Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DATASHEET.pdf.exe

Overview

General Information

Sample name:DATASHEET.pdf.exe
Analysis ID:1562167
MD5:ae4d2cc4c9bcef9ed978538ce4d84dc9
SHA1:f98aad47b7e95c5e9be6b929359628ae41fac15b
SHA256:f0430c66223a7084799e61e0cb4541d034da240965e9aa62f2d6994ece64a5da
Tags:AgentTeslaexeuser-lowmal3
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Double Extension File Execution
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
Contains functionality to log keystrokes (.Net Source)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses an obfuscated file name to hide its real file extension (double extension)
Writes to foreign memory regions
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • DATASHEET.pdf.exe (PID: 7268 cmdline: "C:\Users\user\Desktop\DATASHEET.pdf.exe" MD5: AE4D2CC4C9BCEF9ED978538CE4D84DC9)
    • RegSvcs.exe (PID: 7416 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.yandex.ru", "Username": "negozio@depadova.cf", "Password": "graceofgod@amen"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.4129906411.00000000030AB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000002.00000002.4129906411.00000000030AB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000000.00000002.1688474615.0000000003411000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.1688474615.0000000003411000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000002.00000002.4128486152.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 8 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.RegSvcs.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              2.2.RegSvcs.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                2.2.RegSvcs.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                • 0x3369d:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                • 0x3370f:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                • 0x33799:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                • 0x3382b:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                • 0x33895:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                • 0x33907:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                • 0x3399d:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                • 0x33a2d:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                0.2.DATASHEET.pdf.exe.3664610.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.DATASHEET.pdf.exe.3664610.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    Click to see the 12 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Suspicious Double Extension File Execution
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Users\user\Desktop\DATASHEET.pdf.exe", CommandLine: "C:\Users\user\Desktop\DATASHEET.pdf.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\DATASHEET.pdf.exe, NewProcessName: C:\Users\user\Desktop\DATASHEET.pdf.exe, OriginalFileName: C:\Users\user\Desktop\DATASHEET.pdf.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Users\user\Desktop\DATASHEET.pdf.exe", ProcessId: 7268, ProcessName: DATASHEET.pdf.exe
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 77.88.21.158, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, Initiated: true, ProcessId: 7416, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49735

                    Suricata Signatures

                    No Suricata rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: DATASHEET.pdf.exeAvira: detected
                    Found malware configuration
                    Source: 2.2.RegSvcs.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.yandex.ru", "Username": "negozio@depadova.cf", "Password": "graceofgod@amen"}
                    Multi AV Scanner detection for submitted file
                    Source: DATASHEET.pdf.exeReversingLabs: Detection: 71%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: DATASHEET.pdf.exeJoe Sandbox ML: detected
                    Source: DATASHEET.pdf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49732 version: TLS 1.2
                    Source: DATASHEET.pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 4x nop then jmp 0099483Fh0_2_00994668

                    Networking

                    barindex
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 0.2.DATASHEET.pdf.exe.36299f0.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DATASHEET.pdf.exe.3664610.1.raw.unpack, type: UNPACKEDPE
                    Source: global trafficTCP traffic: 192.168.2.4:49735 -> 77.88.21.158:587
                    Source: Joe Sandbox ViewIP Address: 77.88.21.158 77.88.21.158
                    Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                    Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: global trafficTCP traffic: 192.168.2.4:49735 -> 77.88.21.158:587
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                    Source: global trafficDNS traffic detected: DNS query: smtp.yandex.ru
                    Source: RegSvcs.exe, 00000002.00000002.4135276698.00000000064D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.gl
                    Source: RegSvcs.exe, 00000002.00000002.4136529875.0000000006598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.glC
                    Source: RegSvcs.exe, 00000002.00000002.4129906411.000000000311E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003287000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003346000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000318E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000323D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140119315.0000000009A26000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140520954.0000000009AAD000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4135276698.00000000064B0000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129215767.0000000001407000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000341D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.00000000031BA000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.00000000030AB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003518000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140220488.0000000009A47000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4136360942.0000000006573000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsrsaovsslca2018.crl0j
                    Source: RegSvcs.exe, 00000002.00000002.4129906411.0000000003287000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4135421497.00000000064E9000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4135462397.00000000064F6000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4136560663.00000000065A1000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003346000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000323D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140119315.0000000009A26000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140520954.0000000009AAD000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000341D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.00000000031BA000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003518000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4136360942.0000000006581000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                    Source: RegSvcs.exe, 00000002.00000002.4129906411.0000000003287000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4135462397.0000000006532000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003346000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000323D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140119315.0000000009A26000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140520954.0000000009AAD000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4135276698.00000000064B0000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000341D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.00000000031BA000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4128782722.0000000001328000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root.crl0G
                    Source: RegSvcs.exe, 00000002.00000002.4129906411.000000000311E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003287000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003346000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000318E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000323D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140119315.0000000009A26000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140520954.0000000009AAD000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4135276698.00000000064B0000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129215767.0000000001407000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000341D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.00000000031BA000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.00000000030AB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003518000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140220488.0000000009A47000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4136360942.0000000006573000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsrsaovsslca20180V
                    Source: RegSvcs.exe, 00000002.00000002.4129906411.0000000003287000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4135462397.0000000006532000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003346000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000323D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140119315.0000000009A26000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140520954.0000000009AAD000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4135276698.00000000064B0000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000341D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.00000000031BA000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4128782722.0000000001328000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr103
                    Source: RegSvcs.exe, 00000002.00000002.4129906411.0000000003287000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4135421497.00000000064E9000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4135462397.00000000064F6000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4136560663.00000000065A1000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003346000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000323D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140119315.0000000009A26000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140520954.0000000009AAD000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000341D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.00000000031BA000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003518000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4136360942.0000000006581000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                    Source: RegSvcs.exe, 00000002.00000002.4129906411.0000000003061000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: RegSvcs.exe, 00000002.00000002.4129906411.000000000311E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003287000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003346000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000318E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000323D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140119315.0000000009A26000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140520954.0000000009AAD000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4135276698.00000000064B0000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129215767.0000000001407000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000341D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.00000000031BA000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.00000000030AB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003518000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140220488.0000000009A47000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4136360942.0000000006573000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt07
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1688474615.0000000003411000.00000004.00000800.00020000.00000000.sdmp, DATASHEET.pdf.exe, 00000000.00000002.1688474615.000000000352B000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4128486152.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1688474615.0000000003411000.00000004.00000800.00020000.00000000.sdmp, DATASHEET.pdf.exe, 00000000.00000002.1688474615.000000000352B000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003061000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4128486152.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: DATASHEET.pdf.exeString found in binary or memory: https://github.com/ppx17/Onkyo-Remote-Control
                    Source: RegSvcs.exe, 00000002.00000002.4129906411.000000000311E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003287000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4135462397.0000000006532000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4135421497.00000000064E9000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4135462397.00000000064F6000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4136560663.00000000065A1000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003346000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000318E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000323D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140119315.0000000009A26000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140520954.0000000009AAD000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4135276698.00000000064B0000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129215767.0000000001407000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.000000000341D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.00000000031BA000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.00000000030AB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4128782722.0000000001328000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003518000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4140220488.0000000009A47000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4136360942.0000000006573000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4136360942.0000000006581000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49732 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.DATASHEET.pdf.exe.36299f0.3.raw.unpack, 7KG.cs.Net Code: _2s8
                    Source: 0.2.DATASHEET.pdf.exe.3664610.1.raw.unpack, 7KG.cs.Net Code: _2s8
                    Installs a global keyboard hook
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindows user hook set: 0 keyboard low level C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.DATASHEET.pdf.exe.3664610.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.DATASHEET.pdf.exe.36299f0.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.DATASHEET.pdf.exe.36299f0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.DATASHEET.pdf.exe.3664610.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: DATASHEET.pdf.exe
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_0099DF940_2_0099DF94
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_06DE87C00_2_06DE87C0
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_06DEA4400_2_06DEA440
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_06DE87B70_2_06DE87B7
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_06DE64480_2_06DE6448
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_06DE6E480_2_06DE6E48
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_06DE4D9D0_2_06DE4D9D
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_06DE4DA00_2_06DE4DA0
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_06DE49680_2_06DE4968
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_072054D80_2_072054D8
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_072021060_2_07202106
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_0720B4CF0_2_0720B4CF
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_0720B4D00_2_0720B4D0
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_0720E2870_2_0720E287
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_0720E2880_2_0720E288
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_016241E82_2_016241E8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0162E7A12_2_0162E7A1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0162DAB02_2_0162DAB0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_01624AB82_2_01624AB8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_01623EA02_2_01623EA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_06B4B2A22_2_06B4B2A2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_06B456182_2_06B45618
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_06B47E002_2_06B47E00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_06B430D02_2_06B430D0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_06B477202_2_06B47720
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_06B4E4182_2_06B4E418
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_06B400402_2_06B40040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_06B45D632_2_06B45D63
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_06B400062_2_06B40006
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1687626439.000000000247F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed01d1e44-b654-4c6b-973f-f9dea01115c9.exe4 vs DATASHEET.pdf.exe
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1687626439.0000000002411000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs DATASHEET.pdf.exe
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1690205508.0000000004D90000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs DATASHEET.pdf.exe
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1687004047.000000000070E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs DATASHEET.pdf.exe
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1691624996.00000000070C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs DATASHEET.pdf.exe
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1688474615.000000000352B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed01d1e44-b654-4c6b-973f-f9dea01115c9.exe4 vs DATASHEET.pdf.exe
                    Source: DATASHEET.pdf.exe, 00000000.00000002.1688474615.000000000352B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs DATASHEET.pdf.exe
                    Source: DATASHEET.pdf.exeBinary or memory string: OriginalFilenameOSvW.exeB vs DATASHEET.pdf.exe
                    Source: DATASHEET.pdf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.DATASHEET.pdf.exe.3664610.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.DATASHEET.pdf.exe.36299f0.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.DATASHEET.pdf.exe.36299f0.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.DATASHEET.pdf.exe.3664610.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: DATASHEET.pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.DATASHEET.pdf.exe.36299f0.3.raw.unpack, 1UT6pzc0M.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.DATASHEET.pdf.exe.36299f0.3.raw.unpack, DnQOD3M.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.DATASHEET.pdf.exe.36299f0.3.raw.unpack, 01seU.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.DATASHEET.pdf.exe.36299f0.3.raw.unpack, iUDwvr7Gz.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.DATASHEET.pdf.exe.36299f0.3.raw.unpack, XUu2qKyuF6.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.DATASHEET.pdf.exe.36299f0.3.raw.unpack, aZathEIgR.csCryptographic APIs: 'CreateDecryptor', 'TransformBlock'
                    Source: 0.2.DATASHEET.pdf.exe.36299f0.3.raw.unpack, l50VLEll22.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.DATASHEET.pdf.exe.36299f0.3.raw.unpack, l50VLEll22.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, UFDR7rLyC7IrsPk90a.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, UFDR7rLyC7IrsPk90a.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, UFDR7rLyC7IrsPk90a.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, r0h4KQxZmbwv74Kt5o.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, UFDR7rLyC7IrsPk90a.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, UFDR7rLyC7IrsPk90a.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, UFDR7rLyC7IrsPk90a.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, r0h4KQxZmbwv74Kt5o.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@2/2
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DATASHEET.pdf.exe.logJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: NULL
                    Source: DATASHEET.pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: DATASHEET.pdf.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: DATASHEET.pdf.exeReversingLabs: Detection: 71%
                    Source: DATASHEET.pdf.exeString found in binary or memory: 0 All OKS1 Not all required parameters are given-2 Invalid IP-Address
                    Source: unknownProcess created: C:\Users\user\Desktop\DATASHEET.pdf.exe "C:\Users\user\Desktop\DATASHEET.pdf.exe"
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: DATASHEET.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: DATASHEET.pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, UFDR7rLyC7IrsPk90a.cs.Net Code: fi9rlUblva System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, UFDR7rLyC7IrsPk90a.cs.Net Code: fi9rlUblva System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_0099EEE0 push eax; iretd 0_2_0099EEE1
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_0099EF28 pushad ; iretd 0_2_0099EF29
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_06DE87B0 pushfd ; iretd 0_2_06DE87B5
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_072036D7 push ebx; iretd 0_2_072036DA
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeCode function: 0_2_07203AD2 push ebx; retf 0_2_07203ADA
                    Source: DATASHEET.pdf.exeStatic PE information: section name: .text entropy: 7.855160201076092
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, D4qbHljuZ0KcxYfF6JY.csHigh entropy of concatenated method names: 'ToString', 'ndPWx09tRU', 'aWWWBSnqdv', 'RnZWG6yrCX', 'Sk8W2dCFdO', 'J8IWaeMa0U', 'bZCWtAEWrA', 'fCXWY6vLE7', 'sNIk83JpQ0jUGu51fXo', 'u4js7uJDMaRlbqhEh1y'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, Y9chZhPGRTVuZZQVyv.csHigh entropy of concatenated method names: 'xu64xF0wAk', 'b4h4B6chKh', 'O5G420gXCe', 'CJl4aHvRuQ', 'H5q4Y21NT4', 'QUw4koNEdQ', 'o7c4yXpWAN', 'kuI4R5x49G', 'IRB4IbU5yi', 'xxF492Gf9H'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, r0h4KQxZmbwv74Kt5o.csHigh entropy of concatenated method names: 'uQKdqQ9eAx', 'Q5udVRLlou', 'TARdsY9ZYa', 'u1vdedYMli', 'AsidMB9tIv', 'ts7d6e8dIk', 'PXadf68gqm', 'awcdpBKkYc', 'jSEdhisken', 'SVadQp2T4r'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, SaUUQVQE7sIkF7vJFw.csHigh entropy of concatenated method names: 'QMen3ICsZV', 'q4Jn7w83Eu', 'lXOn11yDPW', 'FnsnSeBoLj', 'R1Anglgt5l', 'Bw8nLlnd8a', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, a7x4E02AbErwTAlUdf.csHigh entropy of concatenated method names: 'Nqu1A9GWn2', 'oWg1dhXlr5', 'fuv17pt8Un', 'pQs1S1jI8o', 'sBT1Ldrdva', 'awY7M9PZ0G', 'GRw76w3GyZ', 'SBu7f9uCCt', 'qu67psmNu2', 'giI7hVbaKN'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, UFDR7rLyC7IrsPk90a.csHigh entropy of concatenated method names: 'AkXXAG1Q8O', 'kvvXZaDfBb', 'EWiXdLj8h8', 'k4ZX380wiQ', 'FysX72wUSl', 'iu5X1rW1vC', 'RbsXSNmoam', 'lyEXLTxR9Q', 'qDgXOcROBO', 'nY1XDWxmEa'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, oiIqxojjBcPOXvQusHt.csHigh entropy of concatenated method names: 'rm1nQrDKt4', 'bernzh6weR', 'M7AWcoRjT0', 'yJNWj7vTLk', 'MqtWujUFMC', 'yNjWXyrcCK', 'f27WrV3eBa', 'VtwWA2gKN1', 'lX3WZgsbpj', 'YQtWdw0Xpg'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, gkmVpTTbimVnDuFmSr.csHigh entropy of concatenated method names: 'wVwS5OUqUS', 'JS0SKls6l3', 'YhNSlNnZLl', 'PZVSEkJ4y0', 'P7HSwp4laV', 'SMJSiIWCei', 'YTSSmh5cyS', 'lHaSxfjK6i', 'MnrSB8LSdt', 'vA2SGAvZLK'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, qfxj36hj0diGq6pNeT.csHigh entropy of concatenated method names: 'c35g2B8UOY', 'IlZgaekmlD', 'SxIgtHXxJ9', 'aJxgYFsMxd', 'Djhgk84PD3', 'B78gNYF0y9', 'Tk2gyB423M', 'cMmgRsRlin', 'KjMgTlsY0u', 'DUcgI9om06'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, KuLk2rdEos9tinmDbF.csHigh entropy of concatenated method names: 'Dispose', 'uvSjhmM7Ka', 'S1fuadKNQO', 'sh5AhDMVFc', 'S9PjQ40xrA', 'nLNjzvL8En', 'ProcessDialogKey', 'gcHucfxj36', 'a0dujiGq6p', 'KeTuusaUUQ'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, e4mmyJzWxOTCkjEPPF.csHigh entropy of concatenated method names: 'OdOni1YoeM', 'qcDnx4mX77', 'VZknBhX5GU', 'eMXn2ZkGTH', 'wAanaqv9wY', 'R6onYDbGAu', 'rxKnk9RQvG', 'W6rn84H5WD', 'NkXn574sU3', 'PqOnK0BI3U'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, BaK4A13DijjcREkjm9.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'in8uh2IuWe', 'kKhuQTptv4', 'UTFuz8BgDX', 'pyZXcF6WmY', 'OgjXjxwvP8', 'bWpXuQ2JeS', 'RqTXXO0vEB', 'MsLE4rmFpCbDTTFrIG'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, J7wyW1y3RT4faSLNv4.csHigh entropy of concatenated method names: 'dCkSZofeDe', 'Bn6S3qV9wr', 'iP6S1no4Kb', 'HBU1QwoyPk', 'OCw1z6CEny', 'ScyScqZMqK', 'ElQSjowvYb', 'zUTSu9Pgqf', 'htBSXXcg10', 'FwkSrHH4L1'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, AU5ME3BvGP9bTolNki.csHigh entropy of concatenated method names: 'JxD3ElN1tI', 'f3C3iyBtkD', 'a1H3xW1Va3', 'OKh3BnakPa', 'lEH3bCi7mO', 'xyS30WfPgI', 'w043HS5CHv', 'kgw3F2BZim', 'p493gbE9PB', 'KNF3n1x4NL'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, nd3ZLKfE5ovSmM7Kas.csHigh entropy of concatenated method names: 'Jq3gbn5Jq2', 'eYYgHPvQ0O', 'drmggXtyoi', 'AfFgW2XZBm', 'LlkgvbA0ld', 'AVMg8TuRA5', 'Dispose', 'sVIFZCMRef', 'SFdFdtv6ZH', 'Eh6F3RDdjc'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, NZQBm66uDHXjsCPBmP.csHigh entropy of concatenated method names: 'LghHp6iZGq', 'Rm2HQy3GE1', 'WOEFcAHk7b', 'ErUFjq7L3H', 'zEjH9X1F18', 'k2KHCC7XnM', 'Bk5HPRbNEG', 'jJVHq4ykay', 'is5HVOQam3', 'qncHsP1jyX'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, lHuC7xr7eFGUmETgST.csHigh entropy of concatenated method names: 'mMFjS0h4KQ', 'fmbjLwv74K', 'hvGjDP9bTo', 'zNkjJiZ7Af', 'RWujbtoc7x', 'nE0j0AbErw', 'C8KlJI30aqfxgMc06w', 'Uefyt5NImCn4AGWfl5', 'CLtjj2uio6', 'ziYjXuh6LA'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, vYRw2fuXAuY1dPiG8U.csHigh entropy of concatenated method names: 'D1DlNX0Gd', 'KXxEOHEtV', 'QMaiBhsk2', 'aHKmIOrCp', 'fjeBai1rA', 'GU6GhIyBD', 'W9qdUBDBbZnVX5W3rK', 'imYqIfb6Jlyok98c82', 'cpaFmGXTy', 'WBUnU3yrL'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, f7AfePGyOt3cXVWuto.csHigh entropy of concatenated method names: 'WGZ7wwChcN', 'Roa7m4HXng', 'S3V3tTcICo', 'XXi3YoZBSo', 'X5a3kh2KXk', 'q6J3NYSmUQ', 't8l3yOPkmb', 'cF63R3Ynrs', 'Rpu3TIDwkO', 'VuR3I7dWUn'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, otD4dqjcyPKkqrVItK5.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gYan9QAbsB', 'sX7nCiQr4H', 'rSMnPf6QrG', 'pRrnqy91AO', 'phKnVn74fC', 'PvKns4BkNe', 'ykVneA8G83'
                    Source: 0.2.DATASHEET.pdf.exe.36a8610.2.raw.unpack, uESx9asaqVETBVHEQ2.csHigh entropy of concatenated method names: 'ToString', 'sY109vT6xR', 'rnb0authP3', 'UPU0tJrQ2n', 'PI60YuOBME', 'ExT0kf6xSf', 'dbt0NnUu0Q', 'LAo0ymfRa4', 'BB90RWMiNC', 'Vr80TBFjdE'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, D4qbHljuZ0KcxYfF6JY.csHigh entropy of concatenated method names: 'ToString', 'ndPWx09tRU', 'aWWWBSnqdv', 'RnZWG6yrCX', 'Sk8W2dCFdO', 'J8IWaeMa0U', 'bZCWtAEWrA', 'fCXWY6vLE7', 'sNIk83JpQ0jUGu51fXo', 'u4js7uJDMaRlbqhEh1y'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, Y9chZhPGRTVuZZQVyv.csHigh entropy of concatenated method names: 'xu64xF0wAk', 'b4h4B6chKh', 'O5G420gXCe', 'CJl4aHvRuQ', 'H5q4Y21NT4', 'QUw4koNEdQ', 'o7c4yXpWAN', 'kuI4R5x49G', 'IRB4IbU5yi', 'xxF492Gf9H'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, r0h4KQxZmbwv74Kt5o.csHigh entropy of concatenated method names: 'uQKdqQ9eAx', 'Q5udVRLlou', 'TARdsY9ZYa', 'u1vdedYMli', 'AsidMB9tIv', 'ts7d6e8dIk', 'PXadf68gqm', 'awcdpBKkYc', 'jSEdhisken', 'SVadQp2T4r'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, SaUUQVQE7sIkF7vJFw.csHigh entropy of concatenated method names: 'QMen3ICsZV', 'q4Jn7w83Eu', 'lXOn11yDPW', 'FnsnSeBoLj', 'R1Anglgt5l', 'Bw8nLlnd8a', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, a7x4E02AbErwTAlUdf.csHigh entropy of concatenated method names: 'Nqu1A9GWn2', 'oWg1dhXlr5', 'fuv17pt8Un', 'pQs1S1jI8o', 'sBT1Ldrdva', 'awY7M9PZ0G', 'GRw76w3GyZ', 'SBu7f9uCCt', 'qu67psmNu2', 'giI7hVbaKN'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, UFDR7rLyC7IrsPk90a.csHigh entropy of concatenated method names: 'AkXXAG1Q8O', 'kvvXZaDfBb', 'EWiXdLj8h8', 'k4ZX380wiQ', 'FysX72wUSl', 'iu5X1rW1vC', 'RbsXSNmoam', 'lyEXLTxR9Q', 'qDgXOcROBO', 'nY1XDWxmEa'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, oiIqxojjBcPOXvQusHt.csHigh entropy of concatenated method names: 'rm1nQrDKt4', 'bernzh6weR', 'M7AWcoRjT0', 'yJNWj7vTLk', 'MqtWujUFMC', 'yNjWXyrcCK', 'f27WrV3eBa', 'VtwWA2gKN1', 'lX3WZgsbpj', 'YQtWdw0Xpg'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, gkmVpTTbimVnDuFmSr.csHigh entropy of concatenated method names: 'wVwS5OUqUS', 'JS0SKls6l3', 'YhNSlNnZLl', 'PZVSEkJ4y0', 'P7HSwp4laV', 'SMJSiIWCei', 'YTSSmh5cyS', 'lHaSxfjK6i', 'MnrSB8LSdt', 'vA2SGAvZLK'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, qfxj36hj0diGq6pNeT.csHigh entropy of concatenated method names: 'c35g2B8UOY', 'IlZgaekmlD', 'SxIgtHXxJ9', 'aJxgYFsMxd', 'Djhgk84PD3', 'B78gNYF0y9', 'Tk2gyB423M', 'cMmgRsRlin', 'KjMgTlsY0u', 'DUcgI9om06'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, KuLk2rdEos9tinmDbF.csHigh entropy of concatenated method names: 'Dispose', 'uvSjhmM7Ka', 'S1fuadKNQO', 'sh5AhDMVFc', 'S9PjQ40xrA', 'nLNjzvL8En', 'ProcessDialogKey', 'gcHucfxj36', 'a0dujiGq6p', 'KeTuusaUUQ'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, e4mmyJzWxOTCkjEPPF.csHigh entropy of concatenated method names: 'OdOni1YoeM', 'qcDnx4mX77', 'VZknBhX5GU', 'eMXn2ZkGTH', 'wAanaqv9wY', 'R6onYDbGAu', 'rxKnk9RQvG', 'W6rn84H5WD', 'NkXn574sU3', 'PqOnK0BI3U'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, BaK4A13DijjcREkjm9.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'in8uh2IuWe', 'kKhuQTptv4', 'UTFuz8BgDX', 'pyZXcF6WmY', 'OgjXjxwvP8', 'bWpXuQ2JeS', 'RqTXXO0vEB', 'MsLE4rmFpCbDTTFrIG'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, J7wyW1y3RT4faSLNv4.csHigh entropy of concatenated method names: 'dCkSZofeDe', 'Bn6S3qV9wr', 'iP6S1no4Kb', 'HBU1QwoyPk', 'OCw1z6CEny', 'ScyScqZMqK', 'ElQSjowvYb', 'zUTSu9Pgqf', 'htBSXXcg10', 'FwkSrHH4L1'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, AU5ME3BvGP9bTolNki.csHigh entropy of concatenated method names: 'JxD3ElN1tI', 'f3C3iyBtkD', 'a1H3xW1Va3', 'OKh3BnakPa', 'lEH3bCi7mO', 'xyS30WfPgI', 'w043HS5CHv', 'kgw3F2BZim', 'p493gbE9PB', 'KNF3n1x4NL'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, nd3ZLKfE5ovSmM7Kas.csHigh entropy of concatenated method names: 'Jq3gbn5Jq2', 'eYYgHPvQ0O', 'drmggXtyoi', 'AfFgW2XZBm', 'LlkgvbA0ld', 'AVMg8TuRA5', 'Dispose', 'sVIFZCMRef', 'SFdFdtv6ZH', 'Eh6F3RDdjc'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, NZQBm66uDHXjsCPBmP.csHigh entropy of concatenated method names: 'LghHp6iZGq', 'Rm2HQy3GE1', 'WOEFcAHk7b', 'ErUFjq7L3H', 'zEjH9X1F18', 'k2KHCC7XnM', 'Bk5HPRbNEG', 'jJVHq4ykay', 'is5HVOQam3', 'qncHsP1jyX'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, lHuC7xr7eFGUmETgST.csHigh entropy of concatenated method names: 'mMFjS0h4KQ', 'fmbjLwv74K', 'hvGjDP9bTo', 'zNkjJiZ7Af', 'RWujbtoc7x', 'nE0j0AbErw', 'C8KlJI30aqfxgMc06w', 'Uefyt5NImCn4AGWfl5', 'CLtjj2uio6', 'ziYjXuh6LA'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, vYRw2fuXAuY1dPiG8U.csHigh entropy of concatenated method names: 'D1DlNX0Gd', 'KXxEOHEtV', 'QMaiBhsk2', 'aHKmIOrCp', 'fjeBai1rA', 'GU6GhIyBD', 'W9qdUBDBbZnVX5W3rK', 'imYqIfb6Jlyok98c82', 'cpaFmGXTy', 'WBUnU3yrL'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, f7AfePGyOt3cXVWuto.csHigh entropy of concatenated method names: 'WGZ7wwChcN', 'Roa7m4HXng', 'S3V3tTcICo', 'XXi3YoZBSo', 'X5a3kh2KXk', 'q6J3NYSmUQ', 't8l3yOPkmb', 'cF63R3Ynrs', 'Rpu3TIDwkO', 'VuR3I7dWUn'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, otD4dqjcyPKkqrVItK5.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gYan9QAbsB', 'sX7nCiQr4H', 'rSMnPf6QrG', 'pRrnqy91AO', 'phKnVn74fC', 'PvKns4BkNe', 'ykVneA8G83'
                    Source: 0.2.DATASHEET.pdf.exe.70c0000.5.raw.unpack, uESx9asaqVETBVHEQ2.csHigh entropy of concatenated method names: 'ToString', 'sY109vT6xR', 'rnb0authP3', 'UPU0tJrQ2n', 'PI60YuOBME', 'ExT0kf6xSf', 'dbt0NnUu0Q', 'LAo0ymfRa4', 'BB90RWMiNC', 'Vr80TBFjdE'

