Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
VJoillkb6X.exe

Overview

General Information

Sample name:VJoillkb6X.exe
renamed because original name is a hash value
Original sample name:8dbcecf4f09cdb10ef4f2ac2ac3f66a28d148a63a381877f413cd5f5b39db4e0.exe
Analysis ID:1554437
MD5:c9b68b9567cc9067794e32999c02bfa7
SHA1:d999f0701086e1ecc87380cf002f37f985c6de4c
SHA256:8dbcecf4f09cdb10ef4f2ac2ac3f66a28d148a63a381877f413cd5f5b39db4e0
Tags:4-251-123-83exeuser-JAMESWT_MHT
Infos:

Detection

Meduza Stealer, PureLog Stealer, RedLine, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Meduza Stealer
Yara detected PureLog Stealer
Yara detected RedLine Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains very large array initializations
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • VJoillkb6X.exe (PID: 4904 cmdline: "C:\Users\user\Desktop\VJoillkb6X.exe" MD5: C9B68B9567CC9067794E32999C02BFA7)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: RedLine

{"C2 url": "4.251.123.83:6677"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
VJoillkb6X.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    VJoillkb6X.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      VJoillkb6X.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        VJoillkb6X.exeMALWARE_Win_zgRATDetects zgRATditekSHen
        • 0x45c19:$s1: file:///
        • 0x45b51:$s2: {11111-22222-10009-11112}
        • 0x45ba9:$s3: {11111-22222-50001-00000}
        • 0x423fa:$s4: get_Module
        • 0x42864:$s5: Reverse
        • 0x45226:$s6: BlockCopy
        • 0x42c23:$s7: ReadByte
        • 0x45c2b:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...

        PCAP (Network Traffic)

        SourceRuleDescriptionAuthorStrings
        dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
          dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000000.00000000.2127853816.0000000000462000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              00000000.00000000.2127853816.0000000000462000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    00000000.00000002.2193707975.000000000271D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      Click to see the 3 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      0.0.VJoillkb6X.exe.460000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                        0.0.VJoillkb6X.exe.460000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                          0.0.VJoillkb6X.exe.460000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                            0.0.VJoillkb6X.exe.460000.0.unpackMALWARE_Win_zgRATDetects zgRATditekSHen
                            • 0x45c19:$s1: file:///
                            • 0x45b51:$s2: {11111-22222-10009-11112}
                            • 0x45ba9:$s3: {11111-22222-50001-00000}
                            • 0x423fa:$s4: get_Module
                            • 0x42864:$s5: Reverse
                            • 0x45226:$s6: BlockCopy
                            • 0x42c23:$s7: ReadByte
                            • 0x45c2b:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...

                            Sigma Signatures

                            No Sigma rule has matched

                            Suricata Signatures

                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-11-12T14:55:54.388224+010020460561A Network Trojan was detected4.251.123.836677192.168.2.649711TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-11-12T14:55:53.903474+010020460451A Network Trojan was detected192.168.2.6497114.251.123.836677TCP

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Found malware configuration
                            Source: VJoillkb6X.exe.4904.0.memstrminMalware Configuration Extractor: RedLine {"C2 url": "4.251.123.83:6677"}
                            Multi AV Scanner detection for submitted file
                            Source: VJoillkb6X.exeReversingLabs: Detection: 65%
                            AI detected suspicious sample
                            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                            Machine Learning detection for sample
                            Source: VJoillkb6X.exeJoe Sandbox ML: detected
                            Source: VJoillkb6X.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                            Networking

                            barindex
                            Suricata IDS alerts for network traffic
                            Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.6:49711 -> 4.251.123.83:6677
                            Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 4.251.123.83:6677 -> 192.168.2.6:49711
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorURLs: 4.251.123.83:6677
                            Source: global trafficTCP traffic: 192.168.2.6:49711 -> 4.251.123.83:6677
                            Source: Joe Sandbox ViewIP Address: 4.251.123.83 4.251.123.83
                            Source: Joe Sandbox ViewASN Name: LEVEL3US LEVEL3US
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: unknownTCP traffic detected without corresponding DNS query: 4.251.123.83
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
                            Source: VJoillkb6X.exe, 00000000.00000002.2204522748.000000001B5DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002CAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: tC:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.000000000271D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/example/Field1
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/example/Field1Response
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/example/Field2
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2193707975.000000000271D000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/example/Field2Response
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.0000000012AB5000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/example/Field3
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.000000000271D000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/example/Field3Response
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.000000000271D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.oh
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000128AE000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2199588202.00000000126AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000128AE000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2199588202.00000000126AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000128AE000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2199588202.00000000126AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000128AE000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2199588202.00000000126AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/users/
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000128AE000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2199588202.00000000126AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000128AE000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2199588202.00000000126AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000128AE000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2199588202.00000000126AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000128AE000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2199588202.00000000126AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000128AE000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2199588202.00000000126AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                            System Summary

                            barindex
                            Malicious sample detected (through community Yara rule)
                            Source: VJoillkb6X.exe, type: SAMPLEMatched rule: Detects zgRAT Author: ditekSHen
                            Source: 0.0.VJoillkb6X.exe.460000.0.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                            .NET source code contains very large array initializations
                            Source: VJoillkb6X.exe, Strings.csLarge array initialization: Strings: array initializer size 6160
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeCode function: 0_2_00007FFD343816B30_2_00007FFD343816B3
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeCode function: 0_2_00007FFD3438C4CB0_2_00007FFD3438C4CB
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeCode function: 0_2_00007FFD344DA5990_2_00007FFD344DA599
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeCode function: 0_2_00007FFD344DF8650_2_00007FFD344DF865
                            Source: VJoillkb6X.exe, 00000000.00000000.2127853816.0000000000462000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameArthasman.exe$ vs VJoillkb6X.exe
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.000000000271D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs VJoillkb6X.exe
                            Source: VJoillkb6X.exeBinary or memory string: OriginalFilenameArthasman.exe$ vs VJoillkb6X.exe
                            Source: VJoillkb6X.exe, type: SAMPLEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                            Source: 0.0.VJoillkb6X.exe.460000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                            Source: VJoillkb6X.exe, Strings.csCryptographic APIs: 'CreateDecryptor'
                            Source: VJoillkb6X.exe, Class4.csCryptographic APIs: 'CreateDecryptor'
                            Source: VJoillkb6X.exe, Class4.csCryptographic APIs: 'CreateDecryptor'
                            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/1@0/1
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile created: C:\Users\user\AppData\Local\Microsoft\Wind?wsJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeMutant created: NULL
                            Source: VJoillkb6X.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: VJoillkb6X.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: VJoillkb6X.exeReversingLabs: Detection: 65%
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: secur32.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: windowscodecs.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                            Source: VJoillkb6X.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                            Source: VJoillkb6X.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                            Data Obfuscation

                            barindex
                            .NET source code contains method to dynamically call methods (often used by packers)
                            Source: VJoillkb6X.exe, Class4.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                            Source: VJoillkb6X.exeStatic PE information: 0xE3FEC0F4 [Mon Mar 19 06:19:32 2091 UTC]
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeCode function: 0_2_00007FFD342B5CAC push edx; iretd 0_2_00007FFD342B5CBB
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeCode function: 0_2_00007FFD34382004 pushad ; retf 0_2_00007FFD34382005
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeCode function: 0_2_00007FFD34517548 push ebx; iretd 0_2_00007FFD3451756A
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                            Malware Analysis System Evasion

