd 22417->22418 22419 6f4d69c GetModuleHandleW 22418->22419 22420 6f4f8c7 22419->22420 22420->22407 22422 6f4d65d 22421->22422 22423 6f4d69c GetModuleHandleW 22422->22423 22424 6f4f8c7 22423->22424 22424->22407 22426 6f4f790 22425->22426 22427 6f4d664 GetModuleHandleW 22426->22427 22428 6f4f7c2 22427->22428 22428->22407 22430 6f4f795 22429->22430 22431 6f4d664 GetModuleHandleW 22430->22431 22432 6f4f7c2 22431->22432 22432->22407 22434 6f4d6a7 22433->22434 22435 6f4d530 GetModuleHandleW 22434->22435 22436 6f4f929 22435->22436 22437 6f4d540 GetModuleHandleW 22436->22437 22438 6f4f997 22436->22438 22437->22438 22443 14a7ed0 22444 14a7f14 CheckRemoteDebuggerPresent 22443->22444 22445 14a7f56 22444->22445 22439 6f4f5d8 22440 6f4f5dd CreateWindowExW 22439->22440 22442 6f4f6fc 22440->22442 22446 6f4e52a 22447 6f4e530 GetModuleHandleW 22446->22447 22449 6f4e5a5 22447->22449

                                      Executed Functions

                                      Function 014A7ED0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                      Download Yara Rule
                                      APIs
                                      • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 014A7F47
                                      Memory Dump Source
                                      • Source File: 00000004.00000002.3673664868.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_4_2_14a0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: CheckDebuggerPresentRemote
                                      • String ID:
                                      • API String ID: 3662101638-0
                                      • Opcode ID: af03d4f88b31fb75c66993006a7cb6645d15e274b22faaa10795c2f83e8924f6
                                      • Instruction ID: 408931e5d363ecd20425c3029c69f0c12880adbc90cc24d8f3371a9a7fa1b8c9
                                      • Opcode Fuzzy Hash: af03d4f88b31fb75c66993006a7cb6645d15e274b22faaa10795c2f83e8924f6
                                      • Instruction Fuzzy Hash: 09214871C013598FDB10CF9AD484BEEBBF4AF49221F14841AE458A3350D738A944CF61
                                      Function 06F4BE31 Relevance: 1.6, APIs: 1, Instructions: 130COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1630 6f4be31-6f4be4b 1631 6f4be75-6f4be94 call 6f4653c 1630->1631 1632 6f4be4d-6f4be74 call 6f46530 1630->1632 1638 6f4be96-6f4be99 1631->1638 1639 6f4be9a-6f4bef9 1631->1639 1646 6f4beff-6f4bf8c GlobalMemoryStatusEx 1639->1646 1647 6f4befb-6f4befe 1639->1647 1651 6f4bf95-6f4bfbd 1646->1651 1652 6f4bf8e-6f4bf94 1646->1652 1652->1651
                                      Memory Dump Source
                                      • Source File: 00000004.00000002.3692595352.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_4_2_6f40000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 70fecf9fc34d0a8bc59345aba55dc8d693eb488bc12b18a562d5e94e9c2f491d
                                      • Instruction ID: 17ac3546f201ae6da29c9f22b9fa24cef4bfaeeec21e07696123b792f2bb9ab9
                                      • Opcode Fuzzy Hash: 70fecf9fc34d0a8bc59345aba55dc8d693eb488bc12b18a562d5e94e9c2f491d
                                      • Instruction Fuzzy Hash: A0412271E143568FDB14DFA9D8007AEBFF0AF89220F18866AD408E7681DB74A845CBD1
                                      Function 06F4F5D2 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1655 6f4f5d2-6f4f5d6 1656 6f4f5dd-6f4f63e 1655->1656 1657 6f4f5d8-6f4f5dc 1655->1657 1658 6f4f640-6f4f646 1656->1658 1659 6f4f649-6f4f650 1656->1659 1657->1656 1658->1659 1660 6f4f652-6f4f658 1659->1660 1661 6f4f65b-6f4f693 1659->1661 1660->1661 1662 6f4f69b-6f4f6fa CreateWindowExW 1661->1662 1663 6f4f703-6f4f73b 1662->1663 1664 6f4f6fc-6f4f702 1662->1664 1668 6f4f73d-6f4f740 1663->1668 1669 6f4f748 1663->1669 1664->1663 1668->1669 1670 6f4f749 1669->1670 1670->1670
                                      APIs
                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06F4F6EA
                                      Memory Dump Source
                                      • Source File: 00000004.00000002.3692595352.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_4_2_6f40000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: CreateWindow
                                      • String ID:
                                      • API String ID: 716092398-0
                                      • Opcode ID: 6856c4f5933abb4fc3ca0a77e57dd7e865708e5424fbbd92e9b58bc0de4aa5e3
                                      • Instruction ID: d6dc2c8f250189e3057aca11f208b4eebde4238d29b87b6085666e2c39c0e939
                                      • Opcode Fuzzy Hash: 6856c4f5933abb4fc3ca0a77e57dd7e865708e5424fbbd92e9b58bc0de4aa5e3
                                      • Instruction Fuzzy Hash: DC51C0B1D01309DFDB14DF9AC884ADEBFB5BF88310F24812AE819AB210D7759841CF90
                                      Function 06F4F5D8 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1671 6f4f5d8-6f4f63e 1673 6f4f640-6f4f646 1671->1673 1674 6f4f649-6f4f650 1671->1674 1673->1674 1675 6f4f652-6f4f658 1674->1675 1676 6f4f65b-6f4f6fa CreateWindowExW 1674->1676 1675->1676 1678 6f4f703-6f4f73b 1676->1678 1679 6f4f6fc-6f4f702 1676->1679 1683 6f4f73d-6f4f740 1678->1683 1684 6f4f748 1678->1684 1679->1678 1683->1684 1685 6f4f749 1684->1685 1685->1685
                                      APIs