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Uses an obfuscated file name to hide its real file extension (double extension)
                    Source: Possible double extension: pdf.exeStatic PE information: DATASHEET.pdf.exe
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: DATASHEET.pdf.exe PID: 7268, type: MEMORYSTR
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeMemory allocated: 950000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeMemory allocated: 2410000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeMemory allocated: 2250000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeMemory allocated: 7310000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeMemory allocated: 8310000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeMemory allocated: 84C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeMemory allocated: 94C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 1791Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 8067Jump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exe TID: 7288Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99875Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99765Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99547Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99422Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99312Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99203Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99093Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98984Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98875Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98765Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98546Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98328Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98218Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98109Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97888Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97779Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97670Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97562Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97343Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97234Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97125Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97010Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 96890Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 96781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 96671Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 96562Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 96453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 96343Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 96234Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 96125Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 96015Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 95905Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 95796Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 95686Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 95578Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 95468Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 95359Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 95250Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 95140Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 95031Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 94922Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 94812Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 94703Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 94593Jump to behavior
                    Source: RegSvcs.exe, 00000002.00000002.4135421497.00000000064E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllTcp
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Allocates memory in foreign processes
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and writeJump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 402000Jump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 43E000Jump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 440000Jump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: EA8008Jump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Users\user\Desktop\DATASHEET.pdf.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\DATASHEET.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DATASHEET.pdf.exe.3664610.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DATASHEET.pdf.exe.36299f0.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DATASHEET.pdf.exe.36299f0.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DATASHEET.pdf.exe.3664610.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.4129906411.00000000030AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1688474615.0000000003411000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4128486152.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1688474615.000000000352B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: DATASHEET.pdf.exe PID: 7268, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7416, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DATASHEET.pdf.exe.3664610.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DATASHEET.pdf.exe.36299f0.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DATASHEET.pdf.exe.36299f0.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DATASHEET.pdf.exe.3664610.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.4129906411.00000000030AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1688474615.0000000003411000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4128486152.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1688474615.000000000352B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: DATASHEET.pdf.exe PID: 7268, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7416, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DATASHEET.pdf.exe.3664610.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DATASHEET.pdf.exe.36299f0.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DATASHEET.pdf.exe.36299f0.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.DATASHEET.pdf.exe.3664610.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.4129906411.00000000030AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1688474615.0000000003411000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4128486152.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1688474615.000000000352B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: DATASHEET.pdf.exe PID: 7268, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7416, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts2
                    Command and Scripting Interpreter                    		Boot or Logon Initialization Scripts311
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		21
                    Input Capture                    		24
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)13
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		111
                    Security Software Discovery                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                    Software Packing                    		NTDS141
                    Virtualization/Sandbox Evasion                    		Distributed Component Object Model21
                    Input Capture                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets1
                    Application Window Discovery                    		SSH1
                    Clipboard Data                    		23
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                    Masquerading                    		Cached Domain Credentials1
                    System Network Configuration Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                    Virtualization/Sandbox Evasion                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job311
                    Process Injection                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    DATASHEET.pdf.exe71%ReversingLabsByteCode-MSIL.Spyware.Negasteal
                    DATASHEET.pdf.exe100%AviraHEUR/AGEN.1309540
                    DATASHEET.pdf.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://crl.glC0%Avira URL Cloudsafe
                    http://crl.gl0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    smtp.yandex.ru
                    		77.88.21.158
                    		truefalse
                      		high
                      api.ipify.org
                      		172.67.74.152
                      		truefalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://api.ipify.org/false
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://www.apache.org/licenses/LICENSE-2.0DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.fontbureau.comDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.fontbureau.com/designersGDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.fontbureau.com/designers/?DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.founder.com.cn/cn/bTheDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://account.dyn.com/DATASHEET.pdf.exe, 00000000.00000002.1688474615.0000000003411000.00000004.00000800.00020000.00000000.sdmp, DATASHEET.pdf.exe, 00000000.00000002.1688474615.000000000352B000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4128486152.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.fontbureau.com/designers?DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.tiro.comDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.fontbureau.com/designersDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.goodfont.co.krDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.carterandcone.comlDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.sajatypeworks.comDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.typography.netDDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.com/designers/cabarga.htmlNDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.founder.com.cn/cn/cTheDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.galapagosdesign.com/staff/dennis.htmDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://api.ipify.orgDATASHEET.pdf.exe, 00000000.00000002.1688474615.0000000003411000.00000004.00000800.00020000.00000000.sdmp, DATASHEET.pdf.exe, 00000000.00000002.1688474615.000000000352B000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4129906411.0000000003061000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4128486152.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.founder.com.cn/cnDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.fontbureau.com/designers/frere-user.htmlDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://crl.glRegSvcs.exe, 00000002.00000002.4135276698.00000000064D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.jiyu-kobo.co.jp/DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://crl.glCRegSvcs.exe, 00000002.00000002.4136529875.0000000006598000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.galapagosdesign.com/DPleaseDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.fontbureau.com/designers8DATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.fonts.comDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.sandoll.co.krDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.urwpp.deDPleaseDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.zhongyicts.com.cnDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRegSvcs.exe, 00000002.00000002.4129906411.0000000003061000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.sakkal.comDATASHEET.pdf.exe, 00000000.00000002.1690583896.0000000006772000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://github.com/ppx17/Onkyo-Remote-ControlDATASHEET.pdf.exefalse
                                                                                    		high

                                                                                    World Map of Contacted IPs

                                                                                    • No. of IPs < 25%
                                                                                    • 25% < No. of IPs < 50%
                                                                                    • 50% < No. of IPs < 75%
                                                                                    • 75% < No. of IPs

                                                                                    Public IPs

                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                    77.88.21.158
                                                                                    		smtp.yandex.ruRussian Federation
                                                                                    		13238YANDEXRUfalse
                                                                                    172.67.74.152
                                                                                    		api.ipify.orgUnited States
                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                    General Information

                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                    Analysis ID:1562167
                                                                                    Start date and time:2024-11-25 09:47:06 +01:00
                                                                                    Joe Sandbox product:CloudBasic
                                                                                    Overall analysis duration:0h 7m 58s
                                                                                    Hypervisor based Inspection enabled:false
                                                                                    Report type:full
                                                                                    Cookbook file name:default.jbs
                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                    Number of analysed new started processes analysed:7
                                                                                    Number of new started drivers analysed:0
                                                                                    Number of existing processes analysed:0
                                                                                    Number of existing drivers analysed:0
                                                                                    Number of injected processes analysed:0
                                                                                    Technologies:
                                                                                    • HCA enabled
                                                                                    • EGA enabled
                                                                                    • AMSI enabled
                                                                                    Analysis Mode:default
                                                                                    Analysis stop reason:Timeout
                                                                                    Sample name:DATASHEET.pdf.exe
                                                                                    Detection:MAL
                                                                                    Classification:mal100.troj.spyw.evad.winEXE@3/1@2/2
                                                                                    EGA Information:
                                                                                    • Successful, ratio: 100%
                                                                                    HCA Information:
                                                                                    • Successful, ratio: 100%
                                                                                    • Number of executed functions: 170
                                                                                    • Number of non-executed functions: 19
                                                                                    Cookbook Comments:
                                                                                    • Found application associated with file extension: .exe
                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                    Warnings

                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                    • VT rate limit hit for: DATASHEET.pdf.exe

                                                                                    Simulations

                                                                                    Behavior and APIs

                                                                                    TimeTypeDescription
                                                                                    03:47:58API Interceptor1x Sleep call for process: DATASHEET.pdf.exe modified
                                                                                    03:48:02API Interceptor10605174x Sleep call for process: RegSvcs.exe modified

                                                                                    Joe Sandbox View / Context

                                                                                    IPs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    77.88.21.158DATASHEET.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          0zu73p2YBu.exeGet hashmaliciousChrome Password Stealer, Fox Password Stealer, Opera Password StealerBrowse
                                                                                            BWr9qnCU8X.exeGet hashmaliciousUnknownBrowse
                                                                                              REQUEST FOR OFFER EQUIPMENT ORDER LIST.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                DHL Delivery Invoice.com.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                  Transferencias6231.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                    Justificante de pago.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                      Justificante de pago.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                        172.67.74.1522b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                                                                        • api.ipify.org/
                                                                                                        Zc9eO57fgF.elfGet hashmaliciousUnknownBrowse
                                                                                                        • api.ipify.org/
                                                                                                        67065b4c84713_Javiles.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                        • api.ipify.org/
                                                                                                        Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                                                                        • api.ipify.org/
                                                                                                        4F08j2Rmd9.binGet hashmaliciousXmrigBrowse
                                                                                                        • api.ipify.org/
                                                                                                        y8tCHz7CwC.binGet hashmaliciousXmrigBrowse
                                                                                                        • api.ipify.org/
                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                        • api.ipify.org/
                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                        • api.ipify.org/
                                                                                                        file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                        • api.ipify.org/
                                                                                                        file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                        • api.ipify.org/

                                                                                                        Domains

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        smtp.yandex.ruDATASHEET.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 77.88.21.158
                                                                                                        datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 77.88.21.158
                                                                                                        datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 77.88.21.158
                                                                                                        0zu73p2YBu.exeGet hashmaliciousChrome Password Stealer, Fox Password Stealer, Opera Password StealerBrowse
                                                                                                        • 77.88.21.158
                                                                                                        BWr9qnCU8X.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 77.88.21.158
                                                                                                        REQUEST FOR OFFER EQUIPMENT ORDER LIST.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 77.88.21.158
                                                                                                        DHL Delivery Invoice.com.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 77.88.21.158
                                                                                                        Transferencias6231.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                        • 77.88.21.158
                                                                                                        Justificante de pago.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                        • 77.88.21.158
                                                                                                        Justificante de pago.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                        • 77.88.21.158
                                                                                                        api.ipify.orghttps://linktr.ee/priyanka662Get hashmaliciousGabagoolBrowse
                                                                                                        • 172.67.74.152
                                                                                                        mDHwap5GlV.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                        • 172.67.74.152
                                                                                                        zapret.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 104.26.13.205
                                                                                                        313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 104.26.13.205
                                                                                                        unturnedHack.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                        • 104.26.13.205
                                                                                                        https://sendbot.me/seuemprestimogarantidoGet hashmaliciousUnknownBrowse
                                                                                                        • 172.67.74.152
                                                                                                        https://sendbot.me/seuemprestimogarantidoGet hashmaliciousUnknownBrowse
                                                                                                        • 172.67.74.152
                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, CredGrabber, Credential Flusher, Cryptbot, LummaC Stealer, Meduza StealerBrowse
                                                                                                        • 172.67.74.152
                                                                                                        file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                        • 104.26.12.205
                                                                                                        Documenti di spedizione 000293949040405959000.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 104.26.12.205

                                                                                                        ASNs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        YANDEXRUhttp://www.tqltrax.comGet hashmaliciousUnknownBrowse
                                                                                                        • 87.250.251.119
                                                                                                        DATASHEET.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 77.88.21.158
                                                                                                        datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 77.88.21.158
                                                                                                        datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 77.88.21.158
                                                                                                        0zu73p2YBu.exeGet hashmaliciousChrome Password Stealer, Fox Password Stealer, Opera Password StealerBrowse
                                                                                                        • 77.88.21.158
                                                                                                        BWr9qnCU8X.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 77.88.21.158
                                                                                                        Unit 2_week 4 2024.pptxGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 77.88.21.90
                                                                                                        REQUEST FOR OFFER EQUIPMENT ORDER LIST.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 77.88.21.158
                                                                                                        https://vivantskincare.taplink.wsGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 93.158.134.119
                                                                                                        DHL Delivery Invoice.com.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 77.88.21.158
                                                                                                        CLOUDFLARENETUSIETC-24017.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                        • 172.67.186.192
                                                                                                        VSP469620.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                        • 104.21.67.152
                                                                                                        order requirements CIF-TRC809910645210.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                        • 104.21.67.152
                                                                                                        http://google.comGet hashmaliciousUnknownBrowse
                                                                                                        • 172.67.136.186
                                                                                                        saiya.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                        • 172.67.19.24
                                                                                                        IMG-20241119-WA0006(162KB).Pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                        • 172.67.177.134
                                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                        • 104.21.88.250
                                                                                                        https://linktr.ee/priyanka662Get hashmaliciousGabagoolBrowse
                                                                                                        • 172.67.74.152
                                                                                                        t90RvrDNvz.exeGet hashmaliciousUnknownBrowse
                                                                                                        • 172.67.204.237
                                                                                                        segura.vbsGet hashmaliciousRemcosBrowse
                                                                                                        • 172.67.187.200

                                                                                                        JA3 Fingerprints

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        3b5074b1b5d032e5620f69f9f700ff0e412300061474#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                        • 172.67.74.152
                                                                                                        order requirements CIF-TRC809910645210.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                        • 172.67.74.152
                                                                                                        0a0#U00a0.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                        • 172.67.74.152
                                                                                                        segura.vbsGet hashmaliciousRemcosBrowse
                                                                                                        • 172.67.74.152
                                                                                                        asegurar.vbsGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                        • 172.67.74.152
                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                        • 172.67.74.152
                                                                                                        2Brb1DnRS6.wsfGet hashmaliciousUnknownBrowse
                                                                                                        • 172.67.74.152
                                                                                                        pm4ozz83c4.vbsGet hashmaliciousUnknownBrowse
                                                                                                        • 172.67.74.152
                                                                                                        Cargo Invoice_pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                        • 172.67.74.152
                                                                                                        NEW P.O.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                        • 172.67.74.152

                                                                                                        Dropped Files

                                                                                                        No context

                                                                                                        Created / dropped Files

                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DATASHEET.pdf.exe.log

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\DATASHEET.pdf.exe
                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1216
                                                                                                        Entropy (8bit):5.34331486778365
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                        MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                        SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                        SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                        SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                        Malicious:true
                                                                                                        Reputation:high, very likely benign file
                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                        Static File Info

                                                                                                        General

                                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Entropy (8bit):7.847287867224381
                                                                                                        TrID:
                                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                        • Windows Screen Saver (13104/52) 0.07%
                                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                        File name:DATASHEET.pdf.exe
                                                                                                        File size:721'408 bytes
                                                                                                        MD5:ae4d2cc4c9bcef9ed978538ce4d84dc9
                                                                                                        SHA1:f98aad47b7e95c5e9be6b929359628ae41fac15b
                                                                                                        SHA256:f0430c66223a7084799e61e0cb4541d034da240965e9aa62f2d6994ece64a5da
                                                                                                        SHA512:64939f7da37bdad57792c1c88fe8ec2f0fcb926a48afe402f3a572a88cd5be10bb438d48463ddd122a5dc3c2e55b287ab41c0ab853d6aa86510542c68b2a8d84
                                                                                                        SSDEEP:12288:nF0VK4A9b0fBHrgRswYFgJjZkkAyieOZdsab87G3OoAJKx3aNgmhQTuNqJ:F0VKemSwYWJjZuSyb87GzAgmSTuNq
                                                                                                        TLSH:56E4F16422EC1F61D9BEB7F65434125817B7762A1631EA0E0DCA64DB0B73B40CD92F63
                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Cg..............0......$........... ........@.. .......................`............@................................

                                                                                                        File Icon

                                                                                                        Icon Hash:4fd8dadadacad80f

                                                                                                        Static PE Info

                                                                                                        General

                                                                                                        Entrypoint:0x4afac6
                                                                                                        Entrypoint Section:.text
                                                                                                        Digitally signed:false
                                                                                                        Imagebase:0x400000
                                                                                                        Subsystem:windows gui
                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                        Time Stamp:0x6743B487 [Sun Nov 24 23:19:35 2024 UTC]
                                                                                                        TLS Callbacks:
                                                                                                        CLR (.Net) Version:
                                                                                                        OS Version Major:4
                                                                                                        OS Version Minor:0
                                                                                                        File Version Major:4
                                                                                                        File Version Minor:0
                                                                                                        Subsystem Version Major:4
                                                                                                        Subsystem Version Minor:0
                                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                        Entrypoint Preview

                                                                                                        Instruction
                                                                                                        jmp dword ptr [00402000h]
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al

                                                                                                        Data Directories

                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xafa740x4f.text
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x21c4.rsrc
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xb40000xc.reloc
                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                        Sections

                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                        .text0x20000xadacc0xadc00b4d814b213c052b37c22d9892b90a9aaFalse0.905894503147482data7.855160201076092IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                        .rsrc0xb00000x21c40x22003103625b15f2afebcf9d714682461968False0.8575367647058824data7.432969353088756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                        .reloc0xb40000xc0x2000efd82b0b33c34c92e7c3c49f2332833False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                        Resources

                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                        RT_ICON0xb01000x1b63PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9516474112109542
                                                                                                        RT_GROUP_ICON0xb1c740x14data1.05
                                                                                                        RT_VERSION0xb1c980x32cdata0.43226600985221675
                                                                                                        RT_MANIFEST0xb1fd40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                        Imports

                                                                                                        DLLImport
                                                                                                        mscoree.dll_CorExeMain

                                                                                                        Network Behavior

                                                                                                        Network Port Distribution

                                                                                                        TCP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Nov 25, 2024 09:48:00.935039043 CET49732443192.168.2.4172.67.74.152
                                                                                                        Nov 25, 2024 09:48:00.935084105 CET44349732172.67.74.152192.168.2.4
                                                                                                        Nov 25, 2024 09:48:00.935151100 CET49732443192.168.2.4172.67.74.152
                                                                                                        Nov 25, 2024 09:48:00.942756891 CET49732443192.168.2.4172.67.74.152
                                                                                                        Nov 25, 2024 09:48:00.942769051 CET44349732172.67.74.152192.168.2.4
                                                                                                        Nov 25, 2024 09:48:02.203671932 CET44349732172.67.74.152192.168.2.4
                                                                                                        Nov 25, 2024 09:48:02.203744888 CET49732443192.168.2.4172.67.74.152
                                                                                                        Nov 25, 2024 09:48:02.208468914 CET49732443192.168.2.4172.67.74.152
                                                                                                        Nov 25, 2024 09:48:02.208491087 CET44349732172.67.74.152192.168.2.4
                                                                                                        Nov 25, 2024 09:48:02.208769083 CET44349732172.67.74.152192.168.2.4
                                                                                                        Nov 25, 2024 09:48:02.253453016 CET49732443192.168.2.4172.67.74.152
                                                                                                        Nov 25, 2024 09:48:02.299330950 CET44349732172.67.74.152192.168.2.4
                                                                                                        Nov 25, 2024 09:48:02.650104046 CET44349732172.67.74.152192.168.2.4
                                                                                                        Nov 25, 2024 09:48:02.650175095 CET44349732172.67.74.152192.168.2.4
                                                                                                        Nov 25, 2024 09:48:02.650358915 CET49732443192.168.2.4172.67.74.152
                                                                                                        Nov 25, 2024 09:48:02.661756039 CET49732443192.168.2.4172.67.74.152
                                                                                                        Nov 25, 2024 09:48:03.910967112 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:04.030440092 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:04.030535936 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:05.648724079 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:05.652806997 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:05.772259951 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:06.114379883 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:06.114562035 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:06.234110117 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:06.576026917 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:06.576527119 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:06.697997093 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:07.039597034 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:07.039613962 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:07.039639950 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:07.039650917 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:07.039663076 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:07.039717913 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:07.039788961 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:07.043684959 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:07.163173914 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:07.505368948 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:07.513976097 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:07.633508921 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:07.975558043 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:07.976629972 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:08.096344948 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:08.438165903 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:08.438549995 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:08.558083057 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:08.933785915 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:08.934221029 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:09.053884983 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:09.409991026 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:09.410276890 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:09.715150118 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:09.986021042 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:09.986083031 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:09.986103058 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:09.986175060 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:10.330248117 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:10.330566883 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:10.450104952 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:10.792265892 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:10.793225050 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:10.793427944 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:10.793462992 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:10.793492079 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:48:10.912893057 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:10.912909985 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:10.912976980 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:10.912997961 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:12.012576103 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:48:12.058881044 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:49:27.012932062 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:49:27.013144970 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:49:43.754843950 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:49:43.760200024 CET49735587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:49:43.874501944 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:49:43.879771948 CET5874973577.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:31.737207890 CET49949587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:31.856867075 CET5874994977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:31.857065916 CET49949587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:32.106973886 CET49949587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:32.162776947 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:32.227229118 CET5874994977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:32.227282047 CET49949587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:32.282438040 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:32.282520056 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:33.621890068 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:33.622122049 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:33.741765976 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:34.065808058 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:34.069200993 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:34.188605070 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:34.513355017 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:34.513801098 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:34.634215117 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:34.959856033 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:34.959897995 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:34.959918976 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:34.959966898 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:34.960263014 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:34.960331917 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:34.963474035 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:35.082973003 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:35.408037901 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:35.422087908 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:35.541548014 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:35.866061926 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:35.866345882 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:35.986745119 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:36.310903072 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:36.311319113 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:36.430856943 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:36.780922890 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:36.781145096 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:36.900717974 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:37.236902952 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:37.243294954 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:37.362762928 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:37.788129091 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:37.793215990 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:37.913278103 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.237354040 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.247302055 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.247400999 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.247438908 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.247519016 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.248924971 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.366728067 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.366789103 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.366942883 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.366952896 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.367002964 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.367055893 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.368643045 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.368652105 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.368704081 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.368712902 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.368733883 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.368758917 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.368765116 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.368791103 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.368792057 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.368805885 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.368824005 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.368832111 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.368870020 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.368875980 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.368920088 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.368978977 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.369019032 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.486269951 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.486394882 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.486515999 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.486562014 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.488200903 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.488255978 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.488413095 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.488462925 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.488521099 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.488569975 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.488614082 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.488626957 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.488671064 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.488729000 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.488789082 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.488835096 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.488884926 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.488912106 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.488965034 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.488982916 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.489032984 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.534735918 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.534807920 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.605984926 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.606055021 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:38.606101036 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.608014107 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.608258009 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.608449936 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.608628988 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.608808994 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.608997107 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.609119892 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.609236002 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.609360933 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.609519005 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.609543085 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.609675884 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.609685898 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.609906912 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.609915972 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.610003948 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.610049009 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.610169888 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.610213041 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.610354900 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.610394001 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.610521078 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.610538960 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.610691071 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.654701948 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.654720068 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.725687981 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.725708008 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.725775003 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.725831985 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:38.725891113 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:39.624459028 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:39.685214996 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:41.374741077 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:41.494570971 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:41.818615913 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:41.818669081 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:41.818785906 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:41.825210094 CET49950587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:41.827795982 CET49971587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:41.944717884 CET5874995077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:41.947277069 CET5874997177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:41.947782993 CET49971587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:43.142123938 CET49971587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:43.202244997 CET49973587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:43.261754990 CET5874997177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:43.261954069 CET49971587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:43.323896885 CET5874997377.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:43.324318886 CET49973587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:44.646933079 CET5874997377.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:44.647102118 CET49973587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:44.767807961 CET5874997377.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:45.130146980 CET5874997377.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:45.130326033 CET49973587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:45.283898115 CET5874997377.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:45.580578089 CET5874997377.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:45.580984116 CET49973587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:45.700550079 CET5874997377.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:46.033266068 CET5874997377.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:46.033312082 CET5874997377.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:46.033322096 CET5874997377.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:46.033332109 CET5874997377.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:46.033520937 CET49973587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:46.035348892 CET49973587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:46.154906034 CET5874997377.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:46.329716921 CET49973587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:46.400202036 CET49983587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:46.449650049 CET5874997377.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:46.449703932 CET49973587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:46.519782066 CET5874998377.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:46.519866943 CET49983587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:47.356292009 CET49983587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:47.411262989 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:47.476013899 CET5874998377.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:47.476095915 CET49983587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:47.530841112 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:47.531331062 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:48.901494026 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:48.901659966 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:49.021275043 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:49.362790108 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:49.365379095 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:49.484836102 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:49.826127052 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:49.827270985 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:49.946691990 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:50.290674925 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:50.290714025 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:50.290725946 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:50.290750027 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:50.290853024 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:50.290863037 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:50.290889978 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:50.293282032 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:50.412904978 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:50.754559994 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:50.772746086 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:50.892425060 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:51.233964920 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:51.234507084 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:51.354335070 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:51.696093082 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:51.696810961 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:51.818262100 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:52.179672956 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:52.179899931 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:52.299381971 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:52.650610924 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:52.650878906 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:52.770554066 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.214183092 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.214473009 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.334130049 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.675564051 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.699088097 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.699270010 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.699270010 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.699270010 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.700674057 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.818547010 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.818639040 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.818742990 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.818752050 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.818943977 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.820238113 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.820246935 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.820353985 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.820362091 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.820384979 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.820401907 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.820462942 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.820486069 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.820506096 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.820516109 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.820544958 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.820584059 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.821116924 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.938143969 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.938232899 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.939879894 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.939948082 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.940037966 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.940139055 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.940175056 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.940228939 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.940268040 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.940411091 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.940516949 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.940551043 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.940593958 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.940653086 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.940751076 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.940794945 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.940887928 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.940922022 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.941067934 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:53.982428074 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:53.982527971 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:54.058049917 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.058197021 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:54.059530020 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.059612989 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:54.059746027 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.059811115 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.059859037 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.060134888 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.060200930 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.060296059 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.060425997 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.060571909 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.060655117 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.060760975 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.060770988 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.060837984 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.060848951 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.060988903 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.061011076 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.061083078 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.061091900 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.061183929 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.061192036 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.061286926 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.061310053 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.061444998 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.061464071 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.061546087 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.102107048 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.102147102 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.177803993 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.177820921 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.177901030 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.177911997 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:54.179055929 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:55.198209047 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:55.246794939 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:56.833374023 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:56.952924967 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:57.294241905 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:57.294378042 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:57.294703007 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:57.294822931 CET49984587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:57.295803070 CET50010587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:57.414405107 CET5874998477.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:57.415401936 CET5875001077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:57.415513039 CET50010587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:57.422485113 CET50010587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:57.521929026 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:57.542151928 CET5875001077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:57.542274952 CET50010587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:57.641611099 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:57.641730070 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:59.034029007 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:59.034540892 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:59.154644012 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:59.488501072 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:59.489415884 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:50:59.608850002 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:59.943248987 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:50:59.943662882 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:00.063393116 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:00.399486065 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:00.399622917 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:00.399635077 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:00.399650097 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:00.399674892 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:00.399688959 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:00.402302027 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:00.521924019 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:00.856365919 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:00.859637976 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:00.979156971 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:01.313415051 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:01.317488909 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:01.437290907 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:01.771600962 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:01.777184963 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:01.896701097 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:02.252770901 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:02.253269911 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:02.372793913 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:02.717729092 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:02.717947006 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:02.837430000 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.173573971 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.173785925 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.293349981 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.627533913 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.627846956 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.627947092 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.628042936 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.628042936 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.629257917 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.747539997 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.747555017 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.747561932 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.747576952 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.747754097 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.749037981 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.749085903 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.749121904 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.749151945 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.749172926 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.749218941 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.749218941 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.749264002 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.749274969 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.749363899 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.749372005 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.749473095 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.749492884 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.749623060 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.867237091 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.867346048 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.867500067 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.868607044 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.868745089 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.868850946 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.868911028 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.868949890 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.868974924 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.869070053 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.869122028 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.869179964 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.869189024 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.869209051 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.869286060 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.869318962 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.869354010 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.869390011 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.873389006 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.910418987 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.913366079 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.987090111 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.987133980 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.987350941 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:03.988255024 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.988535881 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.988665104 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.988787889 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.988897085 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.988965034 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.989020109 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.989171028 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.989262104 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.989443064 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.989456892 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.989491940 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.989543915 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.989576101 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.989635944 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.989778996 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.989854097 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.989912033 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.989926100 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.989953995 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.992953062 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.992969036 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.993078947 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:03.993093967 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:04.032895088 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:04.032984018 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:04.322067022 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:04.520379066 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:04.520438910 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:04.520447969 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:04.520502090 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:04.520509958 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:04.520658970 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:05.076391935 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:05.143481970 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:20.270498037 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:20.390270948 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:20.724893093 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:20.725191116 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:20.725229979 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:20.725574017 CET50011587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:20.727561951 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:20.845156908 CET5875001177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:20.847119093 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:20.847203970 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:22.147706032 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:22.147900105 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:22.267570972 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:22.601151943 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:22.601351023 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:22.720982075 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:23.251386881 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:23.251960039 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:23.371597052 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:23.706932068 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:23.706957102 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:23.706969976 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:23.707092047 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:23.707113981 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:23.708326101 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:23.710311890 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:23.830812931 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:24.170144081 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:24.172112942 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:24.291774988 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:24.624990940 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:24.625327110 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:24.744982958 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:25.109695911 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:25.110028028 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:25.229615927 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:25.598521948 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:25.598731995 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:25.718300104 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:26.061785936 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:26.065532923 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:26.185416937 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:26.520623922 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:26.520917892 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:26.640502930 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:26.974148989 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:26.974469900 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:26.974531889 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:26.974531889 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:26.974622011 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:26.975775003 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.094368935 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.094399929 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.094430923 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.094440937 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.094450951 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.094482899 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.095416069 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.095424891 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.095458984 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.095467091 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.095490932 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.095500946 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.095511913 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.095515013 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.095535994 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.095536947 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.095561981 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.095583916 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.213663101 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.213675976 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.213723898 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.213758945 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.213839054 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.213876009 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.213970900 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.214013100 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.215140104 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.215176105 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.215238094 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.215291977 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.215354919 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.215393066 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.215398073 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.215445995 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.215486050 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.215524912 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.215538025 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.215579033 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.215595961 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.215640068 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.258678913 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.258733988 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.333410025 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.333615065 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.333786011 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.333861113 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.333861113 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:27.334724903 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.334891081 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.334948063 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.335062027 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.335141897 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.335263014 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.335406065 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.339371920 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.378397942 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.378427982 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.453507900 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.453593016 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.453608036 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.453685999 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.453799963 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.453809977 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.453900099 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.453921080 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.453999996 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.454051971 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.454091072 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.454149961 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.454238892 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:27.454292059 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:28.321851969 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:28.371802092 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:38.301430941 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:38.421108007 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:38.754363060 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:38.754496098 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:38.754543066 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:38.754848003 CET50018587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:38.755831957 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:38.874573946 CET5875001877.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:38.875390053 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:38.875473022 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:40.127307892 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:40.127481937 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:40.247010946 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:40.568797112 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:40.568947077 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:40.688551903 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:41.010677099 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:41.011079073 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:41.130882978 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:41.454593897 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:41.454622984 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:41.454637051 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:41.454653025 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:41.454741001 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:41.454741001 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:41.459379911 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:41.579094887 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:41.900984049 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:41.905368090 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:42.025000095 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:42.346760035 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:42.347006083 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:42.466687918 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:42.788171053 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:42.788531065 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:42.908480883 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:43.254056931 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:43.254436970 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:43.374213934 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:43.709726095 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:43.709981918 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:43.829755068 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.172110081 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.172542095 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.292354107 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.614134073 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.614502907 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.614593029 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.614656925 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.614727020 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.616235018 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.734344006 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.734406948 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.734406948 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.734436989 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.734466076 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.734512091 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.735832930 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.735879898 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.735925913 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.735987902 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.736020088 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.736048937 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.736072063 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.736099005 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.736136913 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.736166000 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.736187935 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.736192942 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.736222029 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.736242056 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.853864908 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.853907108 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.853935003 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.853945017 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.853974104 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.854001999 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.854100943 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.854160070 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.855457067 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.855511904 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.855598927 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.855659962 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.855880976 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.855935097 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.855983019 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.856035948 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.856103897 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.856167078 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.856169939 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.856223106 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.856266022 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.856319904 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.902457952 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.902522087 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.973835945 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.973906040 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.973929882 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.973979950 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.974330902 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.974384069 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:44.975656033 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.975879908 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.975891113 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.976150990 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.976289034 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.976423025 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.976558924 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.976593018 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.976676941 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.976716995 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.976872921 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.976882935 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:44.976918936 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:45.022192955 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:45.022298098 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:45.094007015 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:45.094048977 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:45.094110966 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:45.094163895 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:45.094192982 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:45.094221115 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:45.094270945 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:45.094299078 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:45.094425917 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:45.094454050 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:45.094522953 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:45.094573975 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:45.094628096 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:45.231964111 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:45.288748026 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:45.352387905 CET5875001977.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:45.352459908 CET50019587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:45.408550978 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:45.409559965 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:46.773083925 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:46.773454905 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:46.893202066 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:47.241971016 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:47.242122889 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:47.361787081 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:47.710022926 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:47.710624933 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:47.830573082 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:48.179908037 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:48.179929018 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:48.179940939 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:48.179955006 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:48.181359053 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:48.224901915 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:48.344460964 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:48.692950010 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:48.695864916 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:48.815620899 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:49.172629118 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:49.173041105 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:49.292813063 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:49.640886068 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:49.641369104 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:49.761066914 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:50.124294996 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:50.124556065 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:50.244334936 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:50.595434904 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:50.616925955 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:50.946459055 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:50.946696043 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:50.981365919 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:51.220729113 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:51.220745087 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:51.662079096 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:51.662302017 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:51.781900883 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.130234003 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.130635977 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.130707026 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.130707026 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.130781889 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.132051945 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.250576973 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.250678062 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.250709057 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.250735998 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.250772953 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.250859976 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.251734018 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.251792908 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.251821995 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.251863003 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.251939058 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.251956940 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.255693913 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.370158911 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.370198965 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.370343924 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.371263027 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.371294975 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.371381044 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.371411085 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.371421099 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.371439934 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.371439934 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.371464968 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.371488094 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.371503115 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.371553898 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.489619970 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.489692926 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.490770102 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.490829945 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.490904093 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.490941048 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.490972042 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.490994930 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.609214067 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.609282970 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.610097885 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.610150099 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.610439062 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.610495090 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.610503912 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.610549927 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.610572100 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.610591888 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:52.658621073 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.728707075 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.729516983 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.729573011 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.729806900 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.729908943 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.770548105 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.848016024 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.849004030 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.849072933 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.849217892 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.849280119 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.849311113 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.967550993 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.967613935 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.968360901 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.968391895 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.968426943 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.968482018 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.968511105 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.968647003 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.968698978 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.968771935 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:52.968800068 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:53.086975098 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:53.086992025 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:53.087716103 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:53.087738991 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:53.087790966 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:53.087837934 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:53.087960958 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:53.088000059 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:53.088186026 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:53.088243961 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:53.088252068 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:53.884123087 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:53.954302073 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:54.074002981 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:54.421747923 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:54.421935081 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:54.421993971 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:54.422329903 CET50020587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:54.423464060 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:54.541980028 CET5875002077.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:54.567621946 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:54.567722082 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:56.171823978 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:56.173546076 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:56.293207884 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:56.628412962 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:56.628624916 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:56.748212099 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:57.083501101 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:57.083971977 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:57.204735994 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:57.541559935 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:57.541625977 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:57.541660070 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:57.541723967 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:57.541755915 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:57.541863918 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:57.553397894 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:57.673039913 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:58.008610964 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:58.012577057 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:58.133521080 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:58.469257116 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:58.469544888 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:58.589066982 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:58.925065041 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:58.925383091 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:59.044883013 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:59.401016951 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:59.401278019 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:59.522296906 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:59.865418911 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:51:59.865705013 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:51:59.999454021 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:00.435379028 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:00.435749054 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:00.558804035 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:00.894009113 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:00.894334078 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:00.894382954 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:00.894411087 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:00.894455910 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:00.899501085 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.014189959 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.014235020 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.014264107 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.014278889 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.014296055 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.014338970 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.019160032 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.019208908 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.019229889 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.019264936 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.019273996 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.019304037 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.019331932 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.019347906 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.019404888 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.019433975 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.019452095 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.019479990 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.019484043 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.019512892 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.019545078 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.019547939 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.019555092 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.019598007 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.134067059 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.134145975 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.134155989 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.134211063 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.139203072 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.139264107 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.139297962 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.139365911 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.139369011 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.139419079 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.139436960 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.139472008 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.139494896 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.139545918 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.139549017 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.139594078 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.139664888 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.139724016 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.139763117 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.139816046 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.139830112 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.139884949 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.182509899 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.182585955 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.253952026 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.254070044 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:01.254087925 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.259021997 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.259161949 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.259335041 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.259440899 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.259474993 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.259701967 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.259733915 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.259870052 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.259922028 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.259949923 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.260081053 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.260109901 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.260163069 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.260190964 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.260251045 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.260294914 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.260346889 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.260374069 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.260442972 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.260471106 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.260504961 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.260596037 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.260627985 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.260654926 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.302303076 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.302339077 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.373691082 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.373752117 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.373795986 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.373846054 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:01.373872995 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:02.255604982 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:02.309508085 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:05.953428984 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:06.073227882 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:06.408737898 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:06.408927917 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:06.409013033 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:06.409406900 CET50021587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:06.410461903 CET50022587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:06.528835058 CET5875002177.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:06.529915094 CET5875002277.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:06.530217886 CET50022587192.168.2.477.88.21.158
                                                                                                        Nov 25, 2024 09:52:07.786484003 CET5875002277.88.21.158192.168.2.4
                                                                                                        Nov 25, 2024 09:52:07.840787888 CET50022587192.168.2.477.88.21.158