                            barindex
                            Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \QEMU-GA.EXE
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeMemory allocated: BF0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeMemory allocated: 1A670000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeWindow / User API: threadDelayed 1206Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeWindow / User API: threadDelayed 2417Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exe TID: 3748Thread sleep time: -10145709240540247s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exe TID: 5060Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
                            Source: VJoillkb6X.exe, 00000000.00000002.2204671531.000000001B5F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllXXn
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \qemu-ga.exe
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002A69000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: a+gZHWRMVWxqhmGkwPDYyjKMCw0Og3WVeEka+xsvn29TtmTfWbTJ0IYJkyXVZTogEvk0Ug/cTvdVBjxCPm0bNBY/sA3VxFhkhdzQsFcLBz6uGXB1DV0nbobJw9jhNYa0gG/En+48ZFhmCFIXmuZoqiopbM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZM241n1Wg2QJriGdD15v8AEBGUz5wmlUAhSdeuRka5XGneIZTmGpDHsAMQJpeyqP8xYFGCRUAjTnqs8pnAw7ZfJaRM+v+EFLwrtaPnqkMBbgxavDBYWANPixOUg4B+VzjJUjJYCBsUJclzNAchyM4pexDM02OhsoxyzrVD0C6Arsg91oEjxRVPKLcNQkNKVbxTCUW6soC2egIZoCPA7t4NFXTGOgK4Ztqmq9iAIBoyJ0taxTdWMw6zUbRFVnX0UrMS8+qbjpa49lGwqehC3MjgPLqrkBUFpyDPwpFUfupRlk6QW9NIcWAwPgjCgxdK6okaC1DF0K1ohFZDl5jASmKR3itQzUXpUraHaACX6vQ/9XAsTV4DSBo7dk3QZrlT5uo4dswPOpnsJUzg7nmNYtWoEgESZWcUTH2xOwuFIKgJgfVnHTK+JLmAb/RowJPMKhAsCv3xIKp3A3J0bIrT6Kneikg7dvk+GJmkHFttaJEguSLSv129ueZxPU8u/jjbOh58SbK79gHC6fbyHtiXugGa2piEQXxG+bmG0Cus4t/nq2zXfIR5aooh8B19rBJQYmQ20FEfz4uFqfTRmf/+lM6Ex746uEtS7v0ouFUMm83c8HpZ5PQzRdxuv47EQAZ9PEP/ZL6ecyVbL+8hOSJm6+yF+1A6ySN83i+WdwHy5TP6AGa54yNOQDMt0K/OHXfg+kqThLIfk6QFsLDCjZdpZTGOzjUsCOwZe5C6Gi8Q8TVSedBLpSfsvQj8BDp18kmZ3ex54YP0+Gs0yuOc0oHyahpuklKSN9DNVuBZhWH/uMHS1PAuQ5a2Lju9F/SWeKm7prBc0jVP84iPJxdnHVJ/HDDDbXL54Z89qdU0Vcin6gqmwXrJjGgP4IA8IR19qewIwTnUCQdrTZp1GW0u9j1R6sUgPUrm2c5cvXl9oot3E2Yi+lA6TVxs+wzTv0RyoJlnAb/LVyrQ+JXXkt08JQiqZojt7zmAq6A6TMAI3d99XjZOb1H2Ej05cPkbrRi3jsQ/1cA/+FiEaSdYURoSjyCbui7SR58sFKCEAn3HKH4uwm3eDW6eeqSVnn3vRu5S+ZPUrZgKYs8lgl1/fYieGCfbdnVWn1in27qZ19Yfhv4WKpf3SAPgywfR4sYK3wdc8VGoHmK3TWFL5jmOUHB49Ogy2jYoedRvh3h9D96fGhUBv0WbVKW3Fxq4ViXVL2x9NKNgA+vC8A5zUncE8H2TafulfEOSRqFccYu86ht5uc0nLgpiCrzoulmnAYZLfk4zbvX51WQrYMsc8ORmzRWmqqLFXZVINxxVKaxrpheUhYRfRx54cZnzZZxdMOYT0VhpWbZdIcVFHnb3QBFJEgxwyQpCTte0yQjzn7uCUZsuA+iYIJO4a+Hmq+9ONtmOcMMYl7TbktlwpTMf366yxqm+uPbWY4CHOTnXrwGvPjnt7OfVwg2HHr8jHcJ5uzn/JOx/BvEfztb
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                            Source: VJoillkb6X.exe, 00000000.00000002.2199588202.00000000127D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeMemory allocated: page read and write | page guardJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeQueries volume information: C:\Users\user\Desktop\VJoillkb6X.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                            Stealing of Sensitive Information

                            barindex
                            Yara detected Meduza Stealer
                            Source: Yara matchFile source: Process Memory Space: VJoillkb6X.exe PID: 4904, type: MEMORYSTR
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: VJoillkb6X.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.VJoillkb6X.exe.460000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.2127853816.0000000000462000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: VJoillkb6X.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.VJoillkb6X.exe.460000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.2127853816.0000000000462000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: VJoillkb6X.exe PID: 4904, type: MEMORYSTR
                            Yara detected zgRAT
                            Source: Yara matchFile source: VJoillkb6X.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.VJoillkb6X.exe.460000.0.unpack, type: UNPACKEDPE
                            Found many strings related to Crypto-Wallets (likely being stolen)
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: hieplnfojfccegoloniefimmbfjdgcgp|Electrum
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectronCashE#
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: cjelfplplebdjjenllpjcblmjkfcffne|JaxxxLiberty
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: idkppnahnmmggbmfkjhiakkbkdpnmnon|Exodus
                            Source: VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                            Source: VJoillkb6X.exe, 00000000.00000000.2127853816.0000000000462000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: set_UseMachineKeyStore
                            Tries to harvest and steal browser information (history, passwords, etc)
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                            Tries to steal Crypto Currency Wallets
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                            Source: C:\Users\user\Desktop\VJoillkb6X.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                            Source: Yara matchFile source: 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.2193707975.000000000271D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: VJoillkb6X.exe PID: 4904, type: MEMORYSTR

                            Remote Access Functionality

                            barindex
                            Yara detected Meduza Stealer
                            Source: Yara matchFile source: Process Memory Space: VJoillkb6X.exe PID: 4904, type: MEMORYSTR
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: VJoillkb6X.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.VJoillkb6X.exe.460000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.2127853816.0000000000462000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: VJoillkb6X.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.VJoillkb6X.exe.460000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.2127853816.0000000000462000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: VJoillkb6X.exe PID: 4904, type: MEMORYSTR
                            Yara detected zgRAT
                            Source: Yara matchFile source: VJoillkb6X.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.VJoillkb6X.exe.460000.0.unpack, type: UNPACKEDPE

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                            Windows Management Instrumentation                            		1
                            DLL Side-Loading                            		1
                            DLL Side-Loading                            		1
                            Masquerading                            		1
                            OS Credential Dumping                            		321
                            Security Software Discovery                            		Remote Services11
                            Archive Collected Data                            		1
                            Encrypted Channel                            		Exfiltration Over Other Network MediumAbuse Accessibility Features
                            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                            Disable or Modify Tools                            		LSASS Memory1
                            Process Discovery                            		Remote Desktop Protocol3
                            Data from Local System                            		1
                            Non-Standard Port                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                            Virtualization/Sandbox Evasion                            		Security Account Manager241
                            Virtualization/Sandbox Evasion                            		SMB/Windows Admin Shares1
                            Clipboard Data                            		1
                            Application Layer Protocol                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                            Deobfuscate/Decode Files or Information                            		NTDS1
                            Application Window Discovery                            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                            Obfuscated Files or Information                            		LSA Secrets113
                            System Information Discovery                            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                            Software Packing                            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                            Timestomp                            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                            DLL Side-Loading                            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            VJoillkb6X.exe66%ReversingLabsByteCode-MSIL.Ransomware.RedLine
                            VJoillkb6X.exe100%Joe Sandbox ML

                            Dropped Files

                            No Antivirus matches

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            No Antivirus matches

                            URLs

                            No Antivirus matches

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            fp2e7a.wpc.phicdn.net
                            		192.229.221.95
                            		truefalse
                              		high

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              4.251.123.83:6677false
                                		high

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/ws/2005/02/sc/sctVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/chrome_newtabVJoillkb6X.exe, 00000000.00000002.2199588202.00000000128AE000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2199588202.00000000126AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/ac/?q=VJoillkb6X.exe, 00000000.00000002.2199588202.00000000128AE000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2199588202.00000000126AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://discord.com/api/v9/users/VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/faultVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsatVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://tempuri.org/example/Field1ResponseVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameVJoillkb6X.exe, 00000000.00000002.2193707975.000000000271D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://api.ip.sb/ipVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/04/scVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=VJoillkb6X.exe, 00000000.00000002.2199588202.00000000128AE000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2199588202.00000000126AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.ecosia.org/newtab/VJoillkb6X.exe, 00000000.00000002.2199588202.00000000128AE000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2199588202.00000000126AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.w3.ohVJoillkb6X.exe, 00000000.00000002.2193707975.000000000271D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/08/addressingVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/trustVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/NonceVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RenewVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://tempuri.org/example/Field1VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2006/02/addressingidentityVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/soap/envelope/VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://tempuri.org/example/Field2VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://tempuri.org/example/Field3VJoillkb6X.exe, 00000000.00000002.2199588202.0000000012AB5000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=VJoillkb6X.exe, 00000000.00000002.2199588202.00000000128AE000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2199588202.00000000126AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trustVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/06/addressingexVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoorVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/NonceVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponseVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/08/addressing/faultVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/RenewVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKeyVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchVJoillkb6X.exe, 00000000.00000002.2199588202.00000000128AE000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2199588202.00000000126AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/CommittedVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://tempuri.org/example/Field3ResponseVJoillkb6X.exe, 00000000.00000002.2193707975.000000000271D000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wscoor/faultVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertyVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/sc/sctVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponseVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/CancelVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgementVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCTVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoVJoillkb6X.exe, 00000000.00000002.2199588202.00000000128AE000.00000004.00000800.00020000.00000000.sdmp, VJoillkb6X.exe, 00000000.00000002.2199588202.00000000126AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1VJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_WrapVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2002/12/policyVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/sc/dkVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/IssueVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/IssueVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/CommitVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextVJoillkb6X.exe, 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high

                                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                      4.251.123.83
                                                                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                                                                      		3356LEVEL3UStrue