                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06F4F6EA
                                      Memory Dump Source
                                      • Source File: 00000004.00000002.3692595352.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_4_2_6f40000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: CreateWindow
                                      • String ID:
                                      • API String ID: 716092398-0
                                      • Opcode ID: ba8623cb1fe8c4e4515b8d06016d8b6b447de0b0497761204d9b2b7e8651824c
                                      • Instruction ID: 70329dc98356fd674d94908ddcea481bff79e97524ba17da3fad4ca151ea86e4
                                      • Opcode Fuzzy Hash: ba8623cb1fe8c4e4515b8d06016d8b6b447de0b0497761204d9b2b7e8651824c
                                      • Instruction Fuzzy Hash: A341C0B1D01309DFDB14DFAAD884ADEBFB5BF88310F24812AE819AB210D7759845CF90
                                      Function 014A7EC8 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                      Download Yara Rule
                                      APIs
                                      • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 014A7F47
                                      Memory Dump Source
                                      • Source File: 00000004.00000002.3673664868.00000000014A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_4_2_14a0000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: CheckDebuggerPresentRemote
                                      • String ID:
                                      • API String ID: 3662101638-0
                                      • Opcode ID: 8d71258317d163fc55d53a54a4eda7291a66b2dcde05227c90b84aad9b73778b
                                      • Instruction ID: 2534b975d151f2fc7fc984d4a68746cac7fe5c6cdaf19c06d458d4e00de62d74
                                      • Opcode Fuzzy Hash: 8d71258317d163fc55d53a54a4eda7291a66b2dcde05227c90b84aad9b73778b
                                      • Instruction Fuzzy Hash: 71217871C002598FDB10CFAAD484BEEBBF4AF49320F14846AE858A3350C7389945CF60
                                      Function 06F4BF18 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                      Download Yara Rule
                                      APIs
                                      • GlobalMemoryStatusEx.KERNELBASE ref: 06F4BF7F
                                      Memory Dump Source
                                      • Source File: 00000004.00000002.3692595352.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_4_2_6f40000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: GlobalMemoryStatus
                                      • String ID:
                                      • API String ID: 1890195054-0
                                      • Opcode ID: cc7b5a4eeabd5ae456d19ad8bf31e20c14518585581cd1c21d2625dfdc6dc41d
                                      • Instruction ID: ce74f628bc37f6f26ffd57519d5d7522ec63efceef3c06b8412fda46d0384d37
                                      • Opcode Fuzzy Hash: cc7b5a4eeabd5ae456d19ad8bf31e20c14518585581cd1c21d2625dfdc6dc41d
                                      • Instruction Fuzzy Hash: CA1123B5C0025A9FCB20DF9AC444BDEFBF4EF48320F14812AD818A7240D778A941CFA5
                                      Function 06F4E52A Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 06F4E596
                                      Memory Dump Source
                                      • Source File: 00000004.00000002.3692595352.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_4_2_6f40000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: HandleModule
                                      • String ID:
                                      • API String ID: 4139908857-0
                                      • Opcode ID: bfcc6268adcef110a6609e4f5d0251af1668afe74a91f64c2e732c128a8e7de7
                                      • Instruction ID: 48f60efff8422b4d44c64bb7caeaa843cddaf9df53238a6fa08b7ea9c0e4ca58
                                      • Opcode Fuzzy Hash: bfcc6268adcef110a6609e4f5d0251af1668afe74a91f64c2e732c128a8e7de7
                                      • Instruction Fuzzy Hash: 9D11CDB5C003498FDB20EF9AD844ADEFBF4AB88320F11846AD469B7610D379A545CFA5
                                      Function 06F4D540 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 06F4E596
                                      Memory Dump Source
                                      • Source File: 00000004.00000002.3692595352.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_4_2_6f40000_PO_27052024.jbxd
                                      Similarity
                                      • API ID: HandleModule
                                      • String ID:
                                      • API String ID: 4139908857-0
                                      • Opcode ID: 17ff673c102c4aaa13e10d9f855f2726650f7f51c97b290badd349e895c6933e
                                      • Instruction ID: e0e9471a772c75fc02775b8d84eb5641bafdc24061b51a96ac128645b855e111
                                      • Opcode Fuzzy Hash: 17ff673c102c4aaa13e10d9f855f2726650f7f51c97b290badd349e895c6933e
                                      • Instruction Fuzzy Hash: 0511F0B5C003498FDB20DF9AD444B9EFBF4EB88320F10846AD859A7610D375A545CFA5