                                                                                                        UDP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Nov 25, 2024 09:48:00.790427923 CET5797353192.168.2.41.1.1.1
                                                                                                        Nov 25, 2024 09:48:00.927352905 CET53579731.1.1.1192.168.2.4
                                                                                                        Nov 25, 2024 09:48:03.511440992 CET5625053192.168.2.41.1.1.1
                                                                                                        Nov 25, 2024 09:48:03.910178900 CET53562501.1.1.1192.168.2.4

                                                                                                        DNS Queries

                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                        Nov 25, 2024 09:48:00.790427923 CET192.168.2.41.1.1.10xf879Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                        Nov 25, 2024 09:48:03.511440992 CET192.168.2.41.1.1.10x3c50Standard query (0)smtp.yandex.ruA (IP address)IN (0x0001)false

                                                                                                        DNS Answers

                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                        Nov 25, 2024 09:48:00.927352905 CET1.1.1.1192.168.2.40xf879No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                        Nov 25, 2024 09:48:00.927352905 CET1.1.1.1192.168.2.40xf879No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                        Nov 25, 2024 09:48:00.927352905 CET1.1.1.1192.168.2.40xf879No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                        Nov 25, 2024 09:48:03.910178900 CET1.1.1.1192.168.2.40x3c50No error (0)smtp.yandex.ru77.88.21.158A (IP address)IN (0x0001)false

                                                                                                        HTTP Request Dependency Graph

                                                                                                        • api.ipify.org

                                                                                                        HTTPS Proxied Packets

                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        0192.168.2.449732172.67.74.1524437416C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        2024-11-25 08:48:02 UTC155OUTGET / HTTP/1.1
                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                        Host: api.ipify.org
                                                                                                        Connection: Keep-Alive
                                                                                                        2024-11-25 08:48:02 UTC399INHTTP/1.1 200 OK
                                                                                                        Date: Mon, 25 Nov 2024 08:48:02 GMT
                                                                                                        Content-Type: text/plain
                                                                                                        Content-Length: 11
                                                                                                        Connection: close
                                                                                                        Vary: Origin
                                                                                                        cf-cache-status: DYNAMIC
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8e80609f7b80c343-EWR
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1609&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=769&delivery_rate=1773997&cwnd=208&unsent_bytes=0&cid=244b855c690e5c46&ts=455&x=0"
                                                                                                        2024-11-25 08:48:02 UTC11INData Raw: 38 2e 34 36 2e 31 32 33 2e 37 35
                                                                                                        Data Ascii: 8.46.123.75


                                                                                                        SMTP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                        Nov 25, 2024 09:48:05.648724079 CET5874973577.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-69.iva.yp-c.yandex.net Ok 1732524485-5mSMtBSOq0U0
                                                                                                        Nov 25, 2024 09:48:05.652806997 CET49735587192.168.2.477.88.21.158EHLO 051829
                                                                                                        Nov 25, 2024 09:48:06.114379883 CET5874973577.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-69.iva.yp-c.yandex.net
                                                                                                        250-8BITMIME
                                                                                                        250-PIPELINING
                                                                                                        250-SIZE 53477376
                                                                                                        250-STARTTLS
                                                                                                        250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                        250-DSN
                                                                                                        250 ENHANCEDSTATUSCODES
                                                                                                        Nov 25, 2024 09:48:06.114562035 CET49735587192.168.2.477.88.21.158STARTTLS
                                                                                                        Nov 25, 2024 09:48:06.576026917 CET5874973577.88.21.158192.168.2.4220 Go ahead
                                                                                                        Nov 25, 2024 09:50:33.621890068 CET5874995077.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-77.iva.yp-c.yandex.net Ok 1732524633-XoSB3tHOeiE0
                                                                                                        Nov 25, 2024 09:50:33.622122049 CET49950587192.168.2.477.88.21.158EHLO 051829
                                                                                                        Nov 25, 2024 09:50:34.065808058 CET5874995077.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-77.iva.yp-c.yandex.net
                                                                                                        250-8BITMIME
                                                                                                        250-PIPELINING
                                                                                                        250-SIZE 53477376
                                                                                                        250-STARTTLS
                                                                                                        250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                        250-DSN
                                                                                                        250 ENHANCEDSTATUSCODES
                                                                                                        Nov 25, 2024 09:50:34.069200993 CET49950587192.168.2.477.88.21.158STARTTLS
                                                                                                        Nov 25, 2024 09:50:34.513355017 CET5874995077.88.21.158192.168.2.4220 Go ahead
                                                                                                        Nov 25, 2024 09:50:44.646933079 CET5874997377.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-69.iva.yp-c.yandex.net Ok 1732524644-ioS9rCSOgqM0
                                                                                                        Nov 25, 2024 09:50:44.647102118 CET49973587192.168.2.477.88.21.158EHLO 051829
                                                                                                        Nov 25, 2024 09:50:45.130146980 CET5874997377.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-69.iva.yp-c.yandex.net
                                                                                                        250-8BITMIME
                                                                                                        250-PIPELINING
                                                                                                        250-SIZE 53477376
                                                                                                        250-STARTTLS
                                                                                                        250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                        250-DSN
                                                                                                        250 ENHANCEDSTATUSCODES
                                                                                                        Nov 25, 2024 09:50:45.130326033 CET49973587192.168.2.477.88.21.158STARTTLS
                                                                                                        Nov 25, 2024 09:50:45.580578089 CET5874997377.88.21.158192.168.2.4220 Go ahead
                                                                                                        Nov 25, 2024 09:50:48.901494026 CET5874998477.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-22.iva.yp-c.yandex.net Ok 1732524648-moSZonROcmI0
                                                                                                        Nov 25, 2024 09:50:48.901659966 CET49984587192.168.2.477.88.21.158EHLO 051829
                                                                                                        Nov 25, 2024 09:50:49.362790108 CET5874998477.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-22.iva.yp-c.yandex.net
                                                                                                        250-8BITMIME
                                                                                                        250-PIPELINING
                                                                                                        250-SIZE 53477376
                                                                                                        250-STARTTLS
                                                                                                        250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                        250-DSN
                                                                                                        250 ENHANCEDSTATUSCODES
                                                                                                        Nov 25, 2024 09:50:49.365379095 CET49984587192.168.2.477.88.21.158STARTTLS
                                                                                                        Nov 25, 2024 09:50:49.826127052 CET5874998477.88.21.158192.168.2.4220 Go ahead
                                                                                                        Nov 25, 2024 09:50:59.034029007 CET5875001177.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-91.iva.yp-c.yandex.net Ok 1732524658-woSAflROpW20
                                                                                                        Nov 25, 2024 09:50:59.034540892 CET50011587192.168.2.477.88.21.158EHLO 051829
                                                                                                        Nov 25, 2024 09:50:59.488501072 CET5875001177.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-91.iva.yp-c.yandex.net
                                                                                                        250-8BITMIME
                                                                                                        250-PIPELINING
                                                                                                        250-SIZE 53477376
                                                                                                        250-STARTTLS
                                                                                                        250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                        250-DSN
                                                                                                        250 ENHANCEDSTATUSCODES
                                                                                                        Nov 25, 2024 09:50:59.489415884 CET50011587192.168.2.477.88.21.158STARTTLS
                                                                                                        Nov 25, 2024 09:50:59.943248987 CET5875001177.88.21.158192.168.2.4220 Go ahead
                                                                                                        Nov 25, 2024 09:51:22.147706032 CET5875001877.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-22.iva.yp-c.yandex.net Ok 1732524681-LpSw2oROmeA0
                                                                                                        Nov 25, 2024 09:51:22.147900105 CET50018587192.168.2.477.88.21.158EHLO 051829
                                                                                                        Nov 25, 2024 09:51:22.601151943 CET5875001877.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-22.iva.yp-c.yandex.net
                                                                                                        250-8BITMIME
                                                                                                        250-PIPELINING
                                                                                                        250-SIZE 53477376
                                                                                                        250-STARTTLS
                                                                                                        250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                        250-DSN
                                                                                                        250 ENHANCEDSTATUSCODES
                                                                                                        Nov 25, 2024 09:51:22.601351023 CET50018587192.168.2.477.88.21.158STARTTLS
                                                                                                        Nov 25, 2024 09:51:23.251386881 CET5875001877.88.21.158192.168.2.4220 Go ahead
                                                                                                        Nov 25, 2024 09:51:40.127307892 CET5875001977.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-91.iva.yp-c.yandex.net Ok 1732524699-dpSXulROqCg0
                                                                                                        Nov 25, 2024 09:51:40.127481937 CET50019587192.168.2.477.88.21.158EHLO 051829
                                                                                                        Nov 25, 2024 09:51:40.568797112 CET5875001977.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-91.iva.yp-c.yandex.net
                                                                                                        250-8BITMIME
                                                                                                        250-PIPELINING
                                                                                                        250-SIZE 53477376
                                                                                                        250-STARTTLS
                                                                                                        250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                        250-DSN
                                                                                                        250 ENHANCEDSTATUSCODES
                                                                                                        Nov 25, 2024 09:51:40.568947077 CET50019587192.168.2.477.88.21.158STARTTLS
                                                                                                        Nov 25, 2024 09:51:41.010677099 CET5875001977.88.21.158192.168.2.4220 Go ahead
                                                                                                        Nov 25, 2024 09:51:46.773083925 CET5875002077.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-54.vla.yp-c.yandex.net Ok 1732524706-kpSkF3hOh8c0
                                                                                                        Nov 25, 2024 09:51:46.773454905 CET50020587192.168.2.477.88.21.158EHLO 051829
                                                                                                        Nov 25, 2024 09:51:47.241971016 CET5875002077.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-54.vla.yp-c.yandex.net
                                                                                                        250-8BITMIME
                                                                                                        250-PIPELINING
                                                                                                        250-SIZE 53477376
                                                                                                        250-STARTTLS
                                                                                                        250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                        250-DSN
                                                                                                        250 ENHANCEDSTATUSCODES
                                                                                                        Nov 25, 2024 09:51:47.242122889 CET50020587192.168.2.477.88.21.158STARTTLS
                                                                                                        Nov 25, 2024 09:51:47.710022926 CET5875002077.88.21.158192.168.2.4220 Go ahead
                                                                                                        Nov 25, 2024 09:51:56.171823978 CET5875002177.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-19.sas.yp-c.yandex.net Ok 1732524715-tpSBg0fOma60
                                                                                                        Nov 25, 2024 09:51:56.173546076 CET50021587192.168.2.477.88.21.158EHLO 051829
                                                                                                        Nov 25, 2024 09:51:56.628412962 CET5875002177.88.21.158192.168.2.4250-mail-nwsmtp-smtp-production-main-19.sas.yp-c.yandex.net
                                                                                                        250-8BITMIME
                                                                                                        250-PIPELINING
                                                                                                        250-SIZE 53477376
                                                                                                        250-STARTTLS
                                                                                                        250-AUTH LOGIN PLAIN XOAUTH2
                                                                                                        250-DSN
                                                                                                        250 ENHANCEDSTATUSCODES
                                                                                                        Nov 25, 2024 09:51:56.628624916 CET50021587192.168.2.477.88.21.158STARTTLS
                                                                                                        Nov 25, 2024 09:51:57.083501101 CET5875002177.88.21.158192.168.2.4220 Go ahead
                                                                                                        Nov 25, 2024 09:52:07.786484003 CET5875002277.88.21.158192.168.2.4220 mail-nwsmtp-smtp-production-main-22.iva.yp-c.yandex.net Ok 1732524727-7qSRJoROiqM0

                                                                                                        Statistics

                                                                                                        CPU Usage

                                                                                                        Click to jump to process

                                                                                                        Memory Usage

                                                                                                        Click to jump to process

                                                                                                        High Level Behavior Distribution

                                                                                                        Click to dive into process behavior distribution

                                                                                                        Behavior

                                                                                                        Click to jump to process

                                                                                                        System Behavior

                                                                                                        General

                                                                                                        Target ID:0
                                                                                                        Start time:03:47:57
                                                                                                        Start date:25/11/2024
                                                                                                        Path:C:\Users\user\Desktop\DATASHEET.pdf.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Users\user\Desktop\DATASHEET.pdf.exe"
                                                                                                        Imagebase:0x20000
                                                                                                        File size:721'408 bytes
                                                                                                        MD5 hash:AE4D2CC4C9BCEF9ED978538CE4D84DC9
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1688474615.0000000003411000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1688474615.0000000003411000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1688474615.000000000352B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1688474615.000000000352B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:2
                                                                                                        Start time:03:47:59
                                                                                                        Start date:25/11/2024
                                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                                                                                                        Imagebase:0xdd0000
                                                                                                        File size:45'984 bytes
                                                                                                        MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4129906411.00000000030AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.4129906411.00000000030AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4128486152.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.4128486152.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        Reputation:high
                                                                                                        Has exited:false

                                                                                                        Disassembly

                                                                                                        Reset < >

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:11.6%
                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                          Signature Coverage:6.3%
                                                                                                          Total number of Nodes:237
                                                                                                          Total number of Limit Nodes:31
                                                                                                          execution_graph 33074 99b058 33078 99b13f 33074->33078 33083 99b150 33074->33083 33075 99b067 33079 99b184 33078->33079 33081 99b161 33078->33081 33079->33075 33080 99b388 GetModuleHandleW 33082 99b3b5 33080->33082 33081->33079 33081->33080 33082->33075 33084 99b184 33083->33084 33085 99b161 33083->33085 33084->33075 33085->33084 33086 99b388 GetModuleHandleW 33085->33086 33087 99b3b5 33086->33087 33087->33075 33088 99d3d8 33089 99d41e 33088->33089 33093 99d5b8 33089->33093 33096 99d5a8 33089->33096 33090 99d50b 33099 99ccc0 33093->33099 33097 99d5e6 33096->33097 33098 99ccc0 DuplicateHandle 33096->33098 33097->33090 33098->33097 33100 99d620 DuplicateHandle 33099->33100 33101 99d5e6 33100->33101 33101->33090 33333 994668 33334 994684 33333->33334 33335 9946b2 33334->33335 33337 994908 33334->33337 33338 99492d 33337->33338 33343 994a18 33338->33343 33347 994bc8 33338->33347 33352 994a08 33338->33352 33339 994937 33339->33335 33345 994a3f 33343->33345 33344 994b1c 33344->33344 33345->33344 33357 994618 33345->33357 33348 994af3 33347->33348 33351 994bd7 33347->33351 33349 994618 CreateActCtxA 33348->33349 33350 994b1c 33348->33350 33349->33350 33350->33339 33350->33350 33351->33339 33353 9949a6 33352->33353 33355 994a17 33352->33355 33353->33339 33354 994b1c 33354->33354 33355->33354 33356 994618 CreateActCtxA 33355->33356 33356->33354 33358 995ea8 CreateActCtxA 33357->33358 33360 995f6b 33358->33360 33361 6de7def 33362 6de7dfc 33361->33362 33363 6de7b4f 33362->33363 33366 6de8388 12 API calls 33362->33366 33367 6de8378 12 API calls 33362->33367 33364 6de8388 12 API calls 33363->33364 33365 6de8378 12 API calls 33363->33365 33364->33363 33365->33363 33366->33363 33367->33363 33102 6de7a5b 33103 6de7a08 33102->33103 33104 6de7e24 33103->33104 33107 6de8388 33103->33107 33112 6de8378 33103->33112 33108 6de83a2 33107->33108 33109 6de83aa 33108->33109 33117 6de8728 33108->33117 33136 6de8773 33108->33136 33109->33103 33114 6de8388 33112->33114 33113 6de83aa 33113->33103 33114->33113 33115 6de8728 12 API calls 33114->33115 33116 6de8773 12 API calls 33114->33116 33115->33113 33116->33113 33118 6de878c 33117->33118 33119 6de8736 33117->33119 33123 6de87a7 33118->33123 33154 6de88be 33118->33154 33160 6de8b81 33118->33160 33173 6de8a01 33118->33173 33183 6de87c0 33118->33183 33189 6de8aa3 33118->33189 33193 6de8ae8 33118->33193 33206 6de8bca 33118->33206 33219 6de92f0 33118->33219 33224 6de8a30 33118->33224 33228 6de8e14 33118->33228 33238 6de8e74 33118->33238 33243 6de87b7 33118->33243 33249 6de8d78 33118->33249 33259 6de8b1f 33118->33259 33272 6de8f9f 33118->33272 33119->33109 33123->33109 33137 6de878c 33136->33137 33138 6de88be 2 API calls 33137->33138 33139 6de8f9f 2 API calls 33137->33139 33140 6de8b1f 4 API calls 33137->33140 33141 6de8d78 2 API calls 33137->33141 33142 6de87b7 2 API calls 33137->33142 33143 6de8e74 2 API calls 33137->33143 33144 6de8e14 2 API calls 33137->33144 33145 6de8a30 2 API calls 33137->33145 33146 6de92f0 2 API calls 33137->33146 33147 6de8bca 4 API calls 33137->33147 33148 6de8ae8 4 API calls 33137->33148 33149 6de87a7 33137->33149 33150 6de8aa3 2 API calls 33137->33150 33151 6de87c0 2 API calls 33137->33151 33152 6de8a01 2 API calls 33137->33152 33153 6de8b81 4 API calls 33137->33153 33138->33149 33139->33149 33140->33149 33141->33149 33142->33149 33143->33149 33144->33149 33145->33149 33146->33149 33147->33149 33148->33149 33149->33109 33150->33149 33151->33149 33152->33149 33153->33149 33155 6de88c7 33154->33155 33156 6de886f 33154->33156 33155->33123 33156->33155 33277 6de75c8 33156->33277 33281 6de75c3 33156->33281 33161 6de8bd1 33160->33161 33162 6de89f7 33161->33162 33285 6de742b 33161->33285 33289 6de7430 33161->33289 33163 6de8a09 33162->33163 33164 6de8c37 33162->33164 33293 6de7340 33162->33293 33297 6de733f 33162->33297 33165 6de92b6 33163->33165 33171 6de733f WriteProcessMemory 33163->33171 33172 6de7340 WriteProcessMemory 33163->33172 33164->33123 33164->33164 33165->33123 33166 6de9328 33171->33166 33172->33166 33174 6de89f7 33173->33174 33175 6de90b5 33174->33175 33176 6de8a09 33174->33176 33181 6de733f WriteProcessMemory 33174->33181 33182 6de7340 WriteProcessMemory 33174->33182 33175->33123 33177 6de92b6 33176->33177 33179 6de733f WriteProcessMemory 33176->33179 33180 6de7340 WriteProcessMemory 33176->33180 33177->33123 33178 6de9328 33179->33178 33180->33178 33181->33174 33182->33174 33185 6de87f3 33183->33185 33184 6de88c7 33184->33123 33185->33184 33187 6de75c8 CreateProcessA 33185->33187 33188 6de75c3 CreateProcessA 33185->33188 33186 6de89d5 33186->33123 33187->33186 33188->33186 33191 6de733f WriteProcessMemory 33189->33191 33192 6de7340 WriteProcessMemory 33189->33192 33190 6de8ac7 33191->33190 33192->33190 33194 6de8aaf 33193->33194 33194->33193 33301 6de7278 33194->33301 33305 6de7280 33194->33305 33195 6de89f7 33197 6de8a09 33195->33197 33199 6de8f99 33195->33199 33200 6de733f WriteProcessMemory 33195->33200 33201 6de7340 WriteProcessMemory 33195->33201 33196 6de9328 33198 6de92b6 33197->33198 33202 6de733f WriteProcessMemory 33197->33202 33203 6de7340 WriteProcessMemory 33197->33203 33198->33123 33199->33123 33200->33195 33201->33195 33202->33196 33203->33196 33207 6de8bd0 33206->33207 33217 6de742b ReadProcessMemory 33207->33217 33218 6de7430 ReadProcessMemory 33207->33218 33208 6de8c37 33208->33123 33208->33208 33209 6de89f7 33209->33208 33210 6de8a09 33209->33210 33215 6de733f WriteProcessMemory 33209->33215 33216 6de7340 WriteProcessMemory 33209->33216 33211 6de92b6 33210->33211 33213 6de733f WriteProcessMemory 33210->33213 33214 6de7340 WriteProcessMemory 33210->33214 33211->33123 33212 6de9328 33213->33212 33214->33212 33215->33209 33216->33209 33217->33209 33218->33209 33220 6de92f6 33219->33220 33222 6de733f WriteProcessMemory 33220->33222 33223 6de7340 WriteProcessMemory 33220->33223 33221 6de9328 33222->33221 33223->33221 33309 6de6d69 33224->33309 33313 6de6d70 33224->33313 33225 6de8a4a 33234 6de733f WriteProcessMemory 33228->33234 33235 6de7340 WriteProcessMemory 33228->33235 33229 6de89f7 33229->33228 33230 6de90b5 33229->33230 33231 6de8a09 33229->33231 33230->33123 33232 6de92b6 33231->33232 33236 6de733f WriteProcessMemory 33231->33236 33237 6de7340 WriteProcessMemory 33231->33237 33232->33123 33233 6de9328 33234->33229 33235->33229 33236->33233 33237->33233 33239 6de8e81 33238->33239 33317 6de6cb8 33239->33317 33322 6de6cc0 33239->33322 33240 6de90d3 33245 6de87c0 33243->33245 33244 6de88c7 33244->33123 33245->33244 33247 6de75c8 CreateProcessA 33245->33247 33248 6de75c3 CreateProcessA 33245->33248 33246 6de89d5 33246->33123 33247->33246 33248->33246 33253 6de89f7 33249->33253 33250 6de8a09 33251 6de92b6 33250->33251 33257 6de733f WriteProcessMemory 33250->33257 33258 6de7340 WriteProcessMemory 33250->33258 33251->33123 33252 6de9328 33253->33250 33254 6de90b5 33253->33254 33255 6de733f WriteProcessMemory 33253->33255 33256 6de7340 WriteProcessMemory 33253->33256 33254->33123 33255->33253 33256->33253 33257->33252 33258->33252 33260 6de8aec 33259->33260 33264 6de89f7 33259->33264 33260->33264 33266 6de7278 VirtualAllocEx 33260->33266 33267 6de7280 VirtualAllocEx 33260->33267 33261 6de9328 33262 6de8a09 33263 6de92b6 33262->33263 33270 6de733f WriteProcessMemory 33262->33270 33271 6de7340 WriteProcessMemory 33262->33271 33263->33123 33264->33262 33265 6de8f99 33264->33265 33268 6de733f WriteProcessMemory 33264->33268 33269 6de7340 WriteProcessMemory 33264->33269 33265->33123 33266->33264 33267->33264 33268->33264 33269->33264 33270->33261 33271->33261 33273 6de8fac 33272->33273 33274 6de90d3 33273->33274 33275 6de6cb8 ResumeThread 33273->33275 33276 6de6cc0 ResumeThread 33273->33276 33275->33274 33276->33274 33278 6de7651 CreateProcessA 33277->33278 33280 6de7813 33278->33280 33282 6de75c8 CreateProcessA 33281->33282 33284 6de7813 33282->33284 33286 6de7430 ReadProcessMemory 33285->33286 33288 6de74bf 33286->33288 33288->33162 33290 6de747b ReadProcessMemory 33289->33290 33292 6de74bf 33290->33292 33292->33162 33294 6de7388 WriteProcessMemory 33293->33294 33296 6de73df 33294->33296 33296->33162 33298 6de7340 WriteProcessMemory 33297->33298 33300 6de73df 33298->33300 33300->33162 33302 6de7280 VirtualAllocEx 33301->33302 33304 6de72fd 33302->33304 33304->33195 33306 6de72c0 VirtualAllocEx 33305->33306 33308 6de72fd 33306->33308 33308->33195 33310 6de6d70 Wow64SetThreadContext 33309->33310 33312 6de6dfd 33310->33312 33312->33225 33314 6de6db5 Wow64SetThreadContext 33313->33314 33316 6de6dfd 33314->33316 33316->33225 33318 6de6cbe ResumeThread 33317->33318 33319 6de6c7e 33317->33319 33321 6de6d31 33318->33321 33319->33240 33321->33240 33323 6de6d00 ResumeThread 33322->33323 33325 6de6d31 33323->33325 33325->33240 33326 6de96c8 33327 6de9853 33326->33327 33329 6de96ee 33326->33329 33329->33327 33330 6de58e8 33329->33330 33331 6de9948 PostMessageW 33330->33331 33332 6de99b4 33331->33332 33332->33329