                                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                      Analysis ID:1554437
                                                                                                                                                                                                                                      Start date and time:2024-11-12 14:54:59 +01:00
                                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                      Overall analysis duration:0h 2m 54s
                                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                      Number of analysed new started processes analysed:2
                                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                                                      Sample name:VJoillkb6X.exe
                                                                                                                                                                                                                                      renamed because original name is a hash value
                                                                                                                                                                                                                                      Original Sample Name:8dbcecf4f09cdb10ef4f2ac2ac3f66a28d148a63a381877f413cd5f5b39db4e0.exe
                                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@1/1@0/1
                                                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                                                      HCA Information:Failed
                                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                                                                                                      • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 172.202.163.200
                                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ocsp.edge.digicert.com, sls.update.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                      • VT rate limit hit for: VJoillkb6X.exe

                                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                                      08:55:54API Interceptor18x Sleep call for process: VJoillkb6X.exe modified

                                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                      4.251.123.839LrEuTWP8s.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                        HAeAec7no3.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                          EUFOvMxM2H.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                            i4w1K6ft2F.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                              xMYbN0Yd2a.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                                FaZM14kDMN.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                                  j7movK82QT.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                                    Z4uyrnCQ8L.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse

                                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                        fp2e7a.wpc.phicdn.netHAeAec7no3.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                                        i4w1K6ft2F.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                                        https://renosuperstore.ca/shop/vanities/tesoro/tesoro-smally-collection/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                                        https://shorten.is/meta_copyright_support_teamt5256Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                                        http://sisteraboveaddition.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                                        https://phylluck.com/click.php?key=famxo5ii1wqu2yv482gl&SUB_ID_SHORT=cspjf15oqcd5r3d5kefg&PLACEMENT_ID=23442850&CAMPAIGN_ID=1156044&PUBLISHER_ID=464279&ZONE_ID=3918229&type=Push&age=0&creative_id=547903&campaign_id=111712&site_id=12702&placement_id=50523819&preset_id=547Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                                        https://www.google.pl/url?url=http://msulrmrdjzsckgcdargfhi.com&nbq=tspwcyd&idbzok=wua&nbnak=ambmgo&lwf=vngmsem&q=amp/jdsra7r.ldn%C2%ADf%C2%ADpwlywydkjq%C2%ADuh%C2%ADf%C2%ADx%C2%AD.com/ufpd3kprb&xssr=zrcbvya&bhrswcv=abqvczic&clvu=wotwqzi&umasmoc=lhibfmio&tgek=sdcrupi&bpcjeel=qvmnlgnn&eign=czorcvw&txcfkja=lhtluzhk&zkmb=joyrkbk&mspp=frbfplx&ohrxtnn=emgsiphv&cbqf=eyyxrom&ngreupz=nzdjgaue&xtpz=fvqzpcq&spvwwuv=vijpphwi&wrjj=pklwpte&uuahvww=saaddjqzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                                        https://sharepoint-business.com/?rid=eprRhgrGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                                        549528673305518362.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                                        https://sites.google.com/view/we2k-/homeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        • 192.229.221.95

                                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                        LEVEL3US9LrEuTWP8s.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                                        • 4.251.123.83
                                                                                                                                                                                                                                                        HAeAec7no3.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                                        • 4.251.123.83
                                                                                                                                                                                                                                                        EUFOvMxM2H.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                                        • 4.251.123.83
                                                                                                                                                                                                                                                        i4w1K6ft2F.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                                        • 4.251.123.83
                                                                                                                                                                                                                                                        xMYbN0Yd2a.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                                        • 4.251.123.83
                                                                                                                                                                                                                                                        FaZM14kDMN.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                                        • 4.251.123.83
                                                                                                                                                                                                                                                        j7movK82QT.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                                        • 4.251.123.83
                                                                                                                                                                                                                                                        Z4uyrnCQ8L.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                                        • 4.251.123.83
                                                                                                                                                                                                                                                        botnet.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                        • 65.90.191.211
                                                                                                                                                                                                                                                        sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                        • 4.98.147.155

                                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\VJoillkb6X.exe.log

                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\VJoillkb6X.exe
                                                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                        Size (bytes):2611
                                                                                                                                                                                                                                                        Entropy (8bit):5.363358188931451
                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                        SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkafHKWA1eXrHKlT48BHK7HKmTHlHNW:iq+wmj0qCYqGSI6oPtzHeqKkGqhA7qZR
                                                                                                                                                                                                                                                        MD5:CEA017D10C4D437981D19F21660A47FA
                                                                                                                                                                                                                                                        SHA1:61AAFCECB5325DE172857CEF7C7E1F230F73AFFD
                                                                                                                                                                                                                                                        SHA-256:60B099420455DECD1878FE84F217CFE478BA0BA5E6E574077150D08355A1DD96
                                                                                                                                                                                                                                                        SHA-512:413384BF9D2EDC9BC2DF6D5175D09A33B91CCF9C53FE3CB21892CB57AF4FD8A9BE0608E9BCA57AF4A7F2709A4C110148719DA3210460DF433CFD77FA753B9CF8
                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                        Entropy (8bit):6.572244662396641
                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                                                                                                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                                                        • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                                        File name:VJoillkb6X.exe
                                                                                                                                                                                                                                                        File size:346'112 bytes
                                                                                                                                                                                                                                                        MD5:c9b68b9567cc9067794e32999c02bfa7
                                                                                                                                                                                                                                                        SHA1:d999f0701086e1ecc87380cf002f37f985c6de4c
                                                                                                                                                                                                                                                        SHA256:8dbcecf4f09cdb10ef4f2ac2ac3f66a28d148a63a381877f413cd5f5b39db4e0
                                                                                                                                                                                                                                                        SHA512:9e24e7fab933fbd5ad500b0759582d3417ccd571c248010be486c53574f21e38a5d10dd2b14128cc4d4b4d922dc25806a14d46793b9e2ffe951b8c797f458c6a
                                                                                                                                                                                                                                                        SSDEEP:6144:2DKXJVqDD/qxgATuaBNt1BrivR0V4TBjgYxs1wl206gBawFV2ceSb0BQ/GfM/4Qx:2DgYDzqxdXBNt1BrivR0V4TBjgYxs1wQ
                                                                                                                                                                                                                                                        TLSH:3F744D2463825A19D8BEC63A8421D44897B8D61A4FC3E70DB8C865F27DE2353F1F6F16
                                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.................. ........@.. ....................................@................................

                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                        Icon Hash:1707032b9b1b3117

                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                        Entrypoint:0x44d0ee
                                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                        Time Stamp:0xE3FEC0F4 [Mon Mar 19 06:19:32 2091 UTC]
                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                                        File Version Major:4
                                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                        jmp dword ptr [00402000h]
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                        add byte ptr [eax], al

                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x4d09c0x4f.text
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x4e0000x908e.rsrc
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x580000xc.reloc
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                        .text0x20000x4b0f40x4b20080dff83ad519262e116abc93bd794eb4False0.418020746672213data6.5286514424727455IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                        .rsrc0x4e0000x908e0x92002703d9d5ff8837633ec354c62ac8f2f3False0.540480522260274data6.103423039317328IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                        .reloc0x580000xc0x2003a13fecd19ca9773d82cc3855bc1b8ebFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                        RT_ICON0x4e2500x3172PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9999209985779745
                                                                                                                                                                                                                                                        RT_ICON0x513c40xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688, resolution 11811 x 11811 px/m0.4064498933901919
                                                                                                                                                                                                                                                        RT_ICON0x5226c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600, resolution 11811 x 11811 px/m0.2074688796680498
                                                                                                                                                                                                                                                        RT_ICON0x548140x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152, resolution 11811 x 11811 px/m0.45803249097472926
                                                                                                                                                                                                                                                        RT_ICON0x550bc0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224, resolution 11811 x 11811 px/m0.2840056285178236
                                                                                                                                                                                                                                                        RT_ICON0x561640x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, resolution 11811 x 11811 px/m0.3930635838150289
                                                                                                                                                                                                                                                        RT_ICON0x566cc0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088, resolution 11811 x 11811 px/m0.4973404255319149
                                                                                                                                                                                                                                                        RT_GROUP_ICON0x56b340x68data0.6826923076923077
                                                                                                                                                                                                                                                        RT_VERSION0x56b9c0x308data0.45489690721649484
                                                                                                                                                                                                                                                        RT_MANIFEST0x56ea40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                        mscoree.dll_CorExeMain

                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                        2024-11-12T14:55:53.903474+01002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.6497114.251.123.836677TCP
                                                                                                                                                                                                                                                        2024-11-12T14:55:54.388224+01002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)14.251.123.836677192.168.2.649711TCP