                                      Function 0120D044 Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000004.00000002.3671938041.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_4_2_120d000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7eeab54a1941328eb4d9f7df9885b53bf2962e7a135badcf1f3ab5aaf54bb407
                                      • Instruction ID: da78895fabd72c8896c2e6193a765fa00b64154e50edee1184a2c332fdbff249
                                      • Opcode Fuzzy Hash: 7eeab54a1941328eb4d9f7df9885b53bf2962e7a135badcf1f3ab5aaf54bb407
                                      • Instruction Fuzzy Hash: 682100756143089FDB16DFA4D9C4B26BB62EB84314F20C6ADE94D0B283C776D847CA62
                                      Function 0120D20C Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000004.00000002.3671938041.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_4_2_120d000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 40b14c400faeec6565034f303f7fdbd26d8e16cd017dfcf86a8e2deabb99b041
                                      • Instruction ID: 2311003901968e0027d6f2adca285fb8f19a25b5730f8a4b002100740dfed7dd
                                      • Opcode Fuzzy Hash: 40b14c400faeec6565034f303f7fdbd26d8e16cd017dfcf86a8e2deabb99b041
                                      • Instruction Fuzzy Hash: AC212371625348DFDB12DF94D9C4B26BB65FB84334F20C769E9490B287C376D806CA62
                                      Function 0120D3BC Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000004.00000002.3671938041.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_4_2_120d000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 676d85f21459202f38ab5be25f25be6a03d572d4676e1b95cab905e5d9a7cf36
                                      • Instruction ID: ddfd39b052e8cbf41b651c368322994c8c4dd72efbf931cbbf3bfea997afe949
                                      • Opcode Fuzzy Hash: 676d85f21459202f38ab5be25f25be6a03d572d4676e1b95cab905e5d9a7cf36
                                      • Instruction Fuzzy Hash: A3212275A14208DFDB06DF94D9C0B26BB61FB84314F20C66DE9090B2C7C376E846CA62
                                      Function 0120D207 Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000004.00000002.3671938041.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_4_2_120d000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bf2aa0ac69dbfc9ab00947b0048f034b327edea99ed69b312f674443a93577a4
                                      • Instruction ID: eb66535f73d32a9250d51494cd222560ec7d78292339513fb96760fb94b9dc49
                                      • Opcode Fuzzy Hash: bf2aa0ac69dbfc9ab00947b0048f034b327edea99ed69b312f674443a93577a4
                                      • Instruction Fuzzy Hash: CC11D075504284CFDB02CF94D5C4B15BB71FB84324F24C6AAD9490B687C33AD406CB51
                                      Function 0120D3B7 Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000004.00000002.3671938041.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_4_2_120d000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                      • Instruction ID: 21af2a674279b90827e533c333149f536214ea3d67b5ed69f5b987781f895d9f
                                      • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                      • Instruction Fuzzy Hash: 1A11BE75504284CFCB06CF54D5C4B55BB62FB44314F24C6AAD9494B697C33AE40ACF51
                                      Function 0120D03F Relevance: .1, Instructions: 53COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000004.00000002.3671938041.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_4_2_120d000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                      • Instruction ID: fff11f0722c474c3d47dc5c2e811a3c233febdf7ece5eb3b0bec61f51d88b3aa
                                      • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                      • Instruction Fuzzy Hash: C611BB79504288CFCB16CF94D9C4B15FBA2FB84324F24C6A9D9494B693C33AD44ACF62
                                      Function 011FD8C5 Relevance: .0, Instructions: 45COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000004.00000002.3671739447.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_4_2_11fd000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 80020e9613d6ccf1f821f5a55c5f2fc0ca167fdce7d813e736d0757f9e0046a3
                                      • Instruction ID: ce65186b655f7ef517688c9cf92d7179b34a465cd60608c7dbd1d49f250a73df
                                      • Opcode Fuzzy Hash: 80020e9613d6ccf1f821f5a55c5f2fc0ca167fdce7d813e736d0757f9e0046a3
                                      • Instruction Fuzzy Hash: BA01F7310083449AEB294AA9EC84B36BF98EF41625F14C45EEE490B182D7359841CA72
                                      Function 011FD8C4 Relevance: .0, Instructions: 36COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000004.00000002.3671739447.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_4_2_11fd000_PO_27052024.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3e8b2e6b050d371d0ce80333992f547814eeeb42d758595498dc2bf85e46fe34
                                      • Instruction ID: a5da1909903a802052f2b0c2a5adb4e9c2ce6ff3ae91da8ab1afc37b1adb324f
                                      • Opcode Fuzzy Hash: 3e8b2e6b050d371d0ce80333992f547814eeeb42d758595498dc2bf85e46fe34
                                      • Instruction Fuzzy Hash: 15F0C231004340AEEB248E4ADC84B66FF98EB41635F18C15EEE480B287D3799840CB71