                                                                                                          Executed Functions

                                                                                                          Function 072054D8 Relevance: 8.4, Strings: 6, Instructions: 890COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (odq$(odq$(odq$,hq$,hq$Hhq
                                                                                                          • API String ID: 0-3851809434
                                                                                                          • Opcode ID: 40b06dc5f0422d06e04527ef7a5620cbfc7c5e4562ec319314c4901f8d42e4c2
                                                                                                          • Instruction ID: f3668186dc72e3fb31d571c372326e6fc3bdd5dca20e598d008cf04728c55235
                                                                                                          • Opcode Fuzzy Hash: 40b06dc5f0422d06e04527ef7a5620cbfc7c5e4562ec319314c4901f8d42e4c2
                                                                                                          • Instruction Fuzzy Hash: F4724FB0A1021A9FDB14DF69C954AAEBBF6FF89300F148159E405AB392DB34DD51CFA0
                                                                                                          Function 07202106 Relevance: 1.8, Strings: 1, Instructions: 562COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1223 7202106-720210a 1224 720210b-7202120 1223->1224 1225 7202acd-7202adf 1223->1225 1224->1225 1226 7202121-720212c 1224->1226 1228 7202132-720213e 1226->1228 1229 720214a-7202159 1228->1229 1231 72021b8-72021bc 1229->1231 1232 72021c2-72021cb 1231->1232 1233 7202264-72022ce 1231->1233 1234 72021d1-72021e7 1232->1234 1235 72020c6-72020d2 1232->1235 1233->1225 1271 72022d4-720281b 1233->1271 1243 7202239-720224b 1234->1243 1244 72021e9-72021ec 1234->1244 1235->1225 1237 72020d8-72020e4 1235->1237 1238 72020e6-72020fa 1237->1238 1239 720215b-7202161 1237->1239 1238->1239 1249 72020fc-7202105 1238->1249 1239->1225 1241 7202167-720217f 1239->1241 1241->1225 1252 7202185-72021ad 1241->1252 1253 7202251-7202261 1243->1253 1254 7202a0c-7202ac2 1243->1254 1244->1225 1245 72021f2-720222f 1244->1245 1245->1233 1267 7202231-7202237 1245->1267 1249->1223 1252->1231 1254->1225 1267->1243 1267->1244 1349 7202832-72028c5 1271->1349 1350 720281d-7202827 1271->1350 1351 72028d0-7202963 1349->1351 1350->1351 1352 720282d 1350->1352 1353 720296e-7202a01 1351->1353 1352->1353 1353->1254
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: D
                                                                                                          • API String ID: 0-2746444292
                                                                                                          • Opcode ID: 7fed694f89117be59d1a512c942a4670932ef2db5cf3d9328d8c15ddaa0ba6cf
                                                                                                          • Instruction ID: 2b8ba04d7e71d46bcbaffb26db31ee5e5aaadc5037f4e961d245d656d39e3baf
                                                                                                          • Opcode Fuzzy Hash: 7fed694f89117be59d1a512c942a4670932ef2db5cf3d9328d8c15ddaa0ba6cf
                                                                                                          • Instruction Fuzzy Hash: 37529874A012288FDB64DF68C998A9DB7B6FF89310F1081D9D50DA73A5CB34AE81CF51
                                                                                                          Function 06DEA440 Relevance: .6, Instructions: 628COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: be7a7f706c4031f0d570b81879fbaf2953c0b6521531a1efbcc6583879f5679c
                                                                                                          • Instruction ID: b8d9e601c42db808508b66f7d60c6642b285bfa7291a807a35c624673d385233
                                                                                                          • Opcode Fuzzy Hash: be7a7f706c4031f0d570b81879fbaf2953c0b6521531a1efbcc6583879f5679c
                                                                                                          • Instruction Fuzzy Hash: A932BF70B012059FDB59EBA9C450BAEBBF6EF89300F184469E146DB3A1CB35ED01CB91
                                                                                                          Function 06DE87C0 Relevance: .2, Instructions: 177COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 453c9af6cb5abb441cc7de9c356e13bd1888d007c7689107248862a71ca36871
                                                                                                          • Instruction ID: 57a3e3a978a79bdc61203f6a856dc89d50aa803c0c4939bfe0e08c7171da05d0
                                                                                                          • Opcode Fuzzy Hash: 453c9af6cb5abb441cc7de9c356e13bd1888d007c7689107248862a71ca36871
                                                                                                          • Instruction Fuzzy Hash: 49711571D45229CFEB68DF66DC407EDBBB6BF89300F10C1AAD409A6250EB705A85DF90
                                                                                                          Function 00994668 Relevance: .1, Instructions: 137COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1687437594.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_990000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 26bb9e828a5797198915f9fdb8861f37f21bc2c98687b4e5a366e341a9c6441a
                                                                                                          • Instruction ID: e2ce3f17f049b3eb3150a3d705872bc69b54569c2015ce288f39129fe9227f5e
                                                                                                          • Opcode Fuzzy Hash: 26bb9e828a5797198915f9fdb8861f37f21bc2c98687b4e5a366e341a9c6441a
                                                                                                          • Instruction Fuzzy Hash: AB51E474D01208CFDB45EFA9E454AADBBB2FF89301F109929E806B7358DB349945CF54
                                                                                                          Function 07206445 Relevance: 6.6, Strings: 5, Instructions: 327COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 545 7206445-7206459 653 720645b call 72067e7 545->653 654 720645b call 72067f7 545->654 655 720645b call 72067f8 545->655 546 7206461-7206471 547 7206666-720666a 546->547 548 7206477-720647a 546->548 551 7206670-7206676 547->551 552 720678f 547->552 549 7206484-7206487 548->549 550 720647c-7206482 548->550 549->552 553 720648d-7206490 549->553 550->549 550->553 554 720667c-7206680 551->554 555 720638f-7206398 551->555 558 7206794-72067a0 552->558 556 7206492-7206496 553->556 557 7206498-720649b 553->557 561 7206682-7206696 554->561 562 7206699-72066a7 554->562 559 72063a7-72063b3 555->559 560 720639a-720639f 555->560 556->557 564 72064a1-72064a5 556->564 557->552 557->564 559->558 563 72063b9-72063bf 559->563 560->559 570 7206718-720672d 562->570 571 72066a9-72066be 562->571 563->547 565 72063c5-72063d5 563->565 564->552 568 72064ab-72064b1 564->568 577 72063d7-72063e7 565->577 578 72063e9-72063eb 565->578 572 7206412-7206423 568->572 573 72064b7-72064e2 call 7206060 * 2 568->573 584 7206734-7206741 570->584 585 720672f-7206732 570->585 586 72066c0-72066c3 571->586 587 72066c5-72066d2 571->587 572->558 576 7206429-720643b 572->576 600 72064e8-72064ec 573->600 601 72065cc-72065e6 573->601 576->558 582 7206441 576->582 583 72063ee-72063f4 577->583 578->583 582->545 583->547 590 72063fa-7206409 583->590 591 7206743-720677e 584->591 585->591 592 72066d4-7206715 586->592 587->592 590->573 594 720640f 590->594 620 7206785-720678c 591->620 594->572 600->547 604 72064f2-72064f6 600->604 601->554 617 72065ec-72065f0 601->617 606 72064f8-7206505 604->606 607 720651e-7206524 604->607 623 7206514 606->623 624 7206507-7206512 606->624 610 7206526-720652a 607->610 611 720655f-7206565 607->611 610->611 616 720652c-7206535 610->616 613 7206571-7206577 611->613 614 7206567-720656b 611->614 621 7206583-7206585 613->621 622 7206579-720657d 613->622 614->613 614->620 625 7206544-720655a 616->625 626 7206537-720653c 616->626 627 72065f2-72065fc call 7204f10 617->627 628 720662c-7206630 617->628 629 7206587-7206590 621->629 630 72065ba-72065bc 621->630 622->547 622->621 631 7206516-7206518 623->631 624->631 625->547 626->625 627->628 641 72065fe-7206613 627->641 628->620 633 7206636-720663a 628->633 636 7206592-7206597 629->636 637 720659f-72065b5 629->637 630->547 638 72065c2-72065c9 630->638 631->547 631->607 633->620 639 7206640-720664d 633->639 636->637 637->547 644 720665c 639->644 645 720664f-720665a 639->645 641->628 650 7206615-720662a 641->650 647 720665e-7206660 644->647 645->647 647->547 647->620 650->554 650->628 653->546 654->546 655->546
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (odq$(odq$(odq$,hq$,hq
                                                                                                          • API String ID: 0-2216594193
                                                                                                          • Opcode ID: 5c845a09644c5e6a102db22df1df9cc65705bc87ceb73c42e4b9081d67bb07f7
                                                                                                          • Instruction ID: 75d4bc63fee51dddd79693403b7f7abc5791f466714cb739c26c65ad72c0458f
                                                                                                          • Opcode Fuzzy Hash: 5c845a09644c5e6a102db22df1df9cc65705bc87ceb73c42e4b9081d67bb07f7
                                                                                                          • Instruction Fuzzy Hash: 4FD15FB4A1020ADFCB24CF68D584AADBBF2FF48315F148559E4099B2A2D735ED51CFA0
                                                                                                          Function 07206BB0 Relevance: 3.2, Strings: 2, Instructions: 698COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 750 7206bb0-720709e 825 72075f0-7207625 750->825 826 72070a4-72070b4 750->826 832 7207631-720764f 825->832 833 7207627-720762c 825->833 826->825 827 72070ba-72070ca 826->827 827->825 829 72070d0-72070e0 827->829 829->825 831 72070e6-72070f6 829->831 831->825 834 72070fc-720710c 831->834 845 7207651-720765b 832->845 846 72076c6-72076d2 832->846 835 7207716-720771b 833->835 834->825 836 7207112-7207122 834->836 836->825 837 7207128-7207138 836->837 837->825 839 720713e-720714e 837->839 839->825 840 7207154-7207164 839->840 840->825 842 720716a-720717a 840->842 842->825 843 7207180-72075ef 842->843 845->846 850 720765d-7207669 845->850 851 72076d4-72076e0 846->851 852 72076e9-72076f5 846->852 858 720766b-7207676 850->858 859 720768e-7207691 850->859 851->852 860 72076e2-72076e7 851->860 861 72076f7-7207703 852->861 862 720770c-720770e 852->862 858->859 873 7207678-7207682 858->873 864 7207693-720769f 859->864 865 72076a8-72076b4 859->865 860->835 861->862 871 7207705-720770a 861->871 862->835 864->865 875 72076a1-72076a6 864->875 867 72076b6-72076bd 865->867 868 720771c-720773e 865->868 867->868 872 72076bf-72076c4 867->872 880 7207740 868->880 881 720774e 868->881 871->835 872->835 873->859 882 7207684-7207689 873->882 875->835 880->881 884 7207747-720774c 880->884 885 7207750-7207751 881->885 882->835 884->885
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $dq$$dq
                                                                                                          • API String ID: 0-2340669324
                                                                                                          • Opcode ID: eb883c196cc9c43f56f93c1acc4008e420cf6e0efdc09d69092d2a6de1efcd6c
                                                                                                          • Instruction ID: 6bab782a5957201ee4817deda5dd9063a5b8a33a936bc4371591acd4527528ca
                                                                                                          • Opcode Fuzzy Hash: eb883c196cc9c43f56f93c1acc4008e420cf6e0efdc09d69092d2a6de1efcd6c
                                                                                                          • Instruction Fuzzy Hash: 7E523174A1021D8FEB64DBA4C860B9EBBB3FF45300F1080A9D50A6B795DF34AE859F51
                                                                                                          Function 07204A68 Relevance: 2.8, Strings: 2, Instructions: 345COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 943 7204a68-7204a8a 944 7204aa0-7204aab 943->944 945 7204a8c-7204a90 943->945 948 7204ab1-7204ab3 944->948 949 7204b53-7204b7f 944->949 946 7204a92-7204a9e 945->946 947 7204ab8-7204abf 945->947 946->944 946->947 950 7204ac1-7204ac8 947->950 951 7204adf-7204ae8 947->951 952 7204b4b-7204b50 948->952 955 7204b86-7204bb2 949->955 950->951 953 7204aca-7204ad5 950->953 1059 7204aea call 7204a67 951->1059 1060 7204aea call 7204a68 951->1060 1061 7204aea call 7204a5a 951->1061 953->955 956 7204adb-7204add 953->956 974 7204bb4-7204bc9 955->974 956->952 957 7204af0-7204af2 958 7204af4-7204af8 957->958 959 7204afa-7204b02 957->959 958->959 962 7204b15-7204b26 958->962 963 7204b11-7204b13 959->963 964 7204b04-7204b09 959->964 1062 7204b29 call 72054d8 962->1062 1063 7204b29 call 72054c9 962->1063 963->952 964->963 967 7204b2f-7204b34 969 7204b36-7204b3f 967->969 970 7204b49 967->970 1054 7204b41 call 720a323 969->1054 1055 7204b41 call 720a328 969->1055 970->952 972 7204b47 972->952 976 7204bcb-7204bde 974->976 977 7204be0-7204be6 976->977 978 7204bed-7204bff 976->978 977->978 980 7204c93-7204c95 978->980 981 7204c05-7204c09 978->981 1056 7204c97 call 7204e20 980->1056 1057 7204c97 call 7204e30 980->1057 1058 7204c97 call 7204e27 980->1058 982 7204c19-7204c26 981->982 983 7204c0b-7204c17 981->983 991 7204c28-7204c32 982->991 983->991 984 7204c9d-7204ca3 987 7204ca5-7204cab 984->987 988 7204caf-7204cb6 984->988 989 7204d11-7204d42 987->989 990 7204cad 987->990 1014 7204d45-7204d69 989->1014 990->988 994 7204c34-7204c43 991->994 995 7204c5f-7204c63 991->995 1006 7204c53-7204c5d 994->1006 1007 7204c45-7204c4c 994->1007 996 7204c65-7204c6b 995->996 997 7204c6f-7204c73 995->997 999 7204cb9-7204d0a 996->999 1000 7204c6d 996->1000 997->988 1001 7204c75-7204c79 997->1001 999->989 1000->988 1003 7204d77-7204d79 1001->1003 1004 7204c7f-7204c91 1001->1004 1003->1014 1015 7204d7b-7204d80 1003->1015 1004->988 1006->995 1007->1006 1021 7204d6c 1014->1021 1016 7204d81 1015->1016 1017 7204dfa-7204dfc 1015->1017 1020 7204d82-7204d9b 1016->1020 1016->1021 1023 7204e03-7204e05 1017->1023 1030 7204da1-7204da3 1020->1030 1031 7204d9d-7204d9f 1020->1031 1024 7204de7-7204df8 1021->1024 1025 7204d6e-7204d76 1021->1025 1027 7204e07-7204e09 1023->1027 1028 7204e0b-7204e0d 1023->1028 1024->1023 1025->1003 1033 7204e19-7204e1c 1027->1033 1038 7204e16 1028->1038 1039 7204e0f-7204e14 1028->1039 1035 7204db4-7204db6 1030->1035 1036 7204da5-7204da9 1030->1036 1031->1033 1043 7204db8-7204dbc 1035->1043 1044 7204dc9-7204dcf 1035->1044 1041 7204dab-7204dad 1036->1041 1042 7204daf-7204db2 1036->1042 1038->1033 1039->1033 1041->1033 1042->1033 1047 7204dc2-7204dc7 1043->1047 1048 7204dbe-7204dc0 1043->1048 1044->1017 1049 7204dd1-7204de3 1044->1049 1047->1033 1048->1033 1049->1024 1054->972 1055->972 1056->984 1057->984 1058->984 1059->957 1060->957 1061->957 1062->967 1063->967
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Hhq$Hhq
                                                                                                          • API String ID: 0-2450388649
                                                                                                          • Opcode ID: 38192195801d248d0c7128b8eae5d2c8b25d9093852ce21afd0c6afd024507e1
                                                                                                          • Instruction ID: b2ef0ae0a8bc130a91abdc4924b9ab591c6f6f857cba702db6598352f7bd3e56
                                                                                                          • Opcode Fuzzy Hash: 38192195801d248d0c7128b8eae5d2c8b25d9093852ce21afd0c6afd024507e1
                                                                                                          • Instruction Fuzzy Hash: 29C1CFB17242968FDB15AF78C45476A7BA2EF8A304F04856AE606CB3D2DB74DC41C7E0
                                                                                                          Function 07204FC8 Relevance: 2.7, Strings: 2, Instructions: 239COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1064 7204fc8-7204fd5 1065 7204fd7-7204fdb 1064->1065 1066 7204fdd-7204fdf 1064->1066 1065->1066 1067 7204fe4-7204fef 1065->1067 1068 72051f0-72051f3 1066->1068 1069 7204ff5-7204ffc 1067->1069 1070 72051f8 1067->1070 1071 72051f4-72051f7 1068->1071 1072 7205191-7205197 1069->1072 1073 7205002-7205011 1069->1073 1076 72051fc 1070->1076 1074 7205199-720519b 1072->1074 1075 720519d-72051a1 1072->1075 1077 7205017-7205026 1073->1077 1078 72051fd-72051ff 1073->1078 1074->1068 1079 72051a3-72051a9 1075->1079 1080 72051ee 1075->1080 1076->1078 1084 7205028-720502b 1077->1084 1085 720503b-720503e 1077->1085 1087 7205201-7205209 1078->1087 1088 72051cb-72051cd 1078->1088 1079->1070 1082 72051ab-72051ae 1079->1082 1080->1068 1082->1070 1086 72051b0-72051c5 1082->1086 1089 720504a-7205050 1084->1089 1090 720502d-7205030 1084->1090 1085->1089 1091 7205040-7205043 1085->1091 1107 72051c7 1086->1107 1108 72051e9-72051ec 1086->1108 1087->1071 1092 720520b-7205211 1087->1092 1093 72051df-72051e2 1088->1093 1094 72051cf-72051dd 1088->1094 1100 7205052-7205058 1089->1100 1101 7205068-7205085 1089->1101 1095 7205131-7205137 1090->1095 1096 7205036 1090->1096 1097 7205045 1091->1097 1098 7205096-720509c 1091->1098 1092->1076 1102 7205213-7205235 1092->1102 1093->1070 1103 72051e4-72051e7 1093->1103 1094->1070 1094->1093 1112 7205139-720513f 1095->1112 1113 720514f-7205159 1095->1113 1104 720515c-7205169 1096->1104 1097->1104 1105 72050b4-72050c6 1098->1105 1106 720509e-72050a4 1098->1106 1109 720505a 1100->1109 1110 720505c-7205066 1100->1110 1139 720508e-7205091 1101->1139 1124 7205237-720523c 1102->1124 1125 720523e-7205242 1102->1125 1103->1107 1103->1108 1129 720516b-720516f 1104->1129 1130 720517d-720517f 1104->1130 1131 72050d6-72050f9 1105->1131 1132 72050c8-72050d4 1105->1132 1114 72050a6 1106->1114 1115 72050a8-72050b2 1106->1115 1107->1088 1108->1068 1109->1101 1110->1101 1117 7205141 1112->1117 1118 7205143-720514d 1112->1118 1113->1104 1114->1105 1115->1105 1117->1113 1118->1113 1133 7205248-720524a 1124->1133 1125->1133 1129->1130 1136 7205171-7205175 1129->1136 1137 7205183-7205186 1130->1137 1131->1070 1146 72050ff-7205102 1131->1146 1143 7205121-720512f 1132->1143 1134 720524c-720525e 1133->1134 1135 720525f-7205266 1133->1135 1136->1070 1140 720517b 1136->1140 1137->1070 1141 7205188-720518b 1137->1141 1139->1104 1140->1137 1141->1072 1141->1073 1143->1104 1146->1070 1148 7205108-720511a 1146->1148 1148->1143
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ,hq$,hq
                                                                                                          • API String ID: 0-3475114797
                                                                                                          • Opcode ID: c2ae97e0601111cbbb418fb521352e99ffc29a59d6bfc6d1dc369cc94379251d
                                                                                                          • Instruction ID: e2dc3e0c0956ff11fe451e1ab61e04b1eec645c408128207cfba6f5fc6ab4c77
                                                                                                          • Opcode Fuzzy Hash: c2ae97e0601111cbbb418fb521352e99ffc29a59d6bfc6d1dc369cc94379251d
                                                                                                          • Instruction Fuzzy Hash: 10915BB4A206069FCB14DF6AC884D6EBBB2FF89200B159169D415DB3A2D731E851CFE1
                                                                                                          Function 06DE75C3 Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1378 6de75c3-6de765d 1381 6de765f-6de7669 1378->1381 1382 6de7696-6de76b6 1378->1382 1381->1382 1383 6de766b-6de766d 1381->1383 1387 6de76ef-6de771e 1382->1387 1388 6de76b8-6de76c2 1382->1388 1385 6de766f-6de7679 1383->1385 1386 6de7690-6de7693 1383->1386 1389 6de767d-6de768c 1385->1389 1390 6de767b 1385->1390 1386->1382 1396 6de7757-6de7811 CreateProcessA 1387->1396 1397 6de7720-6de772a 1387->1397 1388->1387 1392 6de76c4-6de76c6 1388->1392 1389->1389 1391 6de768e 1389->1391 1390->1389 1391->1386 1393 6de76c8-6de76d2 1392->1393 1394 6de76e9-6de76ec 1392->1394 1398 6de76d6-6de76e5 1393->1398 1399 6de76d4 1393->1399 1394->1387 1410 6de781a-6de78a0 1396->1410 1411 6de7813-6de7819 1396->1411 1397->1396 1400 6de772c-6de772e 1397->1400 1398->1398 1401 6de76e7 1398->1401 1399->1398 1402 6de7730-6de773a 1400->1402 1403 6de7751-6de7754 1400->1403 1401->1394 1405 6de773e-6de774d 1402->1405 1406 6de773c 1402->1406 1403->1396 1405->1405 1407 6de774f 1405->1407 1406->1405 1407->1403 1421 6de78a2-6de78a6 1410->1421 1422 6de78b0-6de78b4 1410->1422 1411->1410 1421->1422 1423 6de78a8 1421->1423 1424 6de78b6-6de78ba 1422->1424 1425 6de78c4-6de78c8 1422->1425 1423->1422 1424->1425 1426 6de78bc 1424->1426 1427 6de78ca-6de78ce 1425->1427 1428 6de78d8-6de78dc 1425->1428 1426->1425 1427->1428 1429 6de78d0 1427->1429 1430 6de78ee-6de78f5 1428->1430 1431 6de78de-6de78e4 1428->1431 1429->1428 1432 6de790c 1430->1432 1433 6de78f7-6de7906 1430->1433 1431->1430 1435 6de790d 1432->1435 1433->1432 1435->1435
                                                                                                          APIs
                                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06DE77FE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 963392458-0
                                                                                                          • Opcode ID: cd58d4fe6f5658b0b0e7ae36e3ebe1a672904dd2fbd267c524af48fa44fefe4e
                                                                                                          • Instruction ID: 46ec5db63d11759d99abae6013a4d79afa3289457b958b6c6918ac21c3c11c6a
                                                                                                          • Opcode Fuzzy Hash: cd58d4fe6f5658b0b0e7ae36e3ebe1a672904dd2fbd267c524af48fa44fefe4e
                                                                                                          • Instruction Fuzzy Hash: 3F915B71D002199FDBA0EF69C881BDEBBB2FF48314F148569E819A7280DB749985CF91
                                                                                                          Function 06DE75C8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1436 6de75c8-6de765d 1438 6de765f-6de7669 1436->1438 1439 6de7696-6de76b6 1436->1439 1438->1439 1440 6de766b-6de766d 1438->1440 1444 6de76ef-6de771e 1439->1444 1445 6de76b8-6de76c2 1439->1445 1442 6de766f-6de7679 1440->1442 1443 6de7690-6de7693 1440->1443 1446 6de767d-6de768c 1442->1446 1447 6de767b 1442->1447 1443->1439 1453 6de7757-6de7811 CreateProcessA 1444->1453 1454 6de7720-6de772a 1444->1454 1445->1444 1449 6de76c4-6de76c6 1445->1449 1446->1446 1448 6de768e 1446->1448 1447->1446 1448->1443 1450 6de76c8-6de76d2 1449->1450 1451 6de76e9-6de76ec 1449->1451 1455 6de76d6-6de76e5 1450->1455 1456 6de76d4 1450->1456 1451->1444 1467 6de781a-6de78a0 1453->1467 1468 6de7813-6de7819 1453->1468 1454->1453 1457 6de772c-6de772e 1454->1457 1455->1455 1458 6de76e7 1455->1458 1456->1455 1459 6de7730-6de773a 1457->1459 1460 6de7751-6de7754 1457->1460 1458->1451 1462 6de773e-6de774d 1459->1462 1463 6de773c 1459->1463 1460->1453 1462->1462 1464 6de774f 1462->1464 1463->1462 1464->1460 1478 6de78a2-6de78a6 1467->1478 1479 6de78b0-6de78b4 1467->1479 1468->1467 1478->1479 1480 6de78a8 1478->1480 1481 6de78b6-6de78ba 1479->1481 1482 6de78c4-6de78c8 1479->1482 1480->1479 1481->1482 1483 6de78bc 1481->1483 1484 6de78ca-6de78ce 1482->1484 1485 6de78d8-6de78dc 1482->1485 1483->1482 1484->1485 1486 6de78d0 1484->1486 1487 6de78ee-6de78f5 1485->1487 1488 6de78de-6de78e4 1485->1488 1486->1485 1489 6de790c 1487->1489 1490 6de78f7-6de7906 1487->1490 1488->1487 1492 6de790d 1489->1492 1490->1489 1492->1492
                                                                                                          APIs
                                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06DE77FE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 963392458-0
                                                                                                          • Opcode ID: 9c343b95644e1e2d4c66449445dcc1cd914db5e5d32e14882513dd237c582dd9
                                                                                                          • Instruction ID: 43f3db324b06475f39918177ece45f6c0eb8f74a0856b5ca137c87be3ae30125
                                                                                                          • Opcode Fuzzy Hash: 9c343b95644e1e2d4c66449445dcc1cd914db5e5d32e14882513dd237c582dd9
                                                                                                          • Instruction Fuzzy Hash: E2915D71D00219DFDBA0EF69C881BDDBBB2FF48314F148569D819A7280DB749985CF91
                                                                                                          Function 0099B150 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1493 99b150-99b15f 1494 99b18b-99b18f 1493->1494 1495 99b161-99b16e call 999b54 1493->1495 1497 99b191-99b19b 1494->1497 1498 99b1a3-99b1e4 1494->1498 1501 99b170 1495->1501 1502 99b184 1495->1502 1497->1498 1504 99b1f1-99b1ff 1498->1504 1505 99b1e6-99b1ee 1498->1505 1548 99b176 call 99b3d8 1501->1548 1549 99b176 call 99b3e8 1501->1549 1502->1494 1506 99b201-99b206 1504->1506 1507 99b223-99b225 1504->1507 1505->1504 1510 99b208-99b20f call 99ab34 1506->1510 1511 99b211 1506->1511 1509 99b228-99b22f 1507->1509 1508 99b17c-99b17e 1508->1502 1512 99b2c0-99b380 1508->1512 1515 99b23c-99b243 1509->1515 1516 99b231-99b239 1509->1516 1513 99b213-99b221 1510->1513 1511->1513 1543 99b388-99b3b3 GetModuleHandleW 1512->1543 1544 99b382-99b385 1512->1544 1513->1509 1519 99b250-99b259 call 99ab44 1515->1519 1520 99b245-99b24d 1515->1520 1516->1515 1524 99b25b-99b263 1519->1524 1525 99b266-99b26b 1519->1525 1520->1519 1524->1525 1526 99b289-99b296 1525->1526 1527 99b26d-99b274 1525->1527 1534 99b2b9-99b2bf 1526->1534 1535 99b298-99b2b6 1526->1535 1527->1526 1529 99b276-99b286 call 99ab54 call 99ab64 1527->1529 1529->1526 1535->1534 1545 99b3bc-99b3d0 1543->1545 1546 99b3b5-99b3bb 1543->1546 1544->1543 1546->1545 1548->1508 1549->1508
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0099B3A6
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1687437594.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_990000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: HandleModule
                                                                                                          • String ID:
                                                                                                          • API String ID: 4139908857-0
                                                                                                          • Opcode ID: 5e051fe19203ce45708299fd18dae221e3a360bd5970ec7f824ee44c539d272c
                                                                                                          • Instruction ID: 392592258b2b4f1242c88a00168c7e213537ee6d21ee80eb002e2da79bfd67af
                                                                                                          • Opcode Fuzzy Hash: 5e051fe19203ce45708299fd18dae221e3a360bd5970ec7f824ee44c539d272c
                                                                                                          • Instruction Fuzzy Hash: 4B7166B0A00B048FDB24DF29E54575ABBF6FF88300F00892DE45AD7A40DB78E945CB91
                                                                                                          Function 07208BB0 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (odq
                                                                                                          • API String ID: 0-567950297
                                                                                                          • Opcode ID: 90ab8b0c925508e530083caa4e8d06da29edcbb60b0fdfa9991a1a60591d8f62
                                                                                                          • Instruction ID: 621b3a0f48406f8e850db3b1cbcd018b8073af58e864fd60fd3b2f8f51f7ae13
                                                                                                          • Opcode Fuzzy Hash: 90ab8b0c925508e530083caa4e8d06da29edcbb60b0fdfa9991a1a60591d8f62
                                                                                                          • Instruction Fuzzy Hash: 3B022DB0A2410ADFCB14CF68C988A6ABBF6FF49300F159555E4469B297C734FD81CBA1
                                                                                                          Function 00995E9D Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateActCtxA.KERNEL32(?), ref: 00995F59
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1687437594.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_990000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Create
                                                                                                          • String ID:
                                                                                                          • API String ID: 2289755597-0
                                                                                                          • Opcode ID: ac5d2705f5bd59eda6f974d8c927a10ca2ed548ceb373bfed451d32afbd0305d
                                                                                                          • Instruction ID: 58f54f4d2fb5ca9f9c78eef6b4106563e2e106d4c0a90e7341edd04754f1ec41
                                                                                                          • Opcode Fuzzy Hash: ac5d2705f5bd59eda6f974d8c927a10ca2ed548ceb373bfed451d32afbd0305d
                                                                                                          • Instruction Fuzzy Hash: D241DFB0C00719CEDB24DFA9C844BDEBBF5BF88314F20856AD409AB255DB756A49CF90
                                                                                                          Function 00994618 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateActCtxA.KERNEL32(?), ref: 00995F59
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1687437594.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_990000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Create
                                                                                                          • String ID:
                                                                                                          • API String ID: 2289755597-0
                                                                                                          • Opcode ID: bd751e09b378a9d8109dd17ed5544df19e408142db2a1b9a26ebd67c1370c8b8
                                                                                                          • Instruction ID: 7760bf270cf96fa7cacc99a29fc29c34f6d9fa6f0e3851bba8b1163f4add138a
                                                                                                          • Opcode Fuzzy Hash: bd751e09b378a9d8109dd17ed5544df19e408142db2a1b9a26ebd67c1370c8b8
                                                                                                          • Instruction Fuzzy Hash: 4F4101B0C0071DCBDB24DFA9C844B9EBBF5BF88314F20806AD509AB251DBB56945CF90
                                                                                                          Function 06DE58F8 Relevance: 1.6, APIs: 1, Instructions: 72windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 06DE99A5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessagePost
                                                                                                          • String ID:
                                                                                                          • API String ID: 410705778-0
                                                                                                          • Opcode ID: 81555153f3c7f0a835206b5c0a5b349251cd79b6139eb62357acc0ed9b4f88dd
                                                                                                          • Instruction ID: 580446bfe3f2a2c6f0a77c2a36b497529f54621f721045a80d539589c64b8620
                                                                                                          • Opcode Fuzzy Hash: 81555153f3c7f0a835206b5c0a5b349251cd79b6139eb62357acc0ed9b4f88dd
                                                                                                          • Instruction Fuzzy Hash: BA21B0B08053988FDB11EF99C854ADFBFF4EF49310F00444AE548AB251D2786948CBE6
                                                                                                          Function 06DE733F Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06DE73D0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MemoryProcessWrite
                                                                                                          • String ID:
                                                                                                          • API String ID: 3559483778-0
                                                                                                          • Opcode ID: 019bab5abf53271d5cb5d1c0723be3b2cc035a6b4d0d271e05d2142e5cc148ee
                                                                                                          • Instruction ID: ff2147495e35d9e82f5785780e9352c6c9ba8ecb2740700cf34b17443e3b9830
                                                                                                          • Opcode Fuzzy Hash: 019bab5abf53271d5cb5d1c0723be3b2cc035a6b4d0d271e05d2142e5cc148ee
                                                                                                          • Instruction Fuzzy Hash: 2B2139B1D003099FDB50DFA9C885BDEBBF5FF48310F10842AE919A7240C7789954CBA5
                                                                                                          Function 06DE7340 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06DE73D0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MemoryProcessWrite
                                                                                                          • String ID:
                                                                                                          • API String ID: 3559483778-0
                                                                                                          • Opcode ID: 31b67420a83c44f79f89aea9a9792f9401434c8a38084ef6a58d23ad0ceddf49
                                                                                                          • Instruction ID: 4b7774c7734dc06813d1ae65860e64997f344239c0fa7900fbf94fc07dc9b428
                                                                                                          • Opcode Fuzzy Hash: 31b67420a83c44f79f89aea9a9792f9401434c8a38084ef6a58d23ad0ceddf49
                                                                                                          • Instruction Fuzzy Hash: 102139B1D003099FDB50DFA9C885BDEBBF5FF48310F10842AE919A7240C7789954CBA4
                                                                                                          Function 06DE6CB8 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ResumeThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 947044025-0
                                                                                                          • Opcode ID: 4d674e562e859c7d26ae112e605ff4bc50a129be07718635fffd7b0918bc4fef
                                                                                                          • Instruction ID: 334915913f03022a257df594af659da30a95a53fc9b61679bb3ba8789e452cfd
                                                                                                          • Opcode Fuzzy Hash: 4d674e562e859c7d26ae112e605ff4bc50a129be07718635fffd7b0918bc4fef
                                                                                                          • Instruction Fuzzy Hash: 352159B1D002489BDB20EFAAC4457DEFBF5EF88320F248459D419A7340CB74A944CFA5
                                                                                                          Function 06DE742B Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06DE74B0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MemoryProcessRead
                                                                                                          • String ID:
                                                                                                          • API String ID: 1726664587-0
                                                                                                          • Opcode ID: cdce1c24ed21895cbd4c22330d5f24c71cae16d02509230d73d33661020ce7f7
                                                                                                          • Instruction ID: 62a3399c408da87550a3e3201ea66a8c18827871d9533e32c76b2dcacb0d4d1f
                                                                                                          • Opcode Fuzzy Hash: cdce1c24ed21895cbd4c22330d5f24c71cae16d02509230d73d33661020ce7f7
                                                                                                          • Instruction Fuzzy Hash: A92159B1C003099FDB10DFAAC885ADEFBF5FF88310F10842AE519A3240C7789944DBA5
                                                                                                          Function 06DE6D69 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06DE6DEE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ContextThreadWow64
                                                                                                          • String ID:
                                                                                                          • API String ID: 983334009-0
                                                                                                          • Opcode ID: ca17be6851824cca8b64c163a2ce175bb3bf9965bc9822c8907015e5b4ed5b09
                                                                                                          • Instruction ID: 41310a97e8fd100be6aca49b02c6dec5e5a8eb99dfde4600a8a71de0ac9f1abf
                                                                                                          • Opcode Fuzzy Hash: ca17be6851824cca8b64c163a2ce175bb3bf9965bc9822c8907015e5b4ed5b09
                                                                                                          • Instruction Fuzzy Hash: 842159B19003088FDB10DFAAC4857EEBBF4EF88324F148429D419A7281CB78A944CFA5
                                                                                                          Function 0099CCC0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0099D5E6,?,?,?,?,?), ref: 0099D6A7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1687437594.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_990000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DuplicateHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 3793708945-0
                                                                                                          • Opcode ID: 523dfb55ede8fee14cdb874e3b8257c03190265057c2a9b3ddabe631571f14d4
                                                                                                          • Instruction ID: c20e71b3b5aea6082a8186a3cca8a0596b2119ad976b1161f028d4499798d2ef
                                                                                                          • Opcode Fuzzy Hash: 523dfb55ede8fee14cdb874e3b8257c03190265057c2a9b3ddabe631571f14d4
                                                                                                          • Instruction Fuzzy Hash: E921E6B59013089FDB10CF9AD984ADEBFF4EB48310F14841AE958B7350D378A954CFA5
                                                                                                          Function 0099D618 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0099D5E6,?,?,?,?,?), ref: 0099D6A7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1687437594.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_990000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DuplicateHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 3793708945-0
                                                                                                          • Opcode ID: 6efca6e3babc4956429a7abafc2d6b8d7cd290d6aa2f728ca48bf4880abd19a2
                                                                                                          • Instruction ID: 48f84623bf47eb51728a318734c7f948ff3879622c1a4e82bc5b2755a8a67941
                                                                                                          • Opcode Fuzzy Hash: 6efca6e3babc4956429a7abafc2d6b8d7cd290d6aa2f728ca48bf4880abd19a2
                                                                                                          • Instruction Fuzzy Hash: DE21E4B59112089FDB10CF9AD984ADEBFF5FB48320F14841AE918A7350C379AA45CFA5
                                                                                                          Function 06DE7430 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06DE74B0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MemoryProcessRead