                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:52.875335932 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:52.880642891 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:52.880907059 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:52.882863998 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:52.887710094 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:53.704209089 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:53.746113062 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:53.903474092 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:53.908411980 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.140927076 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.149236917 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.154205084 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.388083935 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.388124943 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.388137102 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.388206005 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.388223886 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.388235092 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.388246059 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.388257027 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.388273001 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.388283968 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.388290882 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.388294935 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.388318062 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.388343096 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.388343096 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.388564110 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.388653040 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.388722897 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.393346071 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.393424988 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.393544912 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.505289078 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.505312920 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.505325079 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.505342007 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.505353928 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.505503893 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.505570889 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:54.505626917 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.457714081 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.462562084 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.462584972 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.462595940 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.462637901 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.462649107 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.462649107 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.462685108 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.462709904 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.462718964 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.462738037 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.462757111 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.462763071 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.462770939 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.462822914 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.462836027 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.462878942 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.467751980 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.467772007 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.467782021 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.467806101 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.467828035 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.467837095 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.467840910 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.467847109 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.467894077 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.467910051 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.467926025 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.467964888 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.467993021 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.468025923 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.468029022 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.468070984 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.468071938 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.468122005 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.468204975 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.468259096 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.468270063 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.468314886 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.472820997 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.472904921 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.472942114 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.472969055 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.472978115 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.473010063 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.473035097 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.473048925 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.473067999 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.473093987 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.473097086 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.473105907 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.473130941 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.473140001 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.473151922 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.473174095 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.473206997 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.473220110 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.473290920 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.474585056 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.474648952 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.474720001 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.474730015 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.474762917 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.474778891 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.474791050 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.474797010 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.474831104 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.474834919 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.474841118 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.474843979 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.474862099 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.474869967 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.474879980 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.474890947 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.474926949 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.477770090 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.477818012 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.477833986 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.477843046 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.477881908 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.477885008 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.477890968 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.477900982 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.477910042 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.477920055 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.477936983 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.477938890 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.477972984 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.477974892 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.477987051 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478002071 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478010893 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478023052 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478039980 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478046894 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478085995 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478095055 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478144884 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478161097 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478171110 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478180885 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478189945 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478208065 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478216887 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478224993 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478235960 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478353024 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478363037 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478373051 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478382111 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478390932 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478394985 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478399038 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478401899 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478405952 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478410006 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478445053 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478455067 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478458881 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478468895 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478477955 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478487015 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478511095 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478516102 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478526115 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478529930 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478533983 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478535891 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478562117 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478571892 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478579998 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478653908 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.478729963 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.479604006 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.479614019 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.479680061 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.479741096 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.479800940 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.479810953 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.479826927 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.479835987 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.479923964 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.479935884 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.479948044 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.479958057 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.479974031 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.479981899 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.480006933 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.480015039 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.480087996 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.480096102 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.480107069 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.480115891 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.482683897 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.482703924 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.482712984 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.482800961 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.482810020 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.482825041 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.482834101 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.482877016 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.482886076 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.482896090 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.482935905 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.482945919 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.482954025 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.482975960 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.482984066 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.482991934 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483004093 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483062029 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483072996 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483098984 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483114958 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483149052 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483335018 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483398914 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483458042 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483509064 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483519077 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483537912 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483546972 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483568907 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483577967 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483588934 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483652115 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483660936 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483678102 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483686924 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483695030 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483711958 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483721972 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483755112 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483763933 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483794928 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483805895 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483848095 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483856916 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483866930 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483875990 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483891964 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483901024 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483907938 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483967066 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483975887 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.483992100 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484004021 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484011889 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484078884 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484088898 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484096050 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484114885 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484123945 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484131098 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484141111 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484252930 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484263897 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484277010 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484293938 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484302998 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484313965 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484385967 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484395027 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484404087 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484412909 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484424114 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484447002 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484469891 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484479904 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.484517097 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488264084 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488275051 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488306999 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488316059 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488325119 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488334894 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488363981 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488378048 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488387108 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488394976 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488410950 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488420010 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488435984 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488445044 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488460064 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488466978 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488476038 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488502979 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488518000 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488518953 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488533974 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488543987 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488555908 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488590002 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488599062 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488606930 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488630056 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488639116 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488646030 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488661051 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488689899 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488698959 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488707066 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488723993 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488733053 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488742113 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488820076 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488828897 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488837957 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488899946 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488909960 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488919020 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488929033 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488979101 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488987923 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.488997936 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.489063978 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.489088058 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.489129066 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.489177942 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.489187002 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.489232063 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.489242077 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.489248991 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.489259005 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493397951 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493458033 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493469954 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493483067 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493551016 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493561983 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493585110 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493592024 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493599892 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493613005 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493632078 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493643999 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493652105 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493670940 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493720055 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493730068 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493740082 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493762016 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493771076 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493801117 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493809938 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493858099 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493866920 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493889093 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493897915 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493932962 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493942976 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493984938 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.493994951 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494039059 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494050980 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494164944 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494175911 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494199991 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494211912 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494230032 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494282007 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494292974 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494301081 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494312048 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494343996 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494353056 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494360924 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494375944 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494388103 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494398117 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494410038 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494452953 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494467020 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494478941 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494488001 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494532108 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494540930 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494554043 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.494571924 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498442888 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498454094 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498464108 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498472929 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498507977 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498531103 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498539925 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498549938 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498605013 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498615026 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498615980 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498672962 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498682976 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498683929 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498692036 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498701096 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498709917 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498718977 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498743057 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498750925 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498760939 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498770952 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498797894 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498806953 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498815060 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498828888 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498889923 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498903990 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498913050 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498922110 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498934984 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498944044 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498954058 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498979092 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498989105 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.498996973 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499039888 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499049902 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499058008 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499066114 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499075890 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499116898 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499125957 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499140978 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499150038 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499190092 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499200106 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499219894 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499229908 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499237061 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499255896 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499267101 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499274969 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499296904 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.499305964 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.503642082 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.503652096 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.503689051 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.503699064 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.503712893 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.503724098 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.503731966 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.503859043 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.503870010 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.503879070 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.503890038 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.503922939 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.503932953 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.503941059 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.503950119 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.503994942 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.504004002 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.504008055 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.504012108 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.504070044 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.504080057 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.504087925 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.504098892 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.504142046 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.504151106 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.504159927 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.504199028 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.504208088 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.504218102 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.504283905 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.504292965 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.504302025 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.504311085 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.550216913 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.550513983 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.550611019 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.550611019 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.550643921 CET497116677192.168.2.64.251.123.83
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:57.598068953 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:58.310973883 CET6677497114.251.123.83192.168.2.6
                                                                                                                                                                                                                                                        Nov 12, 2024 14:55:58.348325014 CET497116677192.168.2.64.251.123.83

                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                        Nov 12, 2024 14:56:08.142393112 CET1.1.1.1192.168.2.60x9d76No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                        Nov 12, 2024 14:56:08.142393112 CET1.1.1.1192.168.2.60x9d76No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                        Start time:08:55:50
                                                                                                                                                                                                                                                        Start date:12/11/2024
                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\VJoillkb6X.exe
                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\VJoillkb6X.exe"
                                                                                                                                                                                                                                                        Imagebase:0x460000
                                                                                                                                                                                                                                                        File size:346'112 bytes
                                                                                                                                                                                                                                                        MD5 hash:C9B68B9567CC9067794E32999C02BFA7
                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.2127853816.0000000000462000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.2127853816.0000000000462000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2193707975.0000000002704000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2193707975.000000000271D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                          Execution Coverage:18.1%
                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                          Total number of Nodes:9
                                                                                                                                                                                                                                                          Total number of Limit Nodes:0
                                                                                                                                                                                                                                                          execution_graph 9787 7ffd344d2ce9 9788 7ffd344d2cff DeleteDC 9787->9788 9790 7ffd344d2d86 9788->9790 9791 7ffd344de161 9792 7ffd344de17f ReadFile 9791->9792 9794 7ffd344de27d 9792->9794 9783 7ffd344dd34d 9784 7ffd344dd357 CreateFileA 9783->9784 9786 7ffd344dd542 9784->9786

                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                          Function 00007FFD344DF865 Relevance: 13.1, Strings: 10, Instructions: 583COMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2210395125.00007FFD344D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD344D0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd344d0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: (G?4$P[V4$P[V4$P[V4$`^V4$`^V4$`bV4$raC4$raC4$raC4
                                                                                                                                                                                                                                                          • API String ID: 0-4168047203
                                                                                                                                                                                                                                                          • Opcode ID: 92ca5a94d7cdd6490875f7ac3219480feb101d25d972a2b3005ede51ee7f6dd5
                                                                                                                                                                                                                                                          • Instruction ID: df253d9bba8498db173658fd9e4622114ae8462a9bb5f4a7679d922f0894225e
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92ca5a94d7cdd6490875f7ac3219480feb101d25d972a2b3005ede51ee7f6dd5
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A32E971E09A5D8FDBA4EB18C8A5BA9B7B1FB59301F1001FAD00DE3296DE3569C19F40
                                                                                                                                                                                                                                                          Function 00007FFD344DA599 Relevance: 4.9, Strings: 3, Instructions: 1114COMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                          control_flow_graph 88 7ffd344da599-7ffd344da5ea 90 7ffd344da5ec 88->90 91 7ffd344da5f1-7ffd344da654 88->91 90->91 95 7ffd344db373-7ffd344db396 91->95 97 7ffd344da659-7ffd344da68f 95->97 98 7ffd344db39c-7ffd344db3c7 call 7ffd344db534 95->98 97->98 101 7ffd344da695-7ffd344da6ec 97->101 109 7ffd344da6f3-7ffd344da760 101->109 110 7ffd344da6ee 101->110 114 7ffd344da769-7ffd344da77a 109->114 115 7ffd344da762-7ffd344da767 109->115 110->109 116 7ffd344da77d-7ffd344da781 114->116 115->116 117 7ffd344da787-7ffd344da794 116->117 118 7ffd344db370-7ffd344db371 116->118 119 7ffd344da79b-7ffd344da7d5 117->119 120 7ffd344da796 117->120 118->95 122 7ffd344da7dc-7ffd344da82e 119->122 123 7ffd344da7d7 119->123 120->119 127 7ffd344da835-7ffd344da8aa 122->127 128 7ffd344da830 122->128 123->122 132 7ffd344da8ac 127->132 133 7ffd344da8b1-7ffd344da8d3 127->133 128->127 132->133 134 7ffd344da90b-7ffd344da94f 133->134 135 7ffd344da8d5-7ffd344da8e5 133->135 141 7ffd344da955-7ffd344da971 134->141 142 7ffd344dae9d-7ffd344daf32 call 7ffd344d8aa0 134->142 136 7ffd344da8ec-7ffd344da908 135->136 137 7ffd344da8e7 135->137 136->134 137->136 146 7ffd344da974-7ffd344da981 141->146 156 7ffd344db338-7ffd344db35b 142->156 146->118 147 7ffd344da987-7ffd344da995 146->147 149 7ffd344da99c-7ffd344daa45 call 7ffd344d8aa0 147->149 150 7ffd344da997 147->150 168 7ffd344dae51-7ffd344dae7a 149->168 150->149 160 7ffd344daf37-7ffd344dafb3 156->160 161 7ffd344db361-7ffd344db36e call 7ffd344db3f6 156->161 178 7ffd344dafb5-7ffd344dafd5 160->178 179 7ffd344dafed-7ffd344dafef 160->179 161->118 172 7ffd344daa4a-7ffd344daacc 168->172 173 7ffd344dae80-7ffd344dae98 call 7ffd344db495 168->173 191 7ffd344dab06-7ffd344dab08 172->191 192 7ffd344daace-7ffd344daaee 172->192 173->146 178->179 188 7ffd344dafd7-7ffd344dafeb 178->188 182 7ffd344daff5-7ffd344daffc 179->182 185 7ffd344db335-7ffd344db336 182->185 186 7ffd344db002-7ffd344db081 182->186 185->156 206 7ffd344db088-7ffd344db0a2 186->206 207 7ffd344db083 186->207 188->182 193 7ffd344dab0e-7ffd344dab15 191->193 192->191 199 7ffd344daaf0-7ffd344dab04 192->199 197 7ffd344dab1b-7ffd344dab9a 193->197 198 7ffd344dae4e-7ffd344dae4f 193->198 215 7ffd344dab9c 197->215 216 7ffd344daba1-7ffd344dabbb 197->216 198->168 199->193 208 7ffd344db0a9-7ffd344db15e 206->208 209 7ffd344db0a4 206->209 207->206 224 7ffd344db1b1-7ffd344db1d6 208->224 225 7ffd344db160-7ffd344db16b 208->225 209->208 215->216 217 7ffd344dabc2-7ffd344dac77 216->217 218 7ffd344dabbd 216->218 235 7ffd344dacca-7ffd344dacef 217->235 236 7ffd344dac79-7ffd344dac84 217->236 218->217 228 7ffd344db1dc-7ffd344db2e9 call 7ffd344d0080 call 7ffd344d02a8 call 7ffd344d8ac8 call 7ffd344d02d0 224->228 225->224 226 7ffd344db16d-7ffd344db199 225->226 229 7ffd344db19b 226->229 230 7ffd344db1a0-7ffd344db1af 226->230 266 7ffd344db2ee-7ffd344db332 228->266 229->230 230->228 239 7ffd344dacf5-7ffd344dae4b call 7ffd344d0080 call 7ffd344d02a8 call 7ffd344d8ac8 call 7ffd344d02d0 235->239 236->235 240 7ffd344dac86-7ffd344dacb2 236->240 239->198 241 7ffd344dacb9-7ffd344dacc8 240->241 242 7ffd344dacb4 240->242 241->239 242->241 266->185
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2210395125.00007FFD344D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD344D0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd344d0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: 1_H$(G?4$@B/
                                                                                                                                                                                                                                                          • API String ID: 0-3059152472
                                                                                                                                                                                                                                                          • Opcode ID: 04f38d02f031db475e3e22f28d85e886dd528ff18e5ad969863dcf648d435477
                                                                                                                                                                                                                                                          • Instruction ID: 314591db074187ad17a37f4f2a982b414046e7a7b789d7c183266d92cce00215
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04f38d02f031db475e3e22f28d85e886dd528ff18e5ad969863dcf648d435477
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71A2EB70A19A5D8FDBA9EB18C8A57A8B7B1FF59300F5001F9D10DE3296CE756A80DF40
                                                                                                                                                                                                                                                          Function 00007FFD3438C4CB Relevance: 4.5, Strings: 3, Instructions: 757COMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208860711.00007FFD34380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34380000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd34380000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: ZL_H$`@?4$`@?4
                                                                                                                                                                                                                                                          • API String ID: 0-3586859051
                                                                                                                                                                                                                                                          • Opcode ID: 7d16695224f9e78473462f2aaf56e475b50bd368404d0ffe4f852768ca28df63
                                                                                                                                                                                                                                                          • Instruction ID: cb31ead6a55dcd45a3d9ffb5be1ecbe6bab88f340127cfe02426869a4200412d
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d16695224f9e78473462f2aaf56e475b50bd368404d0ffe4f852768ca28df63
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6822C361B1DA494FEBE8EB2C84A5569B7D1FF9A310B0401BEE54EC71A3DE2CEC058741
                                                                                                                                                                                                                                                          Function 00007FFD343816B3 Relevance: 1.0, Instructions: 990COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208860711.00007FFD34380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34380000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd34380000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 5fae2daed32e7a7d6c700c05a197800553dcf2d68297b2e1406029d96815cebb
                                                                                                                                                                                                                                                          • Instruction ID: eccaa4e64e35ff15d6dea2fafc51ab90b8fd416471535c548dbc4561f8750053
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fae2daed32e7a7d6c700c05a197800553dcf2d68297b2e1406029d96815cebb
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1752F730B0CA494FDB99E76C94A5674BBD1EF9B310B1402BED04EC72E3DD28AC469781
                                                                                                                                                                                                                                                          Function 00007FFD3438BD6C Relevance: 2.8, Strings: 2, Instructions: 291COMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                          control_flow_graph 491 7ffd3438bd6c-7ffd3438be11 493 7ffd3438be2b-7ffd3438be63 491->493 494 7ffd3438be13-7ffd3438be25 491->494 498 7ffd3438be68-7ffd3438be98 493->498 497 7ffd3438be27-7ffd3438be29 494->497 494->498 497->493 501 7ffd3438bfac-7ffd3438bfba 498->501 502 7ffd3438be9e-7ffd3438beb6 498->502 504 7ffd3438beb8-7ffd3438beed 502->504 505 7ffd3438bef2-7ffd3438bf38 502->505 512 7ffd3438bf7f-7ffd3438bfa7 504->512 513 7ffd3438bf66-7ffd3438bf79 505->513 514 7ffd3438bf3a-7ffd3438bf60 505->514 512->501 513->512 514->513
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208860711.00007FFD34380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34380000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd34380000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: hh?4$hh?4
                                                                                                                                                                                                                                                          • API String ID: 0-906038821
                                                                                                                                                                                                                                                          • Opcode ID: 6827fe0346b7a4775c2f44bda8919206e6ff672e653df3b432236b8eac67fa39
                                                                                                                                                                                                                                                          • Instruction ID: cf430c21334b834097911b9a93ba40c19136599a38ae890566a003214aee01ae
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6827fe0346b7a4775c2f44bda8919206e6ff672e653df3b432236b8eac67fa39
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA71297170CA494FDB98DB1C98A5A757BE1EF9A310B0501AFF58AC72A3DE34EC068741
                                                                                                                                                                                                                                                          Function 00007FFD3438C028 Relevance: 2.8, Strings: 2, Instructions: 253COMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                          control_flow_graph 517 7ffd3438c028-7ffd3438c04b 518 7ffd3438c065-7ffd3438c0bb 517->518 519 7ffd3438c04d-7ffd3438c063 517->519 527 7ffd3438c20f-7ffd3438c25d 518->527 528 7ffd3438c0c1-7ffd3438c112 518->528 519->518 528->527 536 7ffd3438c118-7ffd3438c130 528->536 536->527 538 7ffd3438c136-7ffd3438c1eb 536->538 549 7ffd3438c1f1-7ffd3438c20e 538->549
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208860711.00007FFD34380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34380000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd34380000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: hh?4$|A_H
                                                                                                                                                                                                                                                          • API String ID: 0-3802719538
                                                                                                                                                                                                                                                          • Opcode ID: 8c3e71439ad1a4640eb15cc988ba934f482374c4421fa0dd7140238fbf64fa22
                                                                                                                                                                                                                                                          • Instruction ID: 3e6c68196a0752e8c3a9b154fc1d9f7acd2e47ccfdf4131a1d2d67e7d0d9a696
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c3e71439ad1a4640eb15cc988ba934f482374c4421fa0dd7140238fbf64fa22
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39712362B4DB894FE7A5EB6C88A5628BBD1FF9A310B0500BFD54DC71A3DD2CAC458341
                                                                                                                                                                                                                                                          Function 00007FFD342B421C Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: X/54$-54