                                                                                                          • String ID:
                                                                                                          • API String ID: 1726664587-0
                                                                                                          • Opcode ID: 5782039301e99f183a83e76ca52b87b741c21e990403fc294044864187dd44c2
                                                                                                          • Instruction ID: dcde2bf242b55753f69410cf8fe38e6e9ef33c9a62e6ae72126b6d87bc9b6eab
                                                                                                          • Opcode Fuzzy Hash: 5782039301e99f183a83e76ca52b87b741c21e990403fc294044864187dd44c2
                                                                                                          • Instruction Fuzzy Hash: 92213AB1C003499FDB10DFAAC885ADEFBF5FF48310F50842AE519A7240C7789944DBA5
                                                                                                          Function 06DE6D70 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06DE6DEE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ContextThreadWow64
                                                                                                          • String ID:
                                                                                                          • API String ID: 983334009-0
                                                                                                          • Opcode ID: d9b7d08fe1b18550e454f3aadaeab465dedca53d91835854890d321d4d96cfca
                                                                                                          • Instruction ID: 2c4543c92d206ab9f7f02e6ee80b9a393966267d2dcd0b4e44805307c1e1badc
                                                                                                          • Opcode Fuzzy Hash: d9b7d08fe1b18550e454f3aadaeab465dedca53d91835854890d321d4d96cfca
                                                                                                          • Instruction Fuzzy Hash: FF214CB1D003098FDB50DFAAC4857EEBBF4EF88324F548429D419A7241CB789945CFA5
                                                                                                          Function 06DE7278 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06DE72EE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 4275171209-0
                                                                                                          • Opcode ID: fc09605efe120a8f1e2dea576eb64014d7b75576e587bf2674716614479a4560
                                                                                                          • Instruction ID: 57d85f1bed4d5b24ba1d11dfafe4a52c428fef1eff5f47680e53639e96e907d1
                                                                                                          • Opcode Fuzzy Hash: fc09605efe120a8f1e2dea576eb64014d7b75576e587bf2674716614479a4560
                                                                                                          • Instruction Fuzzy Hash: 491159759002489FCB20DFAAC845ADFBFF5EF88320F108419E529A7250CB75A940CFA1
                                                                                                          Function 0720CFF7 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @
                                                                                                          • API String ID: 0-2766056989
                                                                                                          • Opcode ID: 32c649bca0197c76e0a7a61d9dbe13a37f460dadf6c952b063a3d7af1e768b38
                                                                                                          • Instruction ID: adf03f022f7f407376368f9a4ef713f0c713bf25d2295f130936437644cf7a1f
                                                                                                          • Opcode Fuzzy Hash: 32c649bca0197c76e0a7a61d9dbe13a37f460dadf6c952b063a3d7af1e768b38
                                                                                                          • Instruction Fuzzy Hash: 25E1A2B4E112198FDB50DFA8C990A9DBBF1FB49314F1491AAD818EB346D731A981CF60
                                                                                                          Function 06DE7280 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06DE72EE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 4275171209-0
                                                                                                          • Opcode ID: b0473c63faa519f501efe05de8caa9f3ef1f7d8a66b073eff6984f1f8c5f66e4
                                                                                                          • Instruction ID: 3623211337e415ee2439990709f0d313a5c587a8562fb875d48b70a9b19b4e08
                                                                                                          • Opcode Fuzzy Hash: b0473c63faa519f501efe05de8caa9f3ef1f7d8a66b073eff6984f1f8c5f66e4
                                                                                                          • Instruction Fuzzy Hash: AA1137B19002499FDB10DFAAC845ADFBFF5EF88320F148419E519A7250CB75A944CFA1
                                                                                                          Function 06DE6CC0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ResumeThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 947044025-0
                                                                                                          • Opcode ID: 60e7577642b9e6ff8f297afae77b041fb74defab45771fd283207f46d6f87f5b
                                                                                                          • Instruction ID: e89b0eb22b5dcd9248bfaa5230f982484d49b48ea6f9248b0adaaf84b41b9669
                                                                                                          • Opcode Fuzzy Hash: 60e7577642b9e6ff8f297afae77b041fb74defab45771fd283207f46d6f87f5b
                                                                                                          • Instruction Fuzzy Hash: 951136B1D003488FDB20DFAAC8457DEFBF5EF88324F248819D519A7240CB79A944CBA5
                                                                                                          Function 06DE9940 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 06DE99A5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessagePost
                                                                                                          • String ID:
                                                                                                          • API String ID: 410705778-0
                                                                                                          • Opcode ID: 86f96be92b0c5fe733e636b85a5bb204730564165703a319969c1d082e0e233c
                                                                                                          • Instruction ID: bb8f61f26ea4d82ca80ab2dbb0242dc9fe6efa0a8ac4599047f43fa540429437
                                                                                                          • Opcode Fuzzy Hash: 86f96be92b0c5fe733e636b85a5bb204730564165703a319969c1d082e0e233c
                                                                                                          • Instruction Fuzzy Hash: 4411F5B58003489FDB10DF9AD889BDEBBF8EB88310F108419E558A7640D3B5A544CFA5
                                                                                                          Function 0099B340 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0099B3A6
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1687437594.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_990000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: HandleModule
                                                                                                          • String ID:
                                                                                                          • API String ID: 4139908857-0
                                                                                                          • Opcode ID: 1e71c886b7f6f9b99be07f3ae755cc32e37129c818019ca9d3e62dda86bc125f
                                                                                                          • Instruction ID: 3df92556fb755d1499b984bd915e9c11f05b4029c22575cce8139a2e82a86088
                                                                                                          • Opcode Fuzzy Hash: 1e71c886b7f6f9b99be07f3ae755cc32e37129c818019ca9d3e62dda86bc125f
                                                                                                          • Instruction Fuzzy Hash: 8E1113B5C003498FDB10DF9AD544ADEFBF4EB88310F10841AD419B7200C379A545CFA1
                                                                                                          Function 06DE58E8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 06DE99A5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessagePost
                                                                                                          • String ID:
                                                                                                          • API String ID: 410705778-0
                                                                                                          • Opcode ID: 5e904b56cf503610516e9da4f9038b8501bac1d73e44c36a640211255c5a92fd
                                                                                                          • Instruction ID: bd34c46883ff9b5dba98865be1b02a67f678f5626d37c84373edc245fd7f8863
                                                                                                          • Opcode Fuzzy Hash: 5e904b56cf503610516e9da4f9038b8501bac1d73e44c36a640211255c5a92fd
                                                                                                          • Instruction Fuzzy Hash: C21106B58003489FDB10DF9AC889BDEBBF8EB48324F108419E558B7240D379A944CFA1
                                                                                                          Function 0720BDB6 Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: LRdq
                                                                                                          • API String ID: 0-3106745678
                                                                                                          • Opcode ID: 99d9d8809ff9b695bd290c694d2059cf3cc98de1eecece02043c2b77335d1c5d
                                                                                                          • Instruction ID: f2057d94d57c0892830253a23b11602ba2d8e47d177086cbabadd6fc5a488479
                                                                                                          • Opcode Fuzzy Hash: 99d9d8809ff9b695bd290c694d2059cf3cc98de1eecece02043c2b77335d1c5d
                                                                                                          • Instruction Fuzzy Hash: 2091F7B4E102199FDB54DFA9C8906ADFBF2EF49314F20942AE819E7386D7319942CF50
                                                                                                          Function 0720CA6C Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Tedq
                                                                                                          • API String ID: 0-228892971
                                                                                                          • Opcode ID: 4d85464365cea7406507a3cb44ff20fd9d042c698b601347e57e9baaec309461
                                                                                                          • Instruction ID: 82f0a5ca11c78a5d929b5bc2c19e0de6ac6ce4f16600d23e4aae9f56a18a0c4a
                                                                                                          • Opcode Fuzzy Hash: 4d85464365cea7406507a3cb44ff20fd9d042c698b601347e57e9baaec309461
                                                                                                          • Instruction Fuzzy Hash: A341A471B102168FCB14DBB9D8489AFBBF6FFC93207148929E41AD7391DB309D058BA1
                                                                                                          Function 0720C440 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 8hq
                                                                                                          • API String ID: 0-4057917415
                                                                                                          • Opcode ID: 0bfa96d096790185c99768969c67275d130e3b32e34bd52943f4a3f5f946d1ce
                                                                                                          • Instruction ID: 7b72ab77296a34519798014bf565e319f402470f3f66c822be36407f5e94c72f
                                                                                                          • Opcode Fuzzy Hash: 0bfa96d096790185c99768969c67275d130e3b32e34bd52943f4a3f5f946d1ce
                                                                                                          • Instruction Fuzzy Hash: 1D41FBB8E10109DBDB44DFA8D4545EDBBF2EB89304F108129E819B7351D7319D42CFA0
                                                                                                          Function 0720C430 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 8hq
                                                                                                          • API String ID: 0-4057917415
                                                                                                          • Opcode ID: 87651b5fffabb503de2e7a08bd5b5d8abd4e2d46cb9d5035018f15de3109a132
                                                                                                          • Instruction ID: f445203b01172e7eb837ab36149ca16765607b90e5df889c6b5d1a099ecf476a
                                                                                                          • Opcode Fuzzy Hash: 87651b5fffabb503de2e7a08bd5b5d8abd4e2d46cb9d5035018f15de3109a132
                                                                                                          • Instruction Fuzzy Hash: D74109B4E101099FDB44DFA8D9509EEBBF2EB89304F10816AE819B7395D7319D46CFA0
                                                                                                          Function 0720D620 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Tedq
                                                                                                          • API String ID: 0-228892971
                                                                                                          • Opcode ID: 00d8f091237fd58931234a9a589a17c647a6ca69738233e2591704e43ceabde4
                                                                                                          • Instruction ID: 92aedc365716f19af39a8ff9e554f9e60c1cf11a7580e8337b800d725b2b8106
                                                                                                          • Opcode Fuzzy Hash: 00d8f091237fd58931234a9a589a17c647a6ca69738233e2591704e43ceabde4
                                                                                                          • Instruction Fuzzy Hash: 341112B5F1061A8BCB54EBB9A5106EE76F6AB88310F504069C505EB295EF319D01C7E1
                                                                                                          Function 0720B360 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 6
                                                                                                          • API String ID: 0-498629140
                                                                                                          • Opcode ID: 5aa4a357ebd3d0c626fbf6c00c73c5342f543f8d61db1140960a6e1edad21bf7
                                                                                                          • Instruction ID: ef295eb1806a8b5d3a61dea37511b7faf4214bb468109860c3fee9cec85e16f5
                                                                                                          • Opcode Fuzzy Hash: 5aa4a357ebd3d0c626fbf6c00c73c5342f543f8d61db1140960a6e1edad21bf7
                                                                                                          • Instruction Fuzzy Hash: 2AE0C2F0811309EBCB30DFB4D9086ADBBB8E705301F6041A9C80993A82E7755E48CBE2
                                                                                                          Function 0720C050 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 7
                                                                                                          • API String ID: 0-1790921346
                                                                                                          • Opcode ID: 57e69b61bad575ad624550c35e626d594f7d6c3b365118bf3f0c831a71fe1d7d
                                                                                                          • Instruction ID: 80a7958b6e6a92c7a31f4d9dc95caac2a8bdff900cca04e9aa9ea7cc632f7594
                                                                                                          • Opcode Fuzzy Hash: 57e69b61bad575ad624550c35e626d594f7d6c3b365118bf3f0c831a71fe1d7d
                                                                                                          • Instruction Fuzzy Hash: 44E0C2F0C25209DBCB18EFB4C4046ECB7F9EB02204F0043A5C809532C1D6700E88C6F1
                                                                                                          Function 0720A4E0 Relevance: .4, Instructions: 401COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 50b784badbe3e97342ed58a6556c73e245d210c1fb4d186f1b78102e75dabd19
                                                                                                          • Instruction ID: df90fc8c401745a557012e1c357480cc57c4a6d89fac7e9c2a0bdd162e40c212
                                                                                                          • Opcode Fuzzy Hash: 50b784badbe3e97342ed58a6556c73e245d210c1fb4d186f1b78102e75dabd19
                                                                                                          • Instruction Fuzzy Hash: EEF10EB5E102158FCB14DF58C4889ADBBF6BF88310F5AC159E515AB3A2DB35EC41CBA0
                                                                                                          Function 07208880 Relevance: .2, Instructions: 238COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cf75ca03d8bc94b7c132befb4ecf68e0237bed80f6bb550376ec61f2c139a5db
                                                                                                          • Instruction ID: a36dc67e05a691e1e5c81000bc64ab7845506ec729540547acb60b94f7f82bf8
                                                                                                          • Opcode Fuzzy Hash: cf75ca03d8bc94b7c132befb4ecf68e0237bed80f6bb550376ec61f2c139a5db
                                                                                                          • Instruction Fuzzy Hash: 43A193B1A1024ADFCF15CFA8C844ADEBFB2FF89310F044156E405AB3A6D774A955CBA1
                                                                                                          Function 072067F8 Relevance: .2, Instructions: 201COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2063cff8659abd1d9fe740c64613697b4558ba32baf6e5c1b90907bc600512f0
                                                                                                          • Instruction ID: 4dd827a1310fdd899191622c142adf58cf64b26e9d38508ebdda9bbf85132542
                                                                                                          • Opcode Fuzzy Hash: 2063cff8659abd1d9fe740c64613697b4558ba32baf6e5c1b90907bc600512f0
                                                                                                          • Instruction Fuzzy Hash: C67119B472020ACFCB14DF28C498A697BF6AF49350F1501A5E805CB7B2DB74DD51CBA1
                                                                                                          Function 0720E947 Relevance: .2, Instructions: 193COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d55a2afb5c3c78d54663b46c83576cae42f205f0336041e923a813755ace623e
                                                                                                          • Instruction ID: 65d50234fbea27b8901713008e41d98a28afbe1f1f68b67a18cb29b0a7e61469
                                                                                                          • Opcode Fuzzy Hash: d55a2afb5c3c78d54663b46c83576cae42f205f0336041e923a813755ace623e
                                                                                                          • Instruction Fuzzy Hash: 518195B5E1421A8FDB50DFA8C880AADBBF1FF49314F118465D819EB352D731A986CF50
                                                                                                          Function 0720AD48 Relevance: .2, Instructions: 162COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3fa7b770400c9bf1c1877eae982776d82ac12f71b846f449391cab857a5f6be9
                                                                                                          • Instruction ID: 8945afb6a2610315971ebdd9d0cf3eda40ef1a9272bbac3111e8de8223d83984
                                                                                                          • Opcode Fuzzy Hash: 3fa7b770400c9bf1c1877eae982776d82ac12f71b846f449391cab857a5f6be9
                                                                                                          • Instruction Fuzzy Hash: 3B615FB4D00219CFCB44EFA8E9989EEBBB2FF49301F108569E805A7365CB355D05CBA0
                                                                                                          Function 0720AD50 Relevance: .2, Instructions: 162COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 61c6f126430143b64b79be64866ad3e842844b9c78f95958bb2d998099855a2a
                                                                                                          • Instruction ID: 729b315e2ad8170401d46d8e9d39a144b33d65ef8fbcde569d614577372d94ba
                                                                                                          • Opcode Fuzzy Hash: 61c6f126430143b64b79be64866ad3e842844b9c78f95958bb2d998099855a2a
                                                                                                          • Instruction Fuzzy Hash: 3C614FB4D01219CFCB44EFA8E9889EEBBB2FF49301F108569E415A7365DB355D05CBA0
                                                                                                          Function 07209C00 Relevance: .2, Instructions: 162COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 46810bacb8c12094dd07bdd61f2a4a0a13f4ca4d556f1d89e9ad7b50718faa4f
                                                                                                          • Instruction ID: d54b722b2431f582ed423abf021f44eefcd970f93c62a0d4909bdebce0fa91c8
                                                                                                          • Opcode Fuzzy Hash: 46810bacb8c12094dd07bdd61f2a4a0a13f4ca4d556f1d89e9ad7b50718faa4f
                                                                                                          • Instruction Fuzzy Hash: 9A6181B0E1074A8FDB11DFA5C5446DDBBF2AF8A300F24421AD846AB297D770B981CF90
                                                                                                          Function 0720AD58 Relevance: .2, Instructions: 159COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 340e60e2018c3d288d2e3064c8618bce8b1744441b3e5480b2e7f305b638878c
                                                                                                          • Instruction ID: c0c8455cf4ad46d826dc4be6df2cf9754dc389b4094445d2c46c91ff5a56f496
                                                                                                          • Opcode Fuzzy Hash: 340e60e2018c3d288d2e3064c8618bce8b1744441b3e5480b2e7f305b638878c
                                                                                                          • Instruction Fuzzy Hash: 45614074D01219DFCB44EFA8E9889EEBBB2FF49300F108569E815A7365CB355D05CBA0
                                                                                                          Function 07209BFB Relevance: .1, Instructions: 135COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 97d226eda3d661774e5452727bf250e6544680a78a530f95ae71ccb4d1578802
                                                                                                          • Instruction ID: 01bbd0eeae19ab4e20ce0b9d44d8cac10ac340ac1f4a13966d874b840cd8d41a
                                                                                                          • Opcode Fuzzy Hash: 97d226eda3d661774e5452727bf250e6544680a78a530f95ae71ccb4d1578802
                                                                                                          • Instruction Fuzzy Hash: D8516FB1E1074A8FDF11DFA5C5446DDBBF2AF8A300F24461AD84AAB296D370B985CF50
                                                                                                          Function 0720AFD8 Relevance: .1, Instructions: 124COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c873a31f9b22c40ded9d429909ba6ef70939c67582d63538b6d905ba4d11443f
                                                                                                          • Instruction ID: 320e82ca668baf6360313c323d10ca06c1d78b0916a90e3bb87339ad3625d601
                                                                                                          • Opcode Fuzzy Hash: c873a31f9b22c40ded9d429909ba6ef70939c67582d63538b6d905ba4d11443f
                                                                                                          • Instruction Fuzzy Hash: 3E41BDB4E2020A9FCB14DFB9D8545AEBBF6FF49341F109426D819E3251EB749901CFA0
                                                                                                          Function 072089D3 Relevance: .1, Instructions: 122COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e398c3e3989cd14d05856b98003c37b6598e078f499aa61477692f6e17ce52b6
                                                                                                          • Instruction ID: f3fe4de13f3f63dc318b9444ab7d6d657a87f06e84755a8a3ffad5aba1721368
                                                                                                          • Opcode Fuzzy Hash: e398c3e3989cd14d05856b98003c37b6598e078f499aa61477692f6e17ce52b6
                                                                                                          • Instruction Fuzzy Hash: D94196B1A1424ADFCF11CFA8C844A9FBFB1FF49350F048155E9559B692D374E921CBA0
                                                                                                          Function 0720AFBD Relevance: .1, Instructions: 112COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ed1931332031eecf81683a961325c0ba30181f9713f3ed153c705ce1e8ba0571
                                                                                                          • Instruction ID: 885e5cb23f82db79113b5ba39f32542eff66bd35a4875b2ef1e6cb6084dba47a
                                                                                                          • Opcode Fuzzy Hash: ed1931332031eecf81683a961325c0ba30181f9713f3ed153c705ce1e8ba0571
                                                                                                          • Instruction Fuzzy Hash: D941E4B4E2020A9FCB15DFB9D8585AEBBF2FF49241F149426D815E7291EB34D901CBA0
                                                                                                          Function 0720EFB8 Relevance: .1, Instructions: 110COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9c8c1d0640243dadec2b3fc7eb260461acb385a89f75a61b99aee5a8cc963f3d
                                                                                                          • Instruction ID: 42c05bb22a9c8cdaaa5ae62787810557892827cbbad54f6a5b0907a1f13aac2b
                                                                                                          • Opcode Fuzzy Hash: 9c8c1d0640243dadec2b3fc7eb260461acb385a89f75a61b99aee5a8cc963f3d
                                                                                                          • Instruction Fuzzy Hash: 4C3108B1F18249DFCB19EF74C9554AE7FF6EF4520071448AAE405C7292FA35DD028BA1
                                                                                                          Function 0720AFD7 Relevance: .1, Instructions: 103COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 689a77306c65ee4bd1d587e8e2359c11bc4381c1a74b2f17f1d10f85fc42060c
                                                                                                          • Instruction ID: 4f6dbd75e69f31a34ddf0913013ecbef1b34275fccc5a9d520e4028fe436edc2
                                                                                                          • Opcode Fuzzy Hash: 689a77306c65ee4bd1d587e8e2359c11bc4381c1a74b2f17f1d10f85fc42060c
                                                                                                          • Instruction Fuzzy Hash: 733195B4E1020B9FDB14DFB9D8585AEBBF2EF49241F109426D815E3290EB34D901CFA0
                                                                                                          Function 072041F0 Relevance: .1, Instructions: 101COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 04adfd55115b3a282cb51f4d30017d45e22d0b38a712a4d52fda8200a0550dd9
                                                                                                          • Instruction ID: 8b5ae0f681c0e1b55751b08c5abe67bc64282bd827e75d6b6000bb270c016467
                                                                                                          • Opcode Fuzzy Hash: 04adfd55115b3a282cb51f4d30017d45e22d0b38a712a4d52fda8200a0550dd9
                                                                                                          • Instruction Fuzzy Hash: 3531A07131415A9FDB01AFB4D854A6E3BA2EB89340F008019FE1997395CB38ED61DBE0
                                                                                                          Function 0720A328 Relevance: .1, Instructions: 97COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bbdffae94bfcecc6caa9f19e576c6352655d8374f0cd8422d90e85d583270f16
                                                                                                          • Instruction ID: 1a624ff3a44ef9b6950e8dac8fbee38d423d439b1f539b7b72aebc45549f3691
                                                                                                          • Opcode Fuzzy Hash: bbdffae94bfcecc6caa9f19e576c6352655d8374f0cd8422d90e85d583270f16
                                                                                                          • Instruction Fuzzy Hash: 3931D3717102149FCB189F69D854AAE7BB6FFCC700F148069E506EB391CE35AC018BA4
                                                                                                          Function 072041C8 Relevance: .1, Instructions: 90COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 62d718fc533fe8148726c2054e3e3b6c2f05002b94b18a04d8499248b1d5b463
                                                                                                          • Instruction ID: 9119b7f2d75a53182daa94790e6f5d6231d445ebc8e6214e0d6af026f8d82e72
                                                                                                          • Opcode Fuzzy Hash: 62d718fc533fe8148726c2054e3e3b6c2f05002b94b18a04d8499248b1d5b463
                                                                                                          • Instruction Fuzzy Hash: 6D21F6712182968FDB01AF78D45465A7FE6EB46314F008069FA098B396C738DD15CBE0
                                                                                                          Function 07206AA0 Relevance: .1, Instructions: 87COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 11bb229b6fd99dbd8fa1f2e2a97abcca22c1a6e2ecaa34b78d7026432985b20e
                                                                                                          • Instruction ID: a604fd5d0c3f8a76b30f9a9bbeba3a8052182ebca32c3bcf64312a48a0c9d494
                                                                                                          • Opcode Fuzzy Hash: 11bb229b6fd99dbd8fa1f2e2a97abcca22c1a6e2ecaa34b78d7026432985b20e
                                                                                                          • Instruction Fuzzy Hash: 2421CCF13242135BEB241A29845473A2ADAEFC4748F148039E80ADB3D6EE69CC5293E5
                                                                                                          Function 0720A4D0 Relevance: .1, Instructions: 86COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 86a96eb027cf8c3d80bf42b0e2273362e46df2d6e85a7df2fd5e9cc885fa2fd0
                                                                                                          • Instruction ID: 5c7350dda88c26cedca6bb4b852f83e3c6341fc7fdc1456c40633f7f86b3c98d
                                                                                                          • Opcode Fuzzy Hash: 86a96eb027cf8c3d80bf42b0e2273362e46df2d6e85a7df2fd5e9cc885fa2fd0
                                                                                                          • Instruction Fuzzy Hash: 513132B1E102198FCB14DF68C8849AEBBB6FF85320B55C155E5159B3A2DB34EC41CBE0
                                                                                                          Function 07206A90 Relevance: .1, Instructions: 86COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 03018929b11337d474b2a15de6d0f7081651be453489de2dac0e3a08c3652ace
                                                                                                          • Instruction ID: 27d83ec4e5e4b4de06598ebc21a7030f843812d522c7912ac0737bc6d5fe2b35
                                                                                                          • Opcode Fuzzy Hash: 03018929b11337d474b2a15de6d0f7081651be453489de2dac0e3a08c3652ace
                                                                                                          • Instruction Fuzzy Hash: 3A21C5F23302135BDB145A35845463E6ADAEFC4748B144039E406DB7D6EF29DC5297F1
                                                                                                          Function 0720A4D9 Relevance: .1, Instructions: 83COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0363726847f29843b255de850008333c7e9ff3a7ecdfc3f42d71f564ec1e3372
                                                                                                          • Instruction ID: ce1c507b5eca77c50238d30f5831f0d1ffa4de4deccbd1c19c55640d6aa28bde
                                                                                                          • Opcode Fuzzy Hash: 0363726847f29843b255de850008333c7e9ff3a7ecdfc3f42d71f564ec1e3372
                                                                                                          • Instruction Fuzzy Hash: 293112B1E102198FCB14DF69C88496EBBB6BF84320B59C155E5159B3A1CB34EC41CBE0
                                                                                                          Function 07206A9F Relevance: .1, Instructions: 83COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 32079d0e403e2e92c8c40ef0060c19cb889d8cb76c0b9c0676e42abcb183cb16
                                                                                                          • Instruction ID: ef9d92441ee4c4e1849a396cbf4e21e267ebb95c4567f51e1049570e9e80a836
                                                                                                          • Opcode Fuzzy Hash: 32079d0e403e2e92c8c40ef0060c19cb889d8cb76c0b9c0676e42abcb183cb16
                                                                                                          • Instruction Fuzzy Hash: 2D21A1F13242135BDB241B35845463E6ADAEFC4758B144039E80ADB3D6EE29CC5297E5
                                                                                                          Function 006AD4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1686675287.00000000006AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006AD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6ad000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: fadd64bbcf5f18883845ac434a23794cfbf784012834cd70b34ee0e6de0ff847
                                                                                                          • Instruction ID: 372d75ef42f665385854fe949cf0adbf21262cb5269763851780073ec24be339
                                                                                                          • Opcode Fuzzy Hash: fadd64bbcf5f18883845ac434a23794cfbf784012834cd70b34ee0e6de0ff847
                                                                                                          • Instruction Fuzzy Hash: 992128B1904240DFCB05EF14D9C4B26BFA6FB99318F24C569E80A0B756C336DC16DBA1
                                                                                                          Function 006AD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1686675287.00000000006AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006AD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6ad000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: fd436fd255b0a22283f1da980a9ac100b56cc323396dbbb758361cc2ef500e38
                                                                                                          • Instruction ID: 0d93aed5a2613fec814515cba96a4a1293644cfa0d6d773cdafafd0343429174
                                                                                                          • Opcode Fuzzy Hash: fd436fd255b0a22283f1da980a9ac100b56cc323396dbbb758361cc2ef500e38
                                                                                                          • Instruction Fuzzy Hash: 682124B1500200DFDB01EF04C9C4B1ABFA6FB99324F20C568D80A0B756C336EC16CAA1
                                                                                                          Function 07204E30 Relevance: .1, Instructions: 74COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: edd5404af09ad4fe5586e78297145ec7ea7b30ab24a2ccaa62182fd91fab3bc7
                                                                                                          • Instruction ID: 9b32d9fae83950959548267bc834876e633e03b1c60d94cde4fb3226a3d53e25
                                                                                                          • Opcode Fuzzy Hash: edd5404af09ad4fe5586e78297145ec7ea7b30ab24a2ccaa62182fd91fab3bc7
                                                                                                          • Instruction Fuzzy Hash: FB21D8713109528BC7156E29D45492EB7D2FFCA791B058179EA1ACB395CF34EC0187E0
                                                                                                          Function 0720CEF0 Relevance: .1, Instructions: 74COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4eb9a94b6f99eeeca0411cfa59f9381bc5f557f503c4596ddd94ed91240c8bef
                                                                                                          • Instruction ID: 2747917f5f8c402583259ec1b1b74d70fee52eabf90f8b74d9eb1f42bf2ffdbf
                                                                                                          • Opcode Fuzzy Hash: 4eb9a94b6f99eeeca0411cfa59f9381bc5f557f503c4596ddd94ed91240c8bef
                                                                                                          • Instruction Fuzzy Hash: C8315FB4E1120ADFCB50CFA9C5546EEBBF5AB08200F10956AD818F7340E7349A40DFA1
                                                                                                          Function 006BD01C Relevance: .1, Instructions: 72COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1686728552.00000000006BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006BD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6bd000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2825d0b0d18407aef8b61b3c45fd9e58b58f68095c2822df57ec308a73dd7809
                                                                                                          • Instruction ID: d2ff7cb9501ef419365c0225d5dd458ca803c358545a3975ee2f3e57d87156a2
                                                                                                          • Opcode Fuzzy Hash: 2825d0b0d18407aef8b61b3c45fd9e58b58f68095c2822df57ec308a73dd7809
                                                                                                          • Instruction Fuzzy Hash: 2821D3B5604200DFCB14EF14D984B56BBA6EB94314F24C569D80A4F386D33AD887CB61
                                                                                                          Function 0720D6EF Relevance: .1, Instructions: 70COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f8c4d7ce538c5027df4d4c2a61067daf2aad0e563fa27f0124a3947e253a73d4
                                                                                                          • Instruction ID: e02c7054dfb7db0fcf659f65149df493bcb1198ac3b273e2926f2fdeb708c4fe
                                                                                                          • Opcode Fuzzy Hash: f8c4d7ce538c5027df4d4c2a61067daf2aad0e563fa27f0124a3947e253a73d4