                                                                                                                                                                                                                                                          • API String ID: 0-1626493728
                                                                                                                                                                                                                                                          • Opcode ID: d9b9fbee9ddc8c3619ecd862eb70ce33e8da6022992f056ba25268c752e361c5
                                                                                                                                                                                                                                                          • Instruction ID: 1cf07f2cb849414dfbd80e00e6f845509c9b2f25944105affcd6f8cc281683f1
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9b9fbee9ddc8c3619ecd862eb70ce33e8da6022992f056ba25268c752e361c5
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC716171E0895E8FDBA4EB1888A57A9B7E1FF55300F5042F9D00CE3692CE356D819F41
                                                                                                                                                                                                                                                          Function 00007FFD344DD34D Relevance: 1.8, APIs: 1, Instructions: 268fileCOMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                          control_flow_graph 591 7ffd344dd34d-7ffd344dd355 592 7ffd344dd358-7ffd344dd365 591->592 593 7ffd344dd357 591->593 594 7ffd344dd368-7ffd344dd40f 592->594 595 7ffd344dd367 592->595 593->592 599 7ffd344dd411-7ffd344dd420 594->599 600 7ffd344dd46d-7ffd344dd4b1 594->600 595->594 599->600 601 7ffd344dd422-7ffd344dd425 599->601 605 7ffd344dd4b2-7ffd344dd4c5 600->605 603 7ffd344dd427-7ffd344dd43a 601->603 604 7ffd344dd45f-7ffd344dd467 601->604 606 7ffd344dd43c 603->606 607 7ffd344dd43e-7ffd344dd451 603->607 604->600 610 7ffd344dd4c7-7ffd344dd540 CreateFileA 605->610 606->607 607->607 609 7ffd344dd453-7ffd344dd45b 607->609 609->604 612 7ffd344dd548-7ffd344dd58c call 7ffd344dd5a8 610->612 613 7ffd344dd542 610->613 617 7ffd344dd593-7ffd344dd5a7 612->617 618 7ffd344dd58e 612->618 613->612 618->617
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2210395125.00007FFD344D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD344D0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd344d0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                                                                          • Opcode ID: 6caa729be37b53bb8474649091b89cb84b70fa410265716945b64b2975c39421
                                                                                                                                                                                                                                                          • Instruction ID: 299ed56189fd2c6fab19daf90e12ab74139cc3d49d8138c18d701586038ffe9a
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6caa729be37b53bb8474649091b89cb84b70fa410265716945b64b2975c39421
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96810870919B8C8FEB68DF18D8567E577D0FF5A310F01427AE84DC3252CA79A941C782
                                                                                                                                                                                                                                                          Function 00007FFD344DE161 Relevance: 1.7, APIs: 1, Instructions: 169fileCOMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                          control_flow_graph 619 7ffd344de161-7ffd344de213 624 7ffd344de215-7ffd344de21a 619->624 625 7ffd344de21d-7ffd344de27b ReadFile 619->625 624->625 627 7ffd344de283-7ffd344de2cb call 7ffd344de2cc 625->627 628 7ffd344de27d 625->628 628->627
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2210395125.00007FFD344D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD344D0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd344d0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                                                                                          • Opcode ID: f4318f9c107b354e44591d9de78f6d0f1526de36012f2a5eceeef51e78ed2462
                                                                                                                                                                                                                                                          • Instruction ID: bcc2a8de06780d130869b74642da86b5c6ada6dfb7315f06484d610dc627717b
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4318f9c107b354e44591d9de78f6d0f1526de36012f2a5eceeef51e78ed2462
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2051B231E08B1C8FDB58DF9898566EDBBF1FB9A310F00426AD40DD7246CA74A945CBC2
                                                                                                                                                                                                                                                          Function 00007FFD344D2CE9 Relevance: 1.6, APIs: 1, Instructions: 105COMMON
                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                          control_flow_graph 632 7ffd344d2ce9-7ffd344d2d84 DeleteDC 637 7ffd344d2d8c-7ffd344d2dba 632->637 638 7ffd344d2d86 632->638 638->637
                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2210395125.00007FFD344D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD344D0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd344d0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID: Delete
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 1035893169-0
                                                                                                                                                                                                                                                          • Opcode ID: 47c2a24153b56a53b0a03e9a5410d1c04107f848b6b9dc8d4a73b26e82723951
                                                                                                                                                                                                                                                          • Instruction ID: e34fe5a9bf05cd407530eedcd69b5c51f9714c4d4ee834eb6915b75e6d3072c8
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47c2a24153b56a53b0a03e9a5410d1c04107f848b6b9dc8d4a73b26e82723951
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB21253190C64C4FDB58DF9884467FEBBE0EB96320F04816FD44AD7182CA749806C791
                                                                                                                                                                                                                                                          Function 00007FFD342B30DD Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID: H54
                                                                                                                                                                                                                                                          • API String ID: 0-3595823885
                                                                                                                                                                                                                                                          • Opcode ID: 0e104678d9a33a17efa202c52c32f62b79ddee8e00a59d211201260a87251fee
                                                                                                                                                                                                                                                          • Instruction ID: 520fc59cc6b1c223539a1f59d13aaf64b65e1a7c78534b0eab977d813296d9f7
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e104678d9a33a17efa202c52c32f62b79ddee8e00a59d211201260a87251fee
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E411B2BB0D6D50FE721A76CB4B55E93BA4DF83325B0804B7D288DA183DD5D5849C391
                                                                                                                                                                                                                                                          Function 00007FFD3438D9CA Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208860711.00007FFD34380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34380000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd34380000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                                                                                                                          • Opcode ID: e00eb0d44b0042c44fd78467aa7d2554fe7f09ffcb96678ab052f1ed1d3c9b4b
                                                                                                                                                                                                                                                          • Instruction ID: 24b2c40290c94418fc2df9cf718a6b385d7c6390f6b7bc42d927e7ff78b7467c
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e00eb0d44b0042c44fd78467aa7d2554fe7f09ffcb96678ab052f1ed1d3c9b4b
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6431A27171CD094FDA98EF1CD4A5A34B3D2FF98710B1101AAA44EC32A6DE28EC468781
                                                                                                                                                                                                                                                          Function 00007FFD342B3299 Relevance: .3, Instructions: 317COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 0c39076817a3df7344abc7b7ae907a6b9b60d3289a9a72ca023a430f1ad9294c
                                                                                                                                                                                                                                                          • Instruction ID: 67bbe90bd38fa5895d74bf94e54940643ef8377e36a8bd22495364325877282d
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c39076817a3df7344abc7b7ae907a6b9b60d3289a9a72ca023a430f1ad9294c
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84C14275E0865D8FEB98DB58C4A5BACB7B1FF59300F4041BAD00DE7182CEB96985DB40
                                                                                                                                                                                                                                                          Function 00007FFD342B0F4F Relevance: .3, Instructions: 316COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 567e0b4441d2f953c1528ae0c534bcb940c4ea3076fce4425585f6269f045bf6
                                                                                                                                                                                                                                                          • Instruction ID: 1ef251546360ba01b237e4befd197679efa88a222c142b61749a793fdc348f79
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 567e0b4441d2f953c1528ae0c534bcb940c4ea3076fce4425585f6269f045bf6
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20D16374A08A1C8FDBA4EB18C898BA8B7F5FF59301F1441E9910DE7265CA71AE81CF40
                                                                                                                                                                                                                                                          Function 00007FFD342B0DF5 Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 65c5ac0e9b0165a9c6b62873788fcc5e8ec140f5a7e282accabc754091be9c04
                                                                                                                                                                                                                                                          • Instruction ID: be9915499b04fb966655d773774d83ff01c9788f7aabd78ffb178903726bde44
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65c5ac0e9b0165a9c6b62873788fcc5e8ec140f5a7e282accabc754091be9c04
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4C1A775A09A1D8FDBA9DB18C898BA8B7F5FF59300F1041E9D00DE7261CA75AE81CF40
                                                                                                                                                                                                                                                          Function 00007FFD342B1EDE Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: e59d7439873e9c1210d3c1c58debb71bb6176f043d2c5bccc025714b5dbdfd2c
                                                                                                                                                                                                                                                          • Instruction ID: a21fae950c9aa3597370efe2be5ad7aaeb6620b943d3cb099483de2fc1985a08
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e59d7439873e9c1210d3c1c58debb71bb6176f043d2c5bccc025714b5dbdfd2c
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBB1FB34A08A198FDBA9DB18C8A5BA877B5FF59300F1001E9D50EE7291CF75AE85CF40
                                                                                                                                                                                                                                                          Function 00007FFD343822EB Relevance: .3, Instructions: 286COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208860711.00007FFD34380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34380000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd34380000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 0f620b17e0957e2ae297aa534fac7f7eaf79ef908c8657f64f3450b2d9156e45
                                                                                                                                                                                                                                                          • Instruction ID: 32f5f168ef4eae7ca171dce263c67f9c65e63a46cf4dbd30064b2de0c3366882
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f620b17e0957e2ae297aa534fac7f7eaf79ef908c8657f64f3450b2d9156e45
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9581E431B0CA494FE799E76CD4A5674BBD1EF9A310F1401BAD44EC72E3DD28AC468781
                                                                                                                                                                                                                                                          Function 00007FFD342B2FF0 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 175a9babd242169f64c9636be9eb62f0760a6f56cb8169abc8f53b45a557d73d
                                                                                                                                                                                                                                                          • Instruction ID: 24d1cc1acbe1d81cf0c4e4c5c595c3c5f1369970afc6769cfa895c9b8ce8c9a0
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 175a9babd242169f64c9636be9eb62f0760a6f56cb8169abc8f53b45a557d73d
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA910431F0CA894FDB94CB5888A56AD7BE1FFDA340F0401BED54DF3292CE6968018751
                                                                                                                                                                                                                                                          Function 00007FFD342B15AE Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: df252ca46bd87037752344bcedb0f3a947afc3008bce305ff0e063379fa77312
                                                                                                                                                                                                                                                          • Instruction ID: aa6dac031a5d547df985c10c0d3f678bc820e16c1eb1e2533c9431947d4fd511
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df252ca46bd87037752344bcedb0f3a947afc3008bce305ff0e063379fa77312
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FFB19774A0961D8FDBA9DB58C898BA8B7B5FF59300F5041E9D00EE7261CB75AE81CF40
                                                                                                                                                                                                                                                          Function 00007FFD342B2E90 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: f8f35a9f090034f150bf9ec4d94341e2a36fa8d38c5a3c12af0d8aab57ee7ea7
                                                                                                                                                                                                                                                          • Instruction ID: 148a56da3b138dfc9f01aeb0f088a7125c748aabfb9fa6d808fb2e9dbc5d74f0
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8f35a9f090034f150bf9ec4d94341e2a36fa8d38c5a3c12af0d8aab57ee7ea7
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0891EA34A0891D8FDF94EB58C4A5BAD7BF1FF59300F4005A9E10DE7292CE79A881DB50
                                                                                                                                                                                                                                                          Function 00007FFD3438D189 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208860711.00007FFD34380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34380000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd34380000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: aa61581f065a713447a6ef042170f6665fc990593ede0216f848806a4fd488ac
                                                                                                                                                                                                                                                          • Instruction ID: d174091fcd7648aef11e21847b5f15985e94f2a50cf5c7fd98b466ccd0da7f1b
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa61581f065a713447a6ef042170f6665fc990593ede0216f848806a4fd488ac
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C61FB72B0DA884FEB99D71C98655347BD1EF5A31471901EFE48AC72A3DD28EC06C741
                                                                                                                                                                                                                                                          Function 00007FFD342B1F71 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 9ea597b1c38762d9cf70824983089e38e30597a878510ff122f9a128d6c6c752
                                                                                                                                                                                                                                                          • Instruction ID: 0ea96977eae8fbf92e9794888be6946a97e283082eb2fc7c075832d9f80b257b
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ea597b1c38762d9cf70824983089e38e30597a878510ff122f9a128d6c6c752
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6914874A05A1D8FDBA9DB58C894BA8B7B5FF59301F1041E9D00DE7261CB75AE81CF40
                                                                                                                                                                                                                                                          Function 00007FFD342B1E4F Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: b05cd5388741737042e44b7171cedd4a0676018d35f17807de723cad9c26681f
                                                                                                                                                                                                                                                          • Instruction ID: f8475380cd9ae50ef7dddb3a83387046cf1d912f5828f2f5a38f198bfec8cc5e
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b05cd5388741737042e44b7171cedd4a0676018d35f17807de723cad9c26681f
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A818874A09A198FDBA9DB58C898BA8B7F5FF59301F1001E9D40DE7261CB75AE81CF40
                                                                                                                                                                                                                                                          Function 00007FFD3438C331 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208860711.00007FFD34380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34380000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd34380000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 0939c468536350524addccd9f66aef36fbb16a2e9bd57307f3aa5f2ad8d3cc4c
                                                                                                                                                                                                                                                          • Instruction ID: 16ff3371e061d47aa90a7197c591d9b03435f5fe9d9d81901fd8136cc9d708a4
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0939c468536350524addccd9f66aef36fbb16a2e9bd57307f3aa5f2ad8d3cc4c
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A341917171CE0D4FEA98EF4CD465A78B3D2FB99710B5101BAE54EC32A6CE25EC428781
                                                                                                                                                                                                                                                          Function 00007FFD3438031D Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208860711.00007FFD34380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34380000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd34380000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 1cb9149134a92fe87925db3335f5d5893d725a48122522db698f7691131b1759
                                                                                                                                                                                                                                                          • Instruction ID: d69e2ad9e06fe17ba6970ec18d181da2a9d5a8dc114c125f864cf913ddab37dc
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1cb9149134a92fe87925db3335f5d5893d725a48122522db698f7691131b1759
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2941093170DB844FD766D76898A95B97FE1DF57320B0A02EBD449C72E3D929AC06C381
                                                                                                                                                                                                                                                          Function 00007FFD342B0A52 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: acdafe9ce76aee0dde040028bade39f2096aaeb53acd49b69240072b0261ddaf
                                                                                                                                                                                                                                                          • Instruction ID: aeb493c673c3c2b9c858c3f83c66444006d461a134bdff1e47d2b4cd5a9ee2b1
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: acdafe9ce76aee0dde040028bade39f2096aaeb53acd49b69240072b0261ddaf
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3417F71A18B498EF798CF58C4A87A97FE1FB66704F50016EC10DE76CADBB52814DB40
                                                                                                                                                                                                                                                          Function 00007FFD342B30D0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 983db9acc57b3351bfc30d86397095c7c1130f891ed8bd7dcdb34816fb696128
                                                                                                                                                                                                                                                          • Instruction ID: 218c89d295f858b13e03bbd94067bd1931ea53dd1f07178f34a6ca783831911a
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 983db9acc57b3351bfc30d86397095c7c1130f891ed8bd7dcdb34816fb696128
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D21F172F08A4D4FEB54CF5D88942AE7BF2EBD9310F14426AD50DF3245DE3868018791
                                                                                                                                                                                                                                                          Function 00007FFD342B334A Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: d91a86b590de449c3540e38bcff96552c522d965024050a255f91d34c59fd240
                                                                                                                                                                                                                                                          • Instruction ID: 44d1db1f1a416040454473ddde494e093a08f381bb15a94c39e9ec24a8a40880
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d91a86b590de449c3540e38bcff96552c522d965024050a255f91d34c59fd240
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77213E75E1865D8EDB68DA5898A5BFCB7F1FB59300F4040BAC10EF2281CEB96980DF40
                                                                                                                                                                                                                                                          Function 00007FFD342B275A Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 1935a42b624e3a454c29d5cc10996a585988103d9cec3f12a023320418995343
                                                                                                                                                                                                                                                          • Instruction ID: 5fc8773193cf8b59ca051177711ed18d26ff5e2e9d9f25cba2b316e89f242634
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1935a42b624e3a454c29d5cc10996a585988103d9cec3f12a023320418995343
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9921C735B1D6894FF784EB2884A96A977D0FF46300F4405BAE549E20D3CD6968809751
                                                                                                                                                                                                                                                          Function 00007FFD342B2CBD Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 5bbbf12b97fb2d6ae25c7affd0afcc08f96212b0b333e983ae525a1f1e2910c0
                                                                                                                                                                                                                                                          • Instruction ID: 315d053a6403966e013f48becd3b34a1143e078af9d5866ea03d2e43e1bb2d10
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5bbbf12b97fb2d6ae25c7affd0afcc08f96212b0b333e983ae525a1f1e2910c0
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5111E739A0D7C94FDB56DB28886819C7FB0EF66315F0500FAC548D61D3DB299449C791
                                                                                                                                                                                                                                                          Function 00007FFD343804FD Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208860711.00007FFD34380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34380000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd34380000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: a258627e15b11a1ee82a02f5094c89f18675c0055618599fde0db3757cec4f06
                                                                                                                                                                                                                                                          • Instruction ID: 59ceee522350bc029f3295822ebd3b872e084769df7b063484680f4723781e12
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a258627e15b11a1ee82a02f5094c89f18675c0055618599fde0db3757cec4f06
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D11C471B0DBC54FD799EB2C84B52387BE1EF9A310B1901BED14CC32A2DD29AC499715