                                                                                                          • Instruction Fuzzy Hash: 6F1106F6B102068F8B10DAB99C445BFB7B6FFC8271725462DD425D3392EB30990687B1
                                                                                                          Function 07204E27 Relevance: .1, Instructions: 68COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d90da97749739f9c75e95220fd77a91b56d56656deab5554a4d19f094941f15a
                                                                                                          • Instruction ID: dd4ef127f2a86b6bd40ea5e644d2cdc1be4c833c5e313b6ff6a2c0103364c6b3
                                                                                                          • Opcode Fuzzy Hash: d90da97749739f9c75e95220fd77a91b56d56656deab5554a4d19f094941f15a
                                                                                                          • Instruction Fuzzy Hash: FB110DB27105538FC7196E29D45452EB796EFC67617058079EB0ACB391CF20EC1287F0
                                                                                                          Function 0720CA55 Relevance: .1, Instructions: 68COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3d55a6368a1164b368f46c0b961fafac9095f5f395da3a2a2db46fbcf9c6e29e
                                                                                                          • Instruction ID: 01235021601bcf0ae894f184e33d3978d288cb2f1921f1ee145e9c40224ce96b
                                                                                                          • Opcode Fuzzy Hash: 3d55a6368a1164b368f46c0b961fafac9095f5f395da3a2a2db46fbcf9c6e29e
                                                                                                          • Instruction Fuzzy Hash: AA1129B5B102069F8714DBB98C545BFBBFAEFC4220714492DD419D7391EF30D90587A1
                                                                                                          Function 07209694 Relevance: .1, Instructions: 67COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 55edc829d071b5247ece8c42b33d373fefd83183884b75966a0263edc66aaf67
                                                                                                          • Instruction ID: dc38cac62e503305f8feac51854eba44a5ab385d921ea2586e0ea7841fcb8a23
                                                                                                          • Opcode Fuzzy Hash: 55edc829d071b5247ece8c42b33d373fefd83183884b75966a0263edc66aaf67
                                                                                                          • Instruction Fuzzy Hash: 5431E0B0D1121C9BDB20DF99C588B8EBBF4AB49314F208469E408BB281C7B55945CBA5
                                                                                                          Function 0720D8AB Relevance: .1, Instructions: 67COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e99c8e312ae978b15560711f92f63b93d26f5d21ed8e74729214892bc06031a1
                                                                                                          • Instruction ID: 5a2e489ac354091d7a6c2d188f32685836d5b722483c2109b21d405406cca9de
                                                                                                          • Opcode Fuzzy Hash: e99c8e312ae978b15560711f92f63b93d26f5d21ed8e74729214892bc06031a1
                                                                                                          • Instruction Fuzzy Hash: C521C0B0D1121CAFDB20DF99C588BCEBFF5AB48314F248419E409BB281C7B55945CFA1
                                                                                                          Function 0720CEE0 Relevance: .1, Instructions: 65COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7730d467a7fc87b659b7fa1ac2b0fbae43e0a704573c115e8eb18b3eab13ca0b
                                                                                                          • Instruction ID: 325b6123360c30946cd9f610b0fa7b54dd76ce8f0682da30ca404fbe83f5c5f7
                                                                                                          • Opcode Fuzzy Hash: 7730d467a7fc87b659b7fa1ac2b0fbae43e0a704573c115e8eb18b3eab13ca0b
                                                                                                          • Instruction Fuzzy Hash: 5B2190F4E1120A8FCB40DFA9D5986EEBBF1EB08200F10856AD814E7350E7349A44CFA1
                                                                                                          Function 07204E20 Relevance: .1, Instructions: 63COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0a75288a1304c01f417d77d0ab32debaf2e3eb2538f53738d5bfc4af37c9b15d
                                                                                                          • Instruction ID: a39e0d64b8208c3b8be4bafaf0252a187fb533f865552da184450317fd670a03
                                                                                                          • Opcode Fuzzy Hash: 0a75288a1304c01f417d77d0ab32debaf2e3eb2538f53738d5bfc4af37c9b15d
                                                                                                          • Instruction Fuzzy Hash: 941129713145938FC7186E29D45452AB7A2FFC67A1B048079EA0ACB392CF20EC0287E0
                                                                                                          Function 006BD006 Relevance: .1, Instructions: 61COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1686728552.00000000006BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006BD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6bd000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a39b89dec1d389e1376d60eb7a3e95d09c38a2fe599310ce2eb8d0310beea948
                                                                                                          • Instruction ID: 7f9fa12f8ab55cb07daac4b38028efc0d49becb91953a22b4eced53ee313c840
                                                                                                          • Opcode Fuzzy Hash: a39b89dec1d389e1376d60eb7a3e95d09c38a2fe599310ce2eb8d0310beea948
                                                                                                          • Instruction Fuzzy Hash: 66219F755093808FDB02DF24D994B55BF72EB46314F28C5DAD8498F2A7C33A984ACB62
                                                                                                          Function 0720EBD3 Relevance: .1, Instructions: 61COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 54a5f05a7ae529d754771c3ea1057d3294bf27453d272dd4be3ac68a7aea65fb
                                                                                                          • Instruction ID: d90ffbd0b4e0156730ffb31551d6756fc06cbc0e00c5548806cafd91564f3f11
                                                                                                          • Opcode Fuzzy Hash: 54a5f05a7ae529d754771c3ea1057d3294bf27453d272dd4be3ac68a7aea65fb
                                                                                                          • Instruction Fuzzy Hash: B42147B58103499FCB20CF9AD944ADEBFF4FB48320F10841AE918A7251D775A944CFA1
                                                                                                          Function 0720A323 Relevance: .1, Instructions: 60COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ab3251cff786f47623efbd50488969e1b584148e1de4121e593762095600968d
                                                                                                          • Instruction ID: f4b77f01746eeefa698f132bfa840e56115ad5691e57007ce5e9f3f7d2853334
                                                                                                          • Opcode Fuzzy Hash: ab3251cff786f47623efbd50488969e1b584148e1de4121e593762095600968d
                                                                                                          • Instruction Fuzzy Hash: 7B114275B102059FCB14CF65D984BDDBBB5FB8C711F148026E916A7391DB71AC11CBA0
                                                                                                          Function 07208AB7 Relevance: .1, Instructions: 59COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 35d30f1aad537d18b10be4c564d5daedaa4cc5ea18add986098e24457bf7f07d
                                                                                                          • Instruction ID: d0976415106013a8f4583738c79e7eda51d5a8680d6eef3be756ab902c2f3a49
                                                                                                          • Opcode Fuzzy Hash: 35d30f1aad537d18b10be4c564d5daedaa4cc5ea18add986098e24457bf7f07d
                                                                                                          • Instruction Fuzzy Hash: AA1181F261024A9FDB10CF68C885B5BBFA6EF85314F088555D558AB2D2D371E810C7E5
                                                                                                          Function 07208AB8 Relevance: .1, Instructions: 59COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ffa3390ccd0be56c79a1e69564cb1a0e0d94a5550897ce0bddaa7e186d2b3e14
                                                                                                          • Instruction ID: 41fff8de1e1fef0a65dd4c61a263414bc97c0bfcc6d9ff79cdeb3acc6f9f8f97
                                                                                                          • Opcode Fuzzy Hash: ffa3390ccd0be56c79a1e69564cb1a0e0d94a5550897ce0bddaa7e186d2b3e14
                                                                                                          • Instruction Fuzzy Hash: E91181F261024A9FDB10CF68C845B5BBBA6EF85314F088555D558AB2D2D371E810C7F9
                                                                                                          Function 0720EBE0 Relevance: .1, Instructions: 56COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4a3dd472a1099a1b444d0bf1cd70b83366424c669f24af0e1d1b5a588ce1fbea
                                                                                                          • Instruction ID: a8d85668b74b9ad1fc3eec3a23cacd6eab4f31f02946f8b7bdaffc37930dfa82
                                                                                                          • Opcode Fuzzy Hash: 4a3dd472a1099a1b444d0bf1cd70b83366424c669f24af0e1d1b5a588ce1fbea
                                                                                                          • Instruction Fuzzy Hash: C92103B58103499FDB20DF9AC984ADEBBF4FB48320F108419E919B7241C375A954CFA1
                                                                                                          Function 006AD4BF Relevance: .1, Instructions: 56COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1686675287.00000000006AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006AD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6ad000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                          • Instruction ID: 94640a232618cb7ccbcd64658834c3b42e46e3284e111f473a868264b3b7bb6e
                                                                                                          • Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                          • Instruction Fuzzy Hash: 3F11E176904280CFCB02DF10D5C4B5ABF72FB94324F24C6A9D80A0B656C336D85ACFA1
                                                                                                          Function 006AD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1686675287.00000000006AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006AD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6ad000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                          • Instruction ID: 3d8319d864f81a66633d57e870a5b7b59cef58bb279fdea378251a8c24c93608
                                                                                                          • Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                          • Instruction Fuzzy Hash: 5B11DF76504240DFDB02DF00D5C4B56BFB2FB98324F24C2A9D80A0B656C33AE85ACFA1
                                                                                                          Function 0720F0D7 Relevance: .1, Instructions: 54COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d8aa933d09eac771d53b91e8735c3532868f6639ed66e897f8f5ba9e0bd0aac2
                                                                                                          • Instruction ID: bc566cef21567df3796cc36b29cc704630fae91b3119d399eb48dcd30c352e4c
                                                                                                          • Opcode Fuzzy Hash: d8aa933d09eac771d53b91e8735c3532868f6639ed66e897f8f5ba9e0bd0aac2
                                                                                                          • Instruction Fuzzy Hash: EC11E4B58003499FCB10DF9AD984ADEFFF4FB48320F108419E919A7251C775A554CFA1
                                                                                                          Function 072049D8 Relevance: .0, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 82d042f248d62dd3ecb5a7e0d71ee627db8a3ae20c518de134edcf6f82b635f4
                                                                                                          • Instruction ID: 3bf6cbbe8f1be4b41981e2c9b806d2532a75fb95c39f0bd914c3f79391472d2d
                                                                                                          • Opcode Fuzzy Hash: 82d042f248d62dd3ecb5a7e0d71ee627db8a3ae20c518de134edcf6f82b635f4
                                                                                                          • Instruction Fuzzy Hash: 900126727100556F9B05AE99AC10AAF3BABEBC9350F188029F708D7281CA71EC119BF4
                                                                                                          Function 006AD759 Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1686675287.00000000006AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006AD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6ad000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: eee709266775e1afe985b2c78574cbcd887798a2f8e5a1e96c93582cdf8c39dd
                                                                                                          • Instruction ID: 325df0fa11c2302218e33ba7cf9705d75f61c5da6d9289a55d0fe74234d1603b
                                                                                                          • Opcode Fuzzy Hash: eee709266775e1afe985b2c78574cbcd887798a2f8e5a1e96c93582cdf8c39dd
                                                                                                          • Instruction Fuzzy Hash: 1E01A7710043449AE7146A15DC84B66BFE9DF52325F18C85AED1E0A786C779DC41CA71
                                                                                                          Function 072049CA Relevance: .0, Instructions: 43COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 95331d56c20235dcaaa12a9aa33f76249393dfb20b5832ea9efd4dd45ca7b3a2
                                                                                                          • Instruction ID: b1119b1b88a17dc629a1ac200e2de4b5ae8998ef7a06838c3bc63a1e99cdc95f
                                                                                                          • Opcode Fuzzy Hash: 95331d56c20235dcaaa12a9aa33f76249393dfb20b5832ea9efd4dd45ca7b3a2
                                                                                                          • Instruction Fuzzy Hash: E0F0F4B2A100496FDB01ED899C00AAF3BAAEB8A350F14C025F705D7281C671E9219BE4
                                                                                                          Function 072049D0 Relevance: .0, Instructions: 41COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1b5be065cb13f62d0ecc267605064535d1451797bd7d263707136389a0e9f4a7
                                                                                                          • Instruction ID: e91018c93050661cc023b5fca927d6c18a73c3923297fd3d2d4092db762bea1c
                                                                                                          • Opcode Fuzzy Hash: 1b5be065cb13f62d0ecc267605064535d1451797bd7d263707136389a0e9f4a7
                                                                                                          • Instruction Fuzzy Hash: B2F0F4B2A101956FDB01DE95EC00AAF3BA6EB89350F188029F704DB281C671DE219BE4
                                                                                                          Function 0720887B Relevance: .0, Instructions: 40COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 719c73d670665f826abb790c70696ae2d349ec63606f84a408926bc28b5a5eff
                                                                                                          • Instruction ID: e98716bfd7a63e4af0091c7ca041c6e1fd43198eeea1a17199c3781728940166
                                                                                                          • Opcode Fuzzy Hash: 719c73d670665f826abb790c70696ae2d349ec63606f84a408926bc28b5a5eff
                                                                                                          • Instruction Fuzzy Hash: 7701A575A1025D9F9F04DF98D9448DEBBB6FF88310F00812AE509AB254D7359915CBA0
                                                                                                          Function 0720DC6B Relevance: .0, Instructions: 38COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f5fdd6a405681830077fb53712cac261420d58d5c97d90be533c07d69c52356d
                                                                                                          • Instruction ID: dd0410f563489d0dd9f2aab74af5f36aeb1fe0de9fa9bc655866c35475883a95
                                                                                                          • Opcode Fuzzy Hash: f5fdd6a405681830077fb53712cac261420d58d5c97d90be533c07d69c52356d
                                                                                                          • Instruction Fuzzy Hash: 9701ECB091121ADFDB14DFA9C8087EEBBF5BF44360F118625E425AA1D1D7B44A80CBE5
                                                                                                          Function 0720E838 Relevance: .0, Instructions: 37COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5c374777adfb310b72ff3f8d299dd17bdf1011663ec960d498584d7f3bbe99d7
                                                                                                          • Instruction ID: ad17a60ad92f1b00690dca6321056984fe82d741be034a6d4ad595ff77043f76
                                                                                                          • Opcode Fuzzy Hash: 5c374777adfb310b72ff3f8d299dd17bdf1011663ec960d498584d7f3bbe99d7
                                                                                                          • Instruction Fuzzy Hash: 1A011DB4D1520ADFCB44DFB9D5446AEBBF5FB48300F10946AD818E3351E7748A40CB61
                                                                                                          Function 0720E828 Relevance: .0, Instructions: 36COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 913355d8d017500445bf852e9cd507b465a93df31e15e3ef2d36a2dbed88e347
                                                                                                          • Instruction ID: ac079b19adfddf07bfb9224e61664e34736f5fd22c31c89c5ece969953df22a6
                                                                                                          • Opcode Fuzzy Hash: 913355d8d017500445bf852e9cd507b465a93df31e15e3ef2d36a2dbed88e347
                                                                                                          • Instruction Fuzzy Hash: 75014BB4D1524A9FDB44EFB8C5042AEBFF1EB09300F1484AAC818E3292E7344A44CB61
                                                                                                          Function 006AD758 Relevance: .0, Instructions: 36COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1686675287.00000000006AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006AD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6ad000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8c3b94e029207bf78e5242f6ee28f37b250d93ef935e9e9a698e3696548cb8c0
                                                                                                          • Instruction ID: ae66ee598b7b553bed4125d59f1f1826f00af94a328a267bc03029b0cd69f7c0
                                                                                                          • Opcode Fuzzy Hash: 8c3b94e029207bf78e5242f6ee28f37b250d93ef935e9e9a698e3696548cb8c0
                                                                                                          • Instruction Fuzzy Hash: 9AF0C231004344AEE7249A06CC84B62FFA8EF51735F18C45AED0D0A3C6C379AC40CAB1
                                                                                                          Function 0720D610 Relevance: .0, Instructions: 35COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a5e56aacbbd443e9055a33c7e1b8ebd7f145ddb4755209a9101f1db0db2465fc
                                                                                                          • Instruction ID: 43efe89751b6adc7ee8adf237e574df83b6f3effeb0ee2ee317c0e841bada461
                                                                                                          • Opcode Fuzzy Hash: a5e56aacbbd443e9055a33c7e1b8ebd7f145ddb4755209a9101f1db0db2465fc
                                                                                                          • Instruction Fuzzy Hash: 17F067F6E1120B9ECB60EFA9A8445DEBFF4EB9E314B00806AD108A6551E33085168BE0
                                                                                                          Function 0720B2E8 Relevance: .0, Instructions: 35COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0f0c400bd6dac7234a48eb64df7fe721b627bae09de7b8caa255cfda2c196d79
                                                                                                          • Instruction ID: 0447fb2be9a76e77431d7a72874fdf5d396f2134c912ac90a0bb9bd5fa54f6f9
                                                                                                          • Opcode Fuzzy Hash: 0f0c400bd6dac7234a48eb64df7fe721b627bae09de7b8caa255cfda2c196d79
                                                                                                          • Instruction Fuzzy Hash: B3F04FB4E142099FDB40EFB8C8405AEFBF4EB49304F1094999818E7381E7759A05CF90
                                                                                                          Function 0720DC70 Relevance: .0, Instructions: 34COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 936f1d75dad7b4f7b35eb6cb452497232e8c0d6392aa5721d0a5d9876663432f
                                                                                                          • Instruction ID: 1f48bb9d87f1fd79206cedf4fc098ef555a4d7b6fa1ef7edf93150284c8a3d07
                                                                                                          • Opcode Fuzzy Hash: 936f1d75dad7b4f7b35eb6cb452497232e8c0d6392aa5721d0a5d9876663432f
                                                                                                          • Instruction Fuzzy Hash: CF01FFB091121ADFDB14CF99C8083EEBBF5BF44360F118625E424AA1D1D7B44A40CFE1
                                                                                                          Function 0720DD0F Relevance: .0, Instructions: 33COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4168a01fe2c8e8e99ee994775df9ae0ffd1de7cecd13289957b3a298c474d935
                                                                                                          • Instruction ID: ef1485192aebf0998b4f8de7c24eaf476faffb92a1758a9e834a69fc30135d1d
                                                                                                          • Opcode Fuzzy Hash: 4168a01fe2c8e8e99ee994775df9ae0ffd1de7cecd13289957b3a298c474d935
                                                                                                          • Instruction Fuzzy Hash: 09E03976B001286F93149A6EEC84D6BBBEEEBCD670351807AF508C7350D9319D0186A0
                                                                                                          Function 0720FC38 Relevance: .0, Instructions: 33COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0772700aa6449912973940180de5b116abc228520f7cb88e833444f22b3b7d16
                                                                                                          • Instruction ID: 0e090433890c1ed26dbbd4c2c4b946f7912947036602cd5ba8f7b907f756ea38
                                                                                                          • Opcode Fuzzy Hash: 0772700aa6449912973940180de5b116abc228520f7cb88e833444f22b3b7d16
                                                                                                          • Instruction Fuzzy Hash: D6F0F9B4D1520ADFCB54DFA9CA015AEBBF4FB48300F1095AA9818E3341E7749A01CFA1
                                                                                                          Function 0720C3D8 Relevance: .0, Instructions: 33COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5db51dfecd393d7640f66f59f60d424f4a1a885a0b97628363d5f4e9dd9cdaef
                                                                                                          • Instruction ID: fb2cfbad7e1133892eddb6d8a6897c034e9aaab635a98770bcfc27d722c87209
                                                                                                          • Opcode Fuzzy Hash: 5db51dfecd393d7640f66f59f60d424f4a1a885a0b97628363d5f4e9dd9cdaef
                                                                                                          • Instruction Fuzzy Hash: 00F0E7F4D2520ADFCB44DFA9C9005EEBBF5FB48300F10956A9819E3341E7709A40DBA1
                                                                                                          Function 0720DD10 Relevance: .0, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d6611f3ec85d63d6559d13cffc80423c05eb856b3636188989d6e3e0f94dff26
                                                                                                          • Instruction ID: 915a23b6b4bac0539d8bc0745b4bca4c5032eb3d16a66ae9ffda33b91542a5c9
                                                                                                          • Opcode Fuzzy Hash: d6611f3ec85d63d6559d13cffc80423c05eb856b3636188989d6e3e0f94dff26
                                                                                                          • Instruction Fuzzy Hash: 05E06D72B001286F9304DA6EDC84D6BBBEEFBCD770351807AF508C7350D9319D0186A0
                                                                                                          Function 0720FC28 Relevance: .0, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8c837d87a5e3ec7fc786dc0d73052b62793e04de2371b46f68076b4ce31c2837
                                                                                                          • Instruction ID: bfe0de8a751ff9ecd4b476596d49c4f548c3bff871f4394ba43eeb06406dd0a1
                                                                                                          • Opcode Fuzzy Hash: 8c837d87a5e3ec7fc786dc0d73052b62793e04de2371b46f68076b4ce31c2837
                                                                                                          • Instruction Fuzzy Hash: A2F01DB0D6520ADFDF54DFA9C5452AEBBF1EB48300F10856AC819E3251E7748A01CBA1
                                                                                                          Function 0720BD48 Relevance: .0, Instructions: 31COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 78890ff252c145861ae39ebd3735a19d437704a9d01ce53f8db51c55518fff60
                                                                                                          • Instruction ID: c5c73f59fd11e93043849102627a72870011aca1a71b5db4814663277162542d
                                                                                                          • Opcode Fuzzy Hash: 78890ff252c145861ae39ebd3735a19d437704a9d01ce53f8db51c55518fff60
                                                                                                          • Instruction Fuzzy Hash: 80F0D4F4D25209EFCB54EFB9D9456ADFBF4EB09310F1098AAD818E3342E7745A408B90
                                                                                                          Function 0720C3C8 Relevance: .0, Instructions: 31COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f4f482200e1c4d2d485f65f798ea3d6648251acaa6cf08237729483f6fbc84d0
                                                                                                          • Instruction ID: 409e68a28df2eeaf59f12634e397dcce27be18b818fc88af23af8bbb7e58c188
                                                                                                          • Opcode Fuzzy Hash: f4f482200e1c4d2d485f65f798ea3d6648251acaa6cf08237729483f6fbc84d0
                                                                                                          • Instruction Fuzzy Hash: CAF0F9F4D2110ADBDB44DFA8C6002EEBBF1FB44300F10856AD819A3355D7709A41CBA1
                                                                                                          Function 0720BD38 Relevance: .0, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5358427d6aaed5aaa8cfe78d3c1c6c21f2222849fb8fb02ca765933e3071e0c5
                                                                                                          • Instruction ID: f6619116616d89a72707dde52b4f03554dd2154353b08570e9b0aa2ca4c0e1f1
                                                                                                          • Opcode Fuzzy Hash: 5358427d6aaed5aaa8cfe78d3c1c6c21f2222849fb8fb02ca765933e3071e0c5
                                                                                                          • Instruction Fuzzy Hash: 87F03AF5D15209DFCB54DFB999415ADBBF1EB49310F1185ABC418E3292E7744A08CB50
                                                                                                          Function 0720FC37 Relevance: .0, Instructions: 29COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 531bf3c6433ce19b8863a56750d5a740bece7326c9478a74d2e2503babc13c3c
                                                                                                          • Instruction ID: 7aee6bc1fff2ca606b11389098d1d7c70bd6bd6c659dc4c65276bfd48a738c62
                                                                                                          • Opcode Fuzzy Hash: 531bf3c6433ce19b8863a56750d5a740bece7326c9478a74d2e2503babc13c3c
                                                                                                          • Instruction Fuzzy Hash: 22F0DAB4D1520A9FCB54DFA9D9456AEBBF0FB48300F1085AAD818E3341E7748A01CBA1
                                                                                                          Function 0720C3D7 Relevance: .0, Instructions: 29COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: db2df9f043f5a75f5b1362bbcb318fb4d136efdde4368076f35facdc307bbae7
                                                                                                          • Instruction ID: 66c56b055092abf801b56cd7ad68b68f9b3033706d71834e54894896a593bc52
                                                                                                          • Opcode Fuzzy Hash: db2df9f043f5a75f5b1362bbcb318fb4d136efdde4368076f35facdc307bbae7
                                                                                                          • Instruction Fuzzy Hash: 51F017F4D1120A9FCB44DFA8C9002AEBBF1FB48300F00856A8818E3341E7308A41CBA0
                                                                                                          Function 0720F070 Relevance: .0, Instructions: 29COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8c369eaaf36997879ccc8e594a33de5a57cafe66515b8128308b0514ff75608a
                                                                                                          • Instruction ID: 229037bca53dd5bf98ae7f53b7e728d3ce0b49bd1b363617f5b760c82a81b66f
                                                                                                          • Opcode Fuzzy Hash: 8c369eaaf36997879ccc8e594a33de5a57cafe66515b8128308b0514ff75608a
                                                                                                          • Instruction Fuzzy Hash: 71F06572614109BF9F08EF58D841C9EBFFEEF44250B11816AF509D7365E671E9508BA0
                                                                                                          Function 07207FA7 Relevance: .0, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e6c82e9a11b93a2316fa5c361ee02fed164f5640b3f4c046f08fa07e8a2cd459
                                                                                                          • Instruction ID: 32e63ad1cb4f0e4f8da39fa4939f66e285f2039b5bb3b29fcac6770a3a4b6391
                                                                                                          • Opcode Fuzzy Hash: e6c82e9a11b93a2316fa5c361ee02fed164f5640b3f4c046f08fa07e8a2cd459
                                                                                                          • Instruction Fuzzy Hash: 12F0FE70900118EFCB40EFB8E95559C7FF5EB85205F1045A9E909A7254DA306F458B55
                                                                                                          Function 07207FA8 Relevance: .0, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ee9d5b4184898e1d88304144900cb4c5064bb3da26da99f69bf3fccdaa41af71
                                                                                                          • Instruction ID: ff570f4748d2a41a01892787c0021b07c56f823fd0feb7e51ff6c79608d2407e
                                                                                                          • Opcode Fuzzy Hash: ee9d5b4184898e1d88304144900cb4c5064bb3da26da99f69bf3fccdaa41af71
                                                                                                          • Instruction Fuzzy Hash: 54F08270900218EFCB40FFB8E94558C7FF5EB85305F1005A9E909A7354DB306F448B54
                                                                                                          Function 0720CEA8 Relevance: .0, Instructions: 20COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0d8e29c8bf9469c06f4d7f269693bb72f42f185dce0a280d1b159e24b60a690f
                                                                                                          • Instruction ID: 96729d3e2e1e2b546d0e3fe388625aa399ab78b5f02a6e1ad88fc970286f881a
                                                                                                          • Opcode Fuzzy Hash: 0d8e29c8bf9469c06f4d7f269693bb72f42f185dce0a280d1b159e24b60a690f
                                                                                                          • Instruction Fuzzy Hash: 22E0C2F086610DD7CB10EBB4C4046EDB7F4DB01300F104299C80553281D6700F84A7F1
                                                                                                          Function 07207617 Relevance: .0, Instructions: 18COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ac74072b9c239918bda3c684ed830cc08505031150f4b588d606ab941e319104
                                                                                                          • Instruction ID: 54373095aa217ad4194ee42b18130bc3cace48ebce41add9c6397c2d3812e37e
                                                                                                          • Opcode Fuzzy Hash: ac74072b9c239918bda3c684ed830cc08505031150f4b588d606ab941e319104
                                                                                                          • Instruction Fuzzy Hash: 8DC0807311D0242A9734104D7CC4DE75B4CC3C23F4E110137F52CC738198425C4242F0
                                                                                                          Function 07207618 Relevance: .0, Instructions: 18COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                          • Instruction ID: 3e5203259ba218296820a06d70bf8ab33ace5f068afd05bb5995e3658bd78ace
                                                                                                          • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                          • Instruction Fuzzy Hash: ACC0807311C1282A9734104E7C84DA7774CC3C23F4D110137F51CC338158426C4141F4
                                                                                                          Function 07205268 Relevance: .0, Instructions: 16COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 17b68bff96028ef59e678683a42f56300fef5128608f1d998488af9bf6d4eb17
                                                                                                          • Instruction ID: 435476ba018fa9c46e720c360afde08daf1573aa8de82cca884a42e06ea421ac
                                                                                                          • Opcode Fuzzy Hash: 17b68bff96028ef59e678683a42f56300fef5128608f1d998488af9bf6d4eb17
                                                                                                          • Instruction Fuzzy Hash: 3FD0A7B35182184FCB01FB30F4814953BB7E7A2201B105A15F11E0E61AD9646E428B95
                                                                                                          Function 07205278 Relevance: .0, Instructions: 12COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cac24af7ac693f2e7ac0cc3081d5f5a88d1435a51c65a8ae73f3bc29b74358da
                                                                                                          • Instruction ID: 74a48c9148afc92cda8f9c3a570a479e8bbf4e4bd9e2f87afbed6fa2beb9cf3c
                                                                                                          • Opcode Fuzzy Hash: cac24af7ac693f2e7ac0cc3081d5f5a88d1435a51c65a8ae73f3bc29b74358da
                                                                                                          • Instruction Fuzzy Hash: 08C012721047284ACA41FB75F8455157BFBE790302B408914B11D0E61EDE747D4447A4
                                                                                                          Function 07209684 Relevance: .0, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1b7ff1a5de95c2fc37a53494031af687be110f4931d2fe54e6c4dcc0d3d9bf2c
                                                                                                          • Instruction ID: 65abd8dae0c20180c5fcbecdcba4167d6f5b8dd334549273ff3cd0442ecf7d2b
                                                                                                          • Opcode Fuzzy Hash: 1b7ff1a5de95c2fc37a53494031af687be110f4931d2fe54e6c4dcc0d3d9bf2c
                                                                                                          • Instruction Fuzzy Hash: 15C02BF6130100DE9700FB80C880C357ED0FF55304B40CC42B14846071C620C42C97A3
                                                                                                          Function 0720CD5C Relevance: .0, Instructions: 8COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 91c420eff4c66c5d5c39af43be24f5c31135b588cbcd7bc50bb38fcd2affd954
                                                                                                          • Instruction ID: 8a7b424897b7c26fb01c34c2f87f01089f08b122c61be9a60248c7e139ab631f
                                                                                                          • Opcode Fuzzy Hash: 91c420eff4c66c5d5c39af43be24f5c31135b588cbcd7bc50bb38fcd2affd954
                                                                                                          • Instruction Fuzzy Hash: 96B092E61B8600A272103264495092A6882FBB2701F40CC1272491009184A0A5689267
                                                                                                          Function 0720D5F7 Relevance: .0, Instructions: 7COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4bfa6ad446ceca7878a7b6fc2e7d3bb7bec7882772f6888a1818aa242ea1a3b9
                                                                                                          • Instruction ID: a7537a77923d74cceb467863b8709413640e27f32abe63ed2aceea49a272486a
                                                                                                          • Opcode Fuzzy Hash: 4bfa6ad446ceca7878a7b6fc2e7d3bb7bec7882772f6888a1818aa242ea1a3b9
                                                                                                          • Instruction Fuzzy Hash: 83B012F60100009D9701BF408406CD47B51FB19218310D450D085050714521903797A3
                                                                                                          Function 0720CD50 Relevance: .0, Instructions: 6COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: af8b9a4e3a66f40a408ab2ba75c5a46d46aab61b54bd23a31e017896f0399554
                                                                                                          • Instruction ID: 5278d6d520a2962133849aad9a7c6110ac44c1de082f661f390c5693c2966347
                                                                                                          • Opcode Fuzzy Hash: af8b9a4e3a66f40a408ab2ba75c5a46d46aab61b54bd23a31e017896f0399554
                                                                                                          • Instruction Fuzzy Hash: 0EA0025142A3B11AD503663C98784CA3F55CAD255AF0749DBD0844A05265802449D3EB