                                                                                                                                                                                                                                                          Function 00007FFD343806E0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208860711.00007FFD34380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34380000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd34380000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 2240439d8acbdcbe8dc3e72e9e61db7e5f20d3085343d2ae47a362ee2a62da50
                                                                                                                                                                                                                                                          • Instruction ID: fb802d728d7ab538505afbe5aea079b59bc197c6a27abc4dcb1a22588e1e5481
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2240439d8acbdcbe8dc3e72e9e61db7e5f20d3085343d2ae47a362ee2a62da50
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E110472B1DA854FE395AB2C84A512877E1EF96710B1901BEE18CD32A2CD3CAC069305
                                                                                                                                                                                                                                                          Function 00007FFD34382119 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208860711.00007FFD34380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34380000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd34380000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 46fa92bbf44b64b06922f5c4521ba718a1512598dc4230497f654d0bd993adc9
                                                                                                                                                                                                                                                          • Instruction ID: 73be99f56a518668d6dc5dbe4ac3c669f65b59d6d8ac980bd6e4822d8b128a82
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46fa92bbf44b64b06922f5c4521ba718a1512598dc4230497f654d0bd993adc9
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6711C161B0DA854FD7D5EB6C84A423877D2EF9A310B2404BED15DD7292DE28AC458702
                                                                                                                                                                                                                                                          Function 00007FFD342B0D01 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 38692c940bd67b7f0c03f867509cdd75cc66a8dc95b467873edaa23c4e15cecc
                                                                                                                                                                                                                                                          • Instruction ID: 572dfc781b9963637f932b99913c814bf3bdb586844313e48ffcaf7ed6b5f578
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38692c940bd67b7f0c03f867509cdd75cc66a8dc95b467873edaa23c4e15cecc
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6010436E0D58A6FE796AB2888A62BC7BA0FF55300F4002FBD108E60C3DD6D7844D700
                                                                                                                                                                                                                                                          Function 00007FFD343807CE Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208860711.00007FFD34380000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34380000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd34380000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 9ce12931bb208d9df16dd489fcffed981684dfe0d86dee2134e5e6c76c6ed5fe
                                                                                                                                                                                                                                                          • Instruction ID: 8b95f9520ae7c133c70c97e1307480882e8a9cc955b531c7cd4c8c06225e53b3
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ce12931bb208d9df16dd489fcffed981684dfe0d86dee2134e5e6c76c6ed5fe
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8211A53170DE898FDBD5E758C4A4A6877E1EF56300B1901ADD04DC3192CE28AC85D781
                                                                                                                                                                                                                                                          Function 00007FFD342B3775 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: c556d29a2b4911e096cca00fd014fd16b7c1dbe1c2ddeff524b4bdc9f7264201
                                                                                                                                                                                                                                                          • Instruction ID: 5084bc33d453ead54ff35c334280d418e8f291002f88609a45290d0b2787487b
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c556d29a2b4911e096cca00fd014fd16b7c1dbe1c2ddeff524b4bdc9f7264201
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64014870908A4D8FDF84EF58C898AEE7BF0FF68300F0405AAD818D72A1DB759594CB80
                                                                                                                                                                                                                                                          Function 00007FFD342B2EE0 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 846352f4c2a8d1400ec5f298c79a2084206ac21d915cc2bb700b4b6c208fa398
                                                                                                                                                                                                                                                          • Instruction ID: 841d8d3d0b092d6803e4d16bad4fb8e591cde7ffeacdce333aeacccc73b1cec8
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 846352f4c2a8d1400ec5f298c79a2084206ac21d915cc2bb700b4b6c208fa398
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC01DA74914A0D9FDF84EF68C889AEE7BF0FB68305F00056AA819E3250DB75E590CB81
                                                                                                                                                                                                                                                          Function 00007FFD342B2FA8 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: a3f3c761229063b6e1a24be4af22dde21cefc38bf31a6404d4c1d5591c8e3412
                                                                                                                                                                                                                                                          • Instruction ID: 5fa4c97d09c62c53434e6c20416f6e9aaafab2014647586f4a80a1de9414e728
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3f3c761229063b6e1a24be4af22dde21cefc38bf31a6404d4c1d5591c8e3412
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D901C470914A0D9FDF84EF68C889AEE7BF0FB68305F00056AE819E3250DB75E590CB81
                                                                                                                                                                                                                                                          Function 00007FFD342B0850 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: cf990f4dd53dd7048223dbc6da4f2ffc7a7978359dba532edd08428c735055ac
                                                                                                                                                                                                                                                          • Instruction ID: 7772cf1e73e435e50abd8a006d0d64cc22c75b596469556a4142556bc8bf02f5
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf990f4dd53dd7048223dbc6da4f2ffc7a7978359dba532edd08428c735055ac
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D01D62AA0C5C54AE72323ADA4B12E93B90EFC3224F0C04B2E288E5093DD5E655AD265
                                                                                                                                                                                                                                                          Function 00007FFD342B21F9 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 84c14c93b3d5b8f55f5f637d38a4cdfc077aa4f700e3020919269cd29d23f74a
                                                                                                                                                                                                                                                          • Instruction ID: d03482670a661c479723b88b98ab6c78d0bb26a33331c8eaa4ce8ede1d59ef04
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84c14c93b3d5b8f55f5f637d38a4cdfc077aa4f700e3020919269cd29d23f74a
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE017170908A8D8FCB85EF58C8586AD7BF0FF1A300F0504EAD018D7192DB75D904CB40
                                                                                                                                                                                                                                                          Function 00007FFD342B2F08 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 41b0baf15cece2732a86ffb1ec172b076f9020b2eaf895ac9f87af8813cfb5e1
                                                                                                                                                                                                                                                          • Instruction ID: 1d11dad1f6ceb61a3b93776db6e552aba7eaad973bcb428d74b9e6eaa4c59b24
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41b0baf15cece2732a86ffb1ec172b076f9020b2eaf895ac9f87af8813cfb5e1
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB01B67091490D8FDF84EF58C898AEE7BF0FF68305F10056AA81DE3250DB71A690CB80
                                                                                                                                                                                                                                                          Function 00007FFD342B0D99 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 22d2ba6ccf46407e98ea27172edd3c91c618b86013ff365e7fa047627981c862
                                                                                                                                                                                                                                                          • Instruction ID: 3366a00f1758474329d2f3dd578d51b82760522f03d5bb6ecac2150e8d5ea16f
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22d2ba6ccf46407e98ea27172edd3c91c618b86013ff365e7fa047627981c862
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CF0F676A0D6C94FE7539B2848A91ED7FB0EF96310F4941FBD248EB0D3DD2964948301
                                                                                                                                                                                                                                                          Function 00007FFD342B2D68 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: a83c5b402f54a9b7d0b00f3ac16b8c1ce283b307801e8885a998191cf0c6dae1
                                                                                                                                                                                                                                                          • Instruction ID: 89764729e00d7991ad744bc918e72ab816dc2891fc30f26656884d4fd011bd55
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a83c5b402f54a9b7d0b00f3ac16b8c1ce283b307801e8885a998191cf0c6dae1
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60F09A34908A4D8FDF95EF68C498AED7BE0FF69300F0400AAE509D3190DB75D990CB40
                                                                                                                                                                                                                                                          Function 00007FFD342B2D70 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: 43a39b78813d1be601dcbb07f586a49ba026e3bb7536dce7e27458833965822e
                                                                                                                                                                                                                                                          • Instruction ID: 1f722c0961e4765298d76cbbea0ecf495c7435d5458fa296c8c18fbf24c03d61
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43a39b78813d1be601dcbb07f586a49ba026e3bb7536dce7e27458833965822e
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2EF0F834914A4C9FDF84EF68C498AA9BBB0FB68305F4445AAA40DD3190DB31A694CB40
                                                                                                                                                                                                                                                          Function 00007FFD342B0873 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2208367429.00007FFD342B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD342B0000, based on PE: false
                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ffd342b0000_VJoillkb6X.jbxd
                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                          • Opcode ID: cd8e2f5be226ea846c64cae642aba44bd9dc431c3b575c09348fd387917fefec
                                                                                                                                                                                                                                                          • Instruction ID: 24efea29b6f9c08e9b7879efa33a0160459b9c460af2ab4e7aba92f4821f938e
                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd8e2f5be226ea846c64cae642aba44bd9dc431c3b575c09348fd387917fefec
                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9F08C2090E7CA4FD71767B408651A8BF30BF43200F8905A3E098D70E3CE2D6928C362