                                                                                                          Non-executed Functions

                                                                                                          Function 0720B4D0 Relevance: 5.6, Strings: 4, Instructions: 562COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 4'dq$:$phq$~
                                                                                                          • API String ID: 0-1762271080
                                                                                                          • Opcode ID: 5ceac747daa137c6e04384352a0f09984e0e7248469387d2cb318288714735d8
                                                                                                          • Instruction ID: 1a24011157edcb7053c5c628806eb1584a7b03eac137de50b1d4ff306cd9a7ef
                                                                                                          • Opcode Fuzzy Hash: 5ceac747daa137c6e04384352a0f09984e0e7248469387d2cb318288714735d8
                                                                                                          • Instruction Fuzzy Hash: 2B42E4B5A10218DFDB65CFA8C944F99BBB2FF49300F1580E9E509AB262DB319D91CF50
                                                                                                          Function 06DE6E48 Relevance: .3, Instructions: 312COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 019c1057fe6e8e259568e01eaefd9223b4d57c6b931ec2b1693bbfc69d14dc83
                                                                                                          • Instruction ID: e708af5818c6b6798ee364ea9706259d5b8ebff7eaa244d212c62f1cd2a1dcf1
                                                                                                          • Opcode Fuzzy Hash: 019c1057fe6e8e259568e01eaefd9223b4d57c6b931ec2b1693bbfc69d14dc83
                                                                                                          • Instruction Fuzzy Hash: B6E1F874E002598FCB54DFA9C5909AEFBF2FF89304F248169D415AB356D731A942CFA0
                                                                                                          Function 06DE6448 Relevance: .3, Instructions: 312COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8aa5b521b88a37fa703d382f8fd042444957227755441bb8e1bdc35ae65b6332
                                                                                                          • Instruction ID: c49aa722820addf5e300deaa983f513e4266013ac6611748d9e44b966516ebfe
                                                                                                          • Opcode Fuzzy Hash: 8aa5b521b88a37fa703d382f8fd042444957227755441bb8e1bdc35ae65b6332
                                                                                                          • Instruction Fuzzy Hash: A2E1E874E001598FDB54DFA9C6909AEFBF2FF89304F248169D415AB35AD730A942CFA0
                                                                                                          Function 06DE4DA0 Relevance: .3, Instructions: 312COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d86eee64c16f07f4e1e059b7080c483c216bb94eca04ada00186e65f1e3f59bb
                                                                                                          • Instruction ID: 7ff437c6b52f4fcb169d8795c3b82f4e181344f2953542775c5d3356a37ee7fe
                                                                                                          • Opcode Fuzzy Hash: d86eee64c16f07f4e1e059b7080c483c216bb94eca04ada00186e65f1e3f59bb
                                                                                                          • Instruction Fuzzy Hash: BCE10874E006198FCB54DFA9C5909AEFBF2FF89304F248169E415AB356D731A942CFA0
                                                                                                          Function 06DE4968 Relevance: .3, Instructions: 312COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d4027afb585d95aef881bb022ca7bbb076f3313aedf131afe1633a3e7ce3c235
                                                                                                          • Instruction ID: 6e0cc3d27a36e2fccc2dbfa0316ce8d8ef7f6f71260516d60c6c500f24ffc5e8
                                                                                                          • Opcode Fuzzy Hash: d4027afb585d95aef881bb022ca7bbb076f3313aedf131afe1633a3e7ce3c235
                                                                                                          • Instruction Fuzzy Hash: C4E1F974E001198FDB54DFA9C5909AEFBF2FF89304F248169D815AB35AD731A942CFA0
                                                                                                          Function 0720E287 Relevance: .3, Instructions: 265COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d61cd6c10306c2f6299dfba4a2a5dfd74a724884d0b8c9bc00be9d0b4581056d
                                                                                                          • Instruction ID: ad1fdd245cd876c240fb36520d4c60fec0e94801e07bd3ec516b8c382b3fcf69
                                                                                                          • Opcode Fuzzy Hash: d61cd6c10306c2f6299dfba4a2a5dfd74a724884d0b8c9bc00be9d0b4581056d
                                                                                                          • Instruction Fuzzy Hash: 2CD1EB35D2075ACACB50EB64D990699B7B2FFD5300F11C79AE5093B214EB706AC4CF91
                                                                                                          Function 0099DF94 Relevance: .3, Instructions: 264COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1687437594.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_990000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4c4297947721fc6bd06d85718269b08e10fa49493576d905b840058676bcb92c
                                                                                                          • Instruction ID: 4ddba80ac343e90249c4e83c3362ba17c09250068a11825737d19d5fcbd15f46
                                                                                                          • Opcode Fuzzy Hash: 4c4297947721fc6bd06d85718269b08e10fa49493576d905b840058676bcb92c
                                                                                                          • Instruction Fuzzy Hash: 0BA16D32A00209CFCF09DFB8C8945AEB7B6FF84300B15497AE905AB265DB75ED55CB90
                                                                                                          Function 0720E288 Relevance: .3, Instructions: 264COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b3e8082643411676867ce1840de6b766983ea725d02bc22adc6d5ed81cd578f1
                                                                                                          • Instruction ID: bb7a7ce24001fb5a3f3bff1956b31317efc78d8cf09e2a8c0ad501eb1d6aadf8
                                                                                                          • Opcode Fuzzy Hash: b3e8082643411676867ce1840de6b766983ea725d02bc22adc6d5ed81cd578f1
                                                                                                          • Instruction Fuzzy Hash: C8D1EC35D2075ACACB50EB64D990699B7B2FFD5300F11C79AE5093B214EB706AC4CF91
                                                                                                          Function 06DE4D9D Relevance: .1, Instructions: 127COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c42649257afa24886eb8c651b25fc120f1e3e7981330cd7cd8040ea3bc7597cf
                                                                                                          • Instruction ID: 44722c4d7ac901fcba3b948feeb9c23a48e19f1bf6117ffef03f6be496694bae
                                                                                                          • Opcode Fuzzy Hash: c42649257afa24886eb8c651b25fc120f1e3e7981330cd7cd8040ea3bc7597cf
                                                                                                          • Instruction Fuzzy Hash: CE51E574E006198FDB18DFA9C5909AEFBF2BF89304F24C169D418AB355D731A942CFA0
                                                                                                          Function 0720B4CF Relevance: .1, Instructions: 101COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1aa70a2f732a41d75da239babfa42495e87eb021c839570f65d459102dfca60e
                                                                                                          • Instruction ID: 6063cc8fd0192402d5568356c42bfc93bcac53e851dd6e7e7e007343696b7720
                                                                                                          • Opcode Fuzzy Hash: 1aa70a2f732a41d75da239babfa42495e87eb021c839570f65d459102dfca60e
                                                                                                          • Instruction Fuzzy Hash: FA417AB1E116198BEB68CF6BCD4079AFBF3AFC9300F14C1A9D508AB255EB3059858F51
                                                                                                          Function 06DE87B7 Relevance: .1, Instructions: 75COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691549916.0000000006DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DE0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_6de0000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 753d8db26bda25e8d5d9e7cf799442699b064cf3d59f10e16ce8802fea44ce59
                                                                                                          • Instruction ID: 49efc3b6ccf29bd847f07bb7d703be229636d07d38a7379c59127ca144cf87be
                                                                                                          • Opcode Fuzzy Hash: 753d8db26bda25e8d5d9e7cf799442699b064cf3d59f10e16ce8802fea44ce59
                                                                                                          • Instruction Fuzzy Hash: A921D671D056288BEB68DF6B9C443DDFAF6BFC9300F04C0AAC40CA6255DB7409869F51
                                                                                                          Function 07202C38 Relevance: 7.8, Strings: 6, Instructions: 311COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 4'dq$4'dq$4'dq$4|iq$4|iq$$dq
                                                                                                          • API String ID: 0-2773531318
                                                                                                          • Opcode ID: 3c1c462e8862ed2872a7f858235b0e855418c9443356fbc344b856329b809065
                                                                                                          • Instruction ID: 04adab8c0b065971060a586f7041f091cd96637d53777ece86f644b6fe53a970
                                                                                                          • Opcode Fuzzy Hash: 3c1c462e8862ed2872a7f858235b0e855418c9443356fbc344b856329b809065
                                                                                                          • Instruction Fuzzy Hash: C1A1A3B1364226CFCB199B38845C63E36D6BFC975172944AAE406CB3E2DE64DC4187E1
                                                                                                          Function 07205448 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.1691798071.0000000007200000.00000040.00000800.00020000.00000000.sdmp, Offset: 07200000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7200000_DATASHEET.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: \;dq$\;dq$\;dq$\;dq
                                                                                                          • API String ID: 0-1855092343
                                                                                                          • Opcode ID: 63e743f0ad702a0b166e135591f1561be4d6c0bee40cf02d730eb7b8fb64e818
                                                                                                          • Instruction ID: 711bc7becf887f314917f67ff9116f4b0869dd2e629fef2b3e8bc28a5b180a72
                                                                                                          • Opcode Fuzzy Hash: 63e743f0ad702a0b166e135591f1561be4d6c0bee40cf02d730eb7b8fb64e818
                                                                                                          • Instruction Fuzzy Hash: 6501B5B57305168FCB208E2EC440EA637E6AFC97627354065E801CB3E2DA71DC518BE1

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:11.1%
                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                          Signature Coverage:0%
                                                                                                          Total number of Nodes:17
                                                                                                          Total number of Limit Nodes:4
                                                                                                          execution_graph 23531 1620848 23533 162084e 23531->23533 23532 162091b 23533->23532 23535 1621390 23533->23535 23537 1621393 23535->23537 23536 16214a0 23536->23533 23537->23536 23539 1627f98 23537->23539 23540 1627fa2 23539->23540 23541 1627fbc 23540->23541 23544 6b4fab0 23540->23544 23548 6b4faa0 23540->23548 23541->23537 23546 6b4fac5 23544->23546 23545 6b4fcda 23545->23541 23546->23545 23547 6b4fcf1 GlobalMemoryStatusEx 23546->23547 23547->23546 23550 6b4faae 23548->23550 23549 6b4fcda 23549->23541 23550->23549 23551 6b4fcf1 GlobalMemoryStatusEx 23550->23551 23551->23550

                                                                                                          Executed Functions

                                                                                                          Function 06B430D0 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 132 6b430d0-6b430f1 133 6b430f3-6b430f6 132->133 134 6b43897-6b4389a 133->134 135 6b430fc-6b4311b 133->135 136 6b438c0-6b438c2 134->136 137 6b4389c-6b438bb 134->137 145 6b43134-6b4313e 135->145 146 6b4311d-6b43120 135->146 138 6b438c4 136->138 139 6b438c9-6b438cc 136->139 137->136 138->139 139->133 141 6b438d2-6b438db 139->141 150 6b43144-6b43153 145->150 146->145 147 6b43122-6b43132 146->147 147->150 258 6b43155 call 6b438f0 150->258 259 6b43155 call 6b438e8 150->259 151 6b4315a-6b4315f 152 6b43161-6b43167 151->152 153 6b4316c-6b43449 151->153 152->141 174 6b4344f-6b434fe 153->174 175 6b43889-6b43896 153->175 184 6b43527 174->184 185 6b43500-6b43525 174->185 187 6b43530-6b43543 184->187 185->187 189 6b43870-6b4387c 187->189 190 6b43549-6b4356b 187->190 189->174 191 6b43882 189->191 190->189 193 6b43571-6b4357b 190->193 191->175 193->189 194 6b43581-6b4358c 193->194 194->189 195 6b43592-6b43668 194->195 207 6b43676-6b436a6 195->207 208 6b4366a-6b4366c 195->208 212 6b436b4-6b436c0 207->212 213 6b436a8-6b436aa 207->213 208->207 214 6b43720-6b43724 212->214 215 6b436c2-6b436c6 212->215 213->212 216 6b43861-6b4386a 214->216 217 6b4372a-6b43766 214->217 215->214 218 6b436c8-6b436f2 215->218 216->189 216->195 228 6b43774-6b43782 217->228 229 6b43768-6b4376a 217->229 225 6b436f4-6b436f6 218->225 226 6b43700-6b4371d 218->226 225->226 226->214 232 6b43784-6b4378f 228->232 233 6b43799-6b437a4 228->233 229->228 232->233 236 6b43791 232->236 237 6b437a6-6b437ac 233->237 238 6b437bc-6b437cd 233->238 236->233 239 6b437b0-6b437b2 237->239 240 6b437ae 237->240 242 6b437e5-6b437f1 238->242 243 6b437cf-6b437d5 238->243 239->238 240->238 247 6b437f3-6b437f9 242->247 248 6b43809-6b4385a 242->248 244 6b437d7 243->244 245 6b437d9-6b437db 243->245 244->242 245->242 249 6b437fd-6b437ff 247->249 250 6b437fb 247->250 248->216 249->248 250->248 258->151 259->151
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $dq$$dq$$dq$$dq$$dq$$dq
                                                                                                          • API String ID: 0-2331353128
                                                                                                          • Opcode ID: 908343cf8df318eb78f5045af17f1c548c33e2c4acc0e29defdbc832008c9767
                                                                                                          • Instruction ID: e84b16944d3b992cbd96b327357c1933508c06993a13f9065c54ecbbd75fa4ee
                                                                                                          • Opcode Fuzzy Hash: 908343cf8df318eb78f5045af17f1c548c33e2c4acc0e29defdbc832008c9767
                                                                                                          • Instruction Fuzzy Hash: B8322F71E1061ACFCB14EF75D85459DB7B2FFC9300F24D6A9D409A7264EB30AA85CB80
                                                                                                          Function 06B47E00 Relevance: 3.0, Strings: 2, Instructions: 479COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 800 6b47e00-6b47e1e 801 6b47e20-6b47e23 800->801 802 6b47e25-6b47e2f 801->802 803 6b47e30-6b47e33 801->803 804 6b47e54-6b47e57 803->804 805 6b47e35-6b47e4f 803->805 806 6b47e6e-6b47e71 804->806 807 6b47e59-6b47e67 804->807 805->804 808 6b47e94-6b47e96 806->808 809 6b47e73-6b47e8f 806->809 814 6b47ea6-6b47ebc 807->814 816 6b47e69 807->816 812 6b47e9d-6b47ea0 808->812 813 6b47e98 808->813 809->808 812->801 812->814 813->812 820 6b480d7-6b480e1 814->820 821 6b47ec2-6b47ecb 814->821 816->806 822 6b47ed1-6b47eee 821->822 823 6b480e2-6b480ec 821->823 833 6b480c4-6b480d1 822->833 834 6b47ef4-6b47f1c 822->834 826 6b4813d 823->826 827 6b480ee-6b48117 823->827 828 6b4813f-6b48142 826->828 830 6b48119-6b4811c 827->830 831 6b481ef-6b481f2 828->831 832 6b48148-6b48154 828->832 830->828 835 6b4811e-6b4813a 830->835 836 6b48427-6b48429 831->836 837 6b481f8-6b48207 831->837 840 6b4815f-6b48161 832->840 833->820 833->821 834->833 856 6b47f22-6b47f2b 834->856 835->826 838 6b48430-6b48433 836->838 839 6b4842b 836->839 853 6b48226-6b4826a 837->853 854 6b48209-6b48224 837->854 838->830 843 6b48439-6b48442 838->843 839->838 844 6b48163-6b48169 840->844 845 6b48179-6b4817d 840->845 848 6b4816d-6b4816f 844->848 849 6b4816b 844->849 850 6b4817f-6b48189 845->850 851 6b4818b 845->851 848->845 849->845 855 6b48190-6b48192 850->855 851->855 862 6b48270-6b48281 853->862 863 6b483fb-6b48411 853->863 854->853 859 6b48194-6b48197 855->859 860 6b481a9-6b481e2 855->860 856->823 861 6b47f31-6b47f4d 856->861 859->843 860->837 883 6b481e4-6b481ee 860->883 868 6b480b2-6b480be 861->868 869 6b47f53-6b47f7d 861->869 873 6b483e6-6b483f5 862->873 874 6b48287-6b482a4 862->874 863->836 868->833 868->856 885 6b47f83-6b47fab 869->885 886 6b480a8-6b480ad 869->886 873->862 873->863 874->873 884 6b482aa-6b483a0 call 6b46620 874->884 935 6b483a2-6b483ac 884->935 936 6b483ae 884->936 885->886 893 6b47fb1-6b47fdf 885->893 886->868 893->886 898 6b47fe5-6b47fee 893->898 898->886 899 6b47ff4-6b48026 898->899 907 6b48031-6b4804d 899->907 908 6b48028-6b4802c 899->908 907->868 911 6b4804f-6b480a6 call 6b46620 907->911 908->886 910 6b4802e 908->910 910->907 911->868 937 6b483b3-6b483b5 935->937 936->937 937->873 938 6b483b7-6b483bc 937->938 939 6b483be-6b483c8 938->939 940 6b483ca 938->940 941 6b483cf-6b483d1 939->941 940->941 941->873 942 6b483d3-6b483df 941->942 942->873
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $dq$$dq
                                                                                                          • API String ID: 0-2340669324
                                                                                                          • Opcode ID: 82c96e52e2d1ffb6b4b595b7b40471c8c05bf4ca78e0a236607999ea9d5db555
                                                                                                          • Instruction ID: 4d8ecfd94b4f66f31c76eddcd0c979e610a632845cfad74289093e3cce0e10c4
                                                                                                          • Opcode Fuzzy Hash: 82c96e52e2d1ffb6b4b595b7b40471c8c05bf4ca78e0a236607999ea9d5db555
                                                                                                          • Instruction Fuzzy Hash: E5029F70B102169FDB54EFA4D9906AEB7F6FF84311F1085A9E405AB395DB35EC42CB80
                                                                                                          Function 06B45618 Relevance: 1.9, Strings: 1, Instructions: 603COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1422 6b45618-6b45635 1423 6b45637-6b4563a 1422->1423 1424 6b45651-6b45654 1423->1424 1425 6b4563c-6b4564c 1423->1425 1426 6b45656-6b45659 1424->1426 1427 6b4566b-6b45671 1424->1427 1425->1424 1431 6b45666-6b45669 1426->1431 1432 6b4565b-6b45661 1426->1432 1428 6b45796-6b4579c 1427->1428 1429 6b45677 1427->1429 1434 6b457f4-6b45823 1428->1434 1435 6b4579e-6b457a9 1428->1435 1433 6b4567c-6b4567f 1429->1433 1431->1427 1431->1433 1432->1431 1436 6b456a5-6b456a8 1433->1436 1437 6b45681-6b456a0 1433->1437 1452 6b4582d-6b45830 1434->1452 1435->1434 1438 6b457ab-6b457b8 1435->1438 1440 6b456d6-6b456dc 1436->1440 1441 6b456aa-6b456ad 1436->1441 1437->1436 1438->1434 1442 6b457ba-6b457be 1438->1442 1443 6b45774-6b45782 1440->1443 1444 6b456e2 1440->1444 1446 6b456c6-6b456c9 1441->1446 1447 6b456af-6b456c1 1441->1447 1448 6b457c3-6b457c6 1442->1448 1460 6b45789-6b4578c 1443->1460 1451 6b456e7-6b456ea 1444->1451 1453 6b456d1-6b456d4 1446->1453 1454 6b456cb-6b456cc 1446->1454 1447->1446 1449 6b457d4-6b457d6 1448->1449 1450 6b457c8-6b457cf 1448->1450 1455 6b457dd-6b457e0 1449->1455 1456 6b457d8 1449->1456 1450->1449 1457 6b45702-6b45705 1451->1457 1458 6b456ec-6b456fd 1451->1458 1461 6b45852-6b45855 1452->1461 1462 6b45832-6b45836 1452->1462 1453->1440 1453->1451 1454->1453 1455->1423 1464 6b457e6-6b457f3 1455->1464 1456->1455 1465 6b45716-6b45719 1457->1465 1466 6b45707-6b4570b 1457->1466 1458->1457 1467 6b45791-6b45794 1460->1467 1470 6b45877-6b4587a 1461->1470 1471 6b45857-6b4585b 1461->1471 1468 6b45922-6b4595c 1462->1468 1469 6b4583c-6b45844 1462->1469 1476 6b45725-6b45728 1465->1476 1477 6b4571b-6b45724 1465->1477 1466->1464 1475 6b45711 1466->1475 1467->1428 1467->1448 1490 6b4595e-6b45961 1468->1490 1469->1468 1478 6b4584a-6b4584d 1469->1478 1472 6b4589c-6b4589f 1470->1472 1473 6b4587c-6b45880 1470->1473 1471->1468 1479 6b45861-6b45869 1471->1479 1482 6b458a1-6b458a8 1472->1482 1483 6b458a9-6b458ac 1472->1483 1473->1468 1481 6b45886-6b4588e 1473->1481 1475->1465 1484 6b45732-6b45735 1476->1484 1485 6b4572a-6b4572d 1476->1485 1478->1461 1479->1468 1480 6b4586f-6b45872 1479->1480 1480->1470 1481->1468 1487 6b45894-6b45897 1481->1487 1488 6b458bc-6b458bf 1483->1488 1489 6b458ae-6b458b5 1483->1489 1491 6b45737-6b45739 1484->1491 1492 6b4573c-6b4573f 1484->1492 1485->1484 1487->1472 1497 6b458c1-6b458c5 1488->1497 1498 6b458d9-6b458dc 1488->1498 1495 6b458b7 1489->1495 1496 6b4591a-6b45921 1489->1496 1499 6b45963-6b4596a 1490->1499 1500 6b4596f-6b45972 1490->1500 1491->1492 1493 6b45741-6b45748 1492->1493 1494 6b4574f-6b45752 1492->1494 1493->1485 1503 6b4574a 1493->1503 1504 6b45754-6b4576a 1494->1504 1505 6b4576f-6b45772 1494->1505 1495->1488 1497->1468 1506 6b458c7-6b458cf 1497->1506 1507 6b458ed-6b458f0 1498->1507 1508 6b458de-6b458e8 1498->1508 1499->1500 1501 6b45974-6b4597b 1500->1501 1502 6b45980-6b45983 1500->1502 1501->1502 1509 6b45985-6b45988 1502->1509 1510 6b4598e-6b45b22 1502->1510 1503->1494 1504->1505 1505->1443 1505->1467 1506->1468 1513 6b458d1-6b458d4 1506->1513 1511 6b458f2-6b45903 1507->1511 1512 6b45908-6b4590a 1507->1512 1508->1507 1509->1510 1515 6b45c71-6b45c74 1509->1515 1571 6b45b28-6b45b2f 1510->1571 1572 6b45c5b-6b45c6e 1510->1572 1511->1512 1517 6b45911-6b45914 1512->1517 1518 6b4590c 1512->1518 1513->1498 1515->1510 1519 6b45c7a-6b45c7d 1515->1519 1517->1452 1517->1496 1518->1517 1522 6b45c87-6b45c8a 1519->1522 1523 6b45c7f-6b45c84 1519->1523 1524 6b45ca4-6b45ca7 1522->1524 1525 6b45c8c-6b45c9d 1522->1525 1523->1522 1527 6b45cc1-6b45cc4 1524->1527 1528 6b45ca9-6b45cba 1524->1528 1531 6b45cc6-6b45cd7 1525->1531 1535 6b45c9f 1525->1535 1527->1531 1532 6b45ce2-6b45ce5 1527->1532 1539 6b45cbc 1528->1539 1540 6b45d29-6b45d3c 1528->1540 1531->1501 1543 6b45cdd 1531->1543 1533 6b45ce7-6b45cf8 1532->1533 1534 6b45d03-6b45d06 1532->1534 1533->1501 1548 6b45cfe 1533->1548 1537 6b45d24-6b45d27 1534->1537 1538 6b45d08-6b45d19 1534->1538 1535->1524 1537->1540 1545 6b45d3f-6b45d41 1537->1545 1538->1501 1553 6b45d1f 1538->1553 1539->1527 1543->1532 1546 6b45d43 1545->1546 1547 6b45d48-6b45d4b 1545->1547 1546->1547 1547->1490 1552 6b45d51-6b45d5a 1547->1552 1548->1534 1553->1537 1573 6b45b35-6b45b68 1571->1573 1574 6b45be3-6b45bea 1571->1574 1585 6b45b6d-6b45bae 1573->1585 1586 6b45b6a 1573->1586 1574->1572 1575 6b45bec-6b45c1f 1574->1575 1587 6b45c24-6b45c51 1575->1587 1588 6b45c21 1575->1588 1596 6b45bc6-6b45bcd 1585->1596 1597 6b45bb0-6b45bc1 1585->1597 1586->1585 1587->1552 1588->1587 1599 6b45bd5-6b45bd7 1596->1599 1597->1552 1599->1552
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $
                                                                                                          • API String ID: 0-3993045852
                                                                                                          • Opcode ID: 71b134917967bd2ee143c47f64a663c7d28c650bb151749ba303703383280bec
                                                                                                          • Instruction ID: 68c131009daf1f604995add583d2d31c6732147954192c2cbab05acf38832119
                                                                                                          • Opcode Fuzzy Hash: 71b134917967bd2ee143c47f64a663c7d28c650bb151749ba303703383280bec
                                                                                                          • Instruction Fuzzy Hash: 6822D6B6E006199FDF70EFA4C5806AEB7B2FF85320F2484A9D445AB355DA35DC41CB90
                                                                                                          Function 06B4B2A2 Relevance: .6, Instructions: 570COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 862380c8ad6248ab3406fbfabb49254810bdc75db0183bf02bc0fb13d950a4fa
                                                                                                          • Instruction ID: ed310018663fd08a06035dbb5c9152e1e434c69d0c148402b511328fb8f1b7bc
                                                                                                          • Opcode Fuzzy Hash: 862380c8ad6248ab3406fbfabb49254810bdc75db0183bf02bc0fb13d950a4fa
                                                                                                          • Instruction Fuzzy Hash: 742252B0E102099FDFA4EF98D4907ADB7B2FB85310F249465E609EB391CB39DC819B51
                                                                                                          Function 06B4AD48 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 0 6b4ad48-6b4ad66 2 6b4ad68-6b4ad6b 0->2 3 6b4ad6d-6b4ad7a 2->3 4 6b4ad7f-6b4ad82 2->4 3->4 5 6b4af65-6b4af6e 4->5 6 6b4ad88-6b4ad8b 4->6 10 6b4af74-6b4af7e 5->10 11 6b4ad9a-6b4ada3 5->11 8 6b4ad95-6b4ad98 6->8 9 6b4ad8d-6b4ad92 6->9 8->11 12 6b4adb2-6b4adb5 8->12 9->8 13 6b4af7f-6b4af89 11->13 14 6b4ada9-6b4adad 11->14 15 6b4adb7-6b4adca 12->15 16 6b4adcf-6b4add2 12->16 21 6b4af37-6b4af3a 13->21 22 6b4af8b-6b4af8d 13->22 14->12 15->16 18 6b4add4-6b4addd 16->18 19 6b4ade2-6b4ade5 16->19 18->19 23 6b4ade7-6b4ae03 19->23 24 6b4ae08-6b4ae0b 19->24 26 6b4af3b-6b4af47 21->26 25 6b4af8f-6b4af91 22->25 22->26 23->24 27 6b4ae1c-6b4ae1e 24->27 28 6b4ae0d-6b4ae11 24->28 31 6b4af93-6b4afb6 25->31 32 6b4af3f-6b4af47 25->32 45 6b4af4f-6b4af5b 26->45 29 6b4ae25-6b4ae28 27->29 30 6b4ae20 27->30 28->10 34 6b4ae17 28->34 29->2 35 6b4ae2e-6b4ae52 29->35 30->29 36 6b4afb8-6b4afbb 31->36 32->45 34->27 55 6b4af62 35->55 57 6b4ae58-6b4ae67 35->57 38 6b4afbd-6b4afc7 36->38 39 6b4afc8-6b4afcb 36->39 43 6b4afcd call 6b4b2a2 39->43 44 6b4afda-6b4afdd 39->44 51 6b4afd3-6b4afd5 43->51 46 6b4afdf-6b4afe3 44->46 47 6b4afea-6b4afed 44->47 45->55 52 6b4afe5 46->52 53 6b4b019-6b4b054 46->53 48 6b4b010-6b4b013 47->48 49 6b4afef-6b4b00b 47->49 48->53 56 6b4b27c-6b4b27e 48->56 49->48 51->44 52->47 63 6b4b247-6b4b25a 53->63 64 6b4b05a-6b4b066 53->64 55->5 60 6b4b285-6b4b288 56->60 61 6b4b280 56->61 67 6b4ae7f-6b4aeba call 6b46620 57->67 68 6b4ae69-6b4ae6f 57->68 60->36 65 6b4b28e-6b4b298 60->65 61->60 69 6b4b25c 63->69 73 6b4b086-6b4b0ca 64->73 74 6b4b068-6b4b081 64->74 86 6b4aed2-6b4aee9 67->86 87 6b4aebc-6b4aec2 67->87 71 6b4ae71 68->71 72 6b4ae73-6b4ae75 68->72 75 6b4b25d 69->75 71->67 72->67 91 6b4b0e6-6b4b125 73->91 92 6b4b0cc-6b4b0de 73->92 74->69 75->75 99 6b4af01-6b4af12 86->99 100 6b4aeeb-6b4aef1 86->100 89 6b4aec4 87->89 90 6b4aec6-6b4aec8 87->90 89->86 90->86 97 6b4b20c-6b4b221 91->97 98 6b4b12b-6b4b206 call 6b46620 91->98 92->91 97->63 98->97 107 6b4af14-6b4af1a 99->107 108 6b4af2a-6b4af33 99->108 103 6b4aef5-6b4aef7 100->103 104 6b4aef3 100->104 103->99 104->99 110 6b4af1c 107->110 111 6b4af1e-6b4af20 107->111 108->26 110->108 111->108
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                          • API String ID: 0-634254105
                                                                                                          • Opcode ID: fe343819bb713df2068fb1d7fc9e3303b053e584f64da1585665453bfdb87405
                                                                                                          • Instruction ID: 3c894045552524bbb61818e7e72fba3e869313c3f81c8fb2a88081e76093bfad
                                                                                                          • Opcode Fuzzy Hash: fe343819bb713df2068fb1d7fc9e3303b053e584f64da1585665453bfdb87405
                                                                                                          • Instruction Fuzzy Hash: 70E17070E1021A8FDF55EFA8D4906AEB7B2FF85301F209569D905EB258DB34EC42CB91
                                                                                                          Function 06B4B6C8 Relevance: 8.0, Strings: 6, Instructions: 473COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 260 6b4b6c8-6b4b6e8 261 6b4b6ea-6b4b6ed 260->261 262 6b4b701-6b4b704 261->262 263 6b4b6ef-6b4b6f6 261->263 266 6b4b706-6b4b754 call 6b46620 262->266 267 6b4b759-6b4b75c 262->267 264 6b4b9a2-6b4b9ab 263->264 265 6b4b6fc 263->265 268 6b4b9b0-6b4b9b3 264->268 265->262 266->267 269 6b4b776-6b4b779 267->269 270 6b4b75e-6b4b765 267->270 271 6b4b9b5-6b4b9b8 268->271 272 6b4b9ba-6b4b9bd 268->272 276 6b4b793-6b4b796 269->276 277 6b4b77b-6b4b782 269->277 273 6b4ba59-6b4ba8e 270->273 274 6b4b76b-6b4b771 270->274 271->272 278 6b4b9c2-6b4b9c5 271->278 272->278 291 6b4ba90-6b4ba93 273->291 274->269 276->272 281 6b4b79c-6b4b79f 276->281 277->273 280 6b4b788-6b4b78e 277->280 282 6b4b9c7-6b4b9cc 278->282 283 6b4b9cf-6b4b9d2 278->283 280->276 286 6b4b7a1-6b4b7b6 281->286 287 6b4b7de-6b4b7e1 281->287 282->283 289 6b4b9d4-6b4b9dd 283->289 290 6b4b9eb-6b4b9ee 283->290 286->273 301 6b4b7bc-6b4b7d9 286->301 287->272 288 6b4b7e7-6b4b7ea 287->288 295 6b4b810-6b4b813 288->295 296 6b4b7ec-6b4b7f3 288->296 289->273 297 6b4b9df-6b4b9e6 289->297 298 6b4b9f0-6b4b9f6 290->298 299 6b4b9fb-6b4b9fe 290->299 292 6b4bcff-6b4bd02 291->292 293 6b4ba99-6b4bac1 291->293 307 6b4bd04-6b4bd20 292->307 308 6b4bd25-6b4bd27 292->308 359 6b4bac3-6b4bac6 293->359 360 6b4bacb-6b4bb0f 293->360 303 6b4b815-6b4b81c 295->303 304 6b4b839-6b4b83c 295->304 296->273 302 6b4b7f9-6b4b809 296->302 297->290 298->299 305 6b4ba00-6b4ba03 299->305 306 6b4ba11-6b4ba14 299->306 301->287 302->303 335 6b4b80b 302->335 303->273 316 6b4b822-6b4b832 303->316 312 6b4b866-6b4b869 304->312 313 6b4b83e-6b4b845 304->313 305->273 317 6b4ba05-6b4ba0c 305->317 309 6b4ba16-6b4ba19 306->309 310 6b4ba28-6b4ba2b 306->310 307->308 314 6b4bd2e-6b4bd31 308->314 315 6b4bd29 308->315 320 6b4ba23-6b4ba26 309->320 321 6b4ba1b-6b4ba1e 309->321 310->305 323 6b4ba2d 310->323 325 6b4b8c7-6b4b8d0 312->325 326 6b4b86b-6b4b86e 312->326 313->273 322 6b4b84b-6b4b85b 313->322 314->291 324 6b4bd37-6b4bd40 314->324 315->314 316->313 337 6b4b834 316->337 317->306 320->310 330 6b4ba32-6b4ba35 320->330 321->320 322->272 347 6b4b861 322->347 323->330 325->289 334 6b4b8d6 325->334 331 6b4b870-6b4b877 326->331 332 6b4b888-6b4b88b 326->332 340 6b4ba37-6b4ba39 330->340 341 6b4ba3c-6b4ba3e 330->341 331->273 342 6b4b87d-6b4b883 331->342 343 6b4b89d-6b4b8a0 332->343 344 6b4b88d 332->344 345 6b4b8db-6b4b8de 334->345 335->295 337->304 340->341 348 6b4ba45-6b4ba48 341->348 349 6b4ba40 341->349 342->332 350 6b4b8c2-6b4b8c5 343->350 351 6b4b8a2-6b4b8bd 343->351 358 6b4b895-6b4b898 344->358 353 6b4b8e0-6b4b8f5 345->353 354 6b4b91d-6b4b920 345->354 347->312 348->261 357 6b4ba4e-6b4ba58 348->357 349->348 350->325 350->345 351->350 353->273 370 6b4b8fb-6b4b918 353->370 355 6b4b922-6b4b93e 354->355 356 6b4b943-6b4b946 354->356 355->356 362 6b4b94e-6b4b951 356->362 363 6b4b948-6b4b949 356->363 358->343 359->324 383 6b4bcf4-6b4bcfe 360->383 384 6b4bb15-6b4bb1e 360->384 367 6b4b964-6b4b967 362->367 368 6b4b953-6b4b95f 362->368 363->362 371 6b4b977-6b4b97a 367->371 372 6b4b969-6b4b972 367->372 368->367 370->354 376 6b4b97c-6b4b985 371->376 377 6b4b98a-6b4b98d 371->377 372->371 376->377 380 6b4b99d-6b4b9a0 377->380 381 6b4b98f-6b4b998 377->381 380->264 380->268 381->380 385 6b4bb24-6b4bb90 call 6b46620 384->385 386 6b4bcea-6b4bcef 384->386 394 6b4bb96-6b4bb9b 385->394 395 6b4bc8a-6b4bc9f 385->395 386->383 396 6b4bbb7 394->396 397 6b4bb9d-6b4bba3 394->397 395->386 401 6b4bbb9-6b4bbbf 396->401 399 6b4bba5-6b4bba7 397->399 400 6b4bba9-6b4bbab 397->400 402 6b4bbb5 399->402 400->402 403 6b4bbd4-6b4bbe1 401->403 404 6b4bbc1-6b4bbc7 401->404 402->401 411 6b4bbe3-6b4bbe9 403->411 412 6b4bbf9-6b4bc06 403->412 405 6b4bc75-6b4bc84 404->405 406 6b4bbcd 404->406 405->394 405->395 406->403 407 6b4bc3c-6b4bc49 406->407 408 6b4bc08-6b4bc15 406->408 419 6b4bc61-6b4bc6e 407->419 420 6b4bc4b-6b4bc51 407->420 417 6b4bc17-6b4bc1d 408->417 418 6b4bc2d-6b4bc3a 408->418 415 6b4bbed-6b4bbef 411->415 416 6b4bbeb 411->416 412->405 415->412 416->412 422 6b4bc21-6b4bc23 417->422 423 6b4bc1f 417->423 418->405 419->405 424 6b4bc55-6b4bc57 420->424 425 6b4bc53 420->425 422->418 423->418 424->419 425->419
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $dq$$dq$$dq$$dq$$dq$$dq
                                                                                                          • API String ID: 0-2331353128
                                                                                                          • Opcode ID: fba59f87e4cf1acdb54d1d7b1aa0c39bc9185c01c00a51b1f2c46afd37b08644
                                                                                                          • Instruction ID: 247f03f9b4dece5ad1faee826aa145131e807b58f87c44720c3043233bea583e
                                                                                                          • Opcode Fuzzy Hash: fba59f87e4cf1acdb54d1d7b1aa0c39bc9185c01c00a51b1f2c46afd37b08644
                                                                                                          • Instruction Fuzzy Hash: 2B026FB0E102199FDBA4EFA8D480AADB7F2FF45310F2095AAD505EB251DB35DC41DB81
                                                                                                          Function 06B491D0 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 428 6b491d0-6b491f5 429 6b491f7-6b491fa 428->429 430 6b49200-6b49215 429->430 431 6b49ab8-6b49abb 429->431 439 6b49217-6b4921d 430->439 440 6b4922d-6b49243 430->440 432 6b49ae1-6b49ae3 431->432 433 6b49abd-6b49adc 431->433 434 6b49ae5 432->434 435 6b49aea-6b49aed 432->435 433->432 434->435 435->429 438 6b49af3-6b49afd 435->438 441 6b49221-6b49223 439->441 442 6b4921f 439->442 445 6b4924e-6b49250 440->445 441->440 442->440 446 6b49252-6b49258 445->446 447 6b49268-6b492d9 445->447 448 6b4925c-6b4925e 446->448 449 6b4925a 446->449 458 6b49305-6b49321 447->458 459 6b492db-6b492fe 447->459 448->447 449->447 464 6b49323-6b49346 458->464 465 6b4934d-6b49368 458->465 459->458 464->465 470 6b49393-6b493ae 465->470 471 6b4936a-6b4938c 465->471 476 6b493b0-6b493cc 470->476 477 6b493d3-6b493e1 470->477 471->470 476->477 478 6b493f1-6b4946b 477->478 479 6b493e3-6b493ec 477->479 485 6b4946d-6b4948b 478->485 486 6b494b8-6b494cd 478->486 479->438 490 6b494a7-6b494b6 485->490 491 6b4948d-6b4949c 485->491 486->431 490->485 490->486 491->490
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $dq$$dq$$dq$$dq
                                                                                                          • API String ID: 0-185584874
                                                                                                          • Opcode ID: 297ce56c6018d7f9ecf50998b4e5bb3a5b07717d0c313cc141241dc6a56866dd
                                                                                                          • Instruction ID: 01b3ecf24d0699c2f11ef30458ecc29d1aa978b514f18d4d416fd727c77cea43
                                                                                                          • Opcode Fuzzy Hash: 297ce56c6018d7f9ecf50998b4e5bb3a5b07717d0c313cc141241dc6a56866dd
                                                                                                          • Instruction Fuzzy Hash: D0914070F0021A9FDB54EF64D9507AFB7F6EF85200F1085A9D809EB394EE74AD428B91
                                                                                                          Function 06B4CFB8 Relevance: 4.6, Strings: 3, Instructions: 802COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 494 6b4cfb8-6b4cfd3 495 6b4cfd5-6b4cfd8 494->495 496 6b4d021-6b4d024 495->496 497 6b4cfda-6b4d01c 495->497 498 6b4d026-6b4d035 496->498 499 6b4d06d-6b4d070 496->499 497->496 503 6b4d044-6b4d050 498->503 504 6b4d037-6b4d03c 498->504 501 6b4d072-6b4d0b4 499->501 502 6b4d0b9-6b4d0bc 499->502 501->502 505 6b4d105-6b4d108 502->505 506 6b4d0be-6b4d100 502->506 507 6b4d9d5-6b4da0e 503->507 508 6b4d056-6b4d068 503->508 504->503 511 6b4d151-6b4d154 505->511 512 6b4d10a-6b4d119 505->512 506->505 527 6b4da10-6b4da13 507->527 508->499 515 6b4d156-6b4d158 511->515 516 6b4d163-6b4d166 511->516 518 6b4d128-6b4d134 512->518 519 6b4d11b-6b4d120 512->519 521 6b4d4a1 515->521 522 6b4d15e 515->522 524 6b4d1af-6b4d1b2 516->524 525 6b4d168-6b4d1aa 516->525 518->507 520 6b4d13a-6b4d14c 518->520 519->518 520->511 531 6b4d4a4-6b4d4b0 521->531 522->516 528 6b4d1b4-6b4d1f6 524->528 529 6b4d1fb-6b4d1fe 524->529 525->524 532 6b4da15-6b4da31 527->532 533 6b4da36-6b4da39 527->533 528->529 541 6b4d200-6b4d21c 529->541 542 6b4d221-6b4d224 529->542 531->498 540 6b4d4b6-6b4d7a3 531->540 532->533 535 6b4da6c-6b4da6f 533->535 536 6b4da3b-6b4da67 533->536 543 6b4da71 call 6b4db2d 535->543 544 6b4da7e-6b4da80 535->544 536->535 706 6b4d7a9-6b4d7af 540->706 707 6b4d9ca-6b4d9d4 540->707 541->542 546 6b4d226-6b4d23c 542->546 547 6b4d241-6b4d244 542->547 560 6b4da77-6b4da79 543->560 551 6b4da87-6b4da8a 544->551 552 6b4da82 544->552 546->547 554 6b4d246-6b4d288 547->554 555 6b4d28d-6b4d290 547->555 551->527 565 6b4da8c-6b4da9b 551->565 552->551 554->555 562 6b4d292-6b4d294 555->562 563 6b4d29f-6b4d2a2 555->563 560->544 568 6b4d35f-6b4d368 562->568 569 6b4d29a 562->569 570 6b4d2a4-6b4d2a9 563->570 571 6b4d2ac-6b4d2af 563->571 588 6b4db02-6b4db17 565->588 589 6b4da9d-6b4db00 call 6b46620 565->589 576 6b4d377-6b4d383 568->576 577 6b4d36a-6b4d36f 568->577 569->563 570->571 571->531 580 6b4d2b5-6b4d2b8 571->580 584 6b4d494-6b4d499 576->584 585 6b4d389-6b4d39d 576->585 577->576 586 6b4d301-6b4d304 580->586 587 6b4d2ba-6b4d2fc 580->587 584->521 585->521 606 6b4d3a3-6b4d3b5 585->606 594 6b4d306-6b4d348 586->594 595 6b4d34d-6b4d34f 586->595 587->586 589->588 594->595 599 6b4d356-6b4d359 595->599 600 6b4d351 595->600 599->495 599->568 600->599 617 6b4d3b7-6b4d3bd 606->617 618 6b4d3d9-6b4d3db 606->618 621 6b4d3c1-6b4d3cd 617->621 622 6b4d3bf 617->622 628 6b4d3e5-6b4d3f1 618->628 625 6b4d3cf-6b4d3d7 621->625 622->625 625->628 637 6b4d3f3-6b4d3fd 628->637 638 6b4d3ff 628->638 639 6b4d404-6b4d406 637->639 638->639 639->521 642 6b4d40c-6b4d428 call 6b46620 639->642 650 6b4d437-6b4d443 642->650 651 6b4d42a-6b4d42f 642->651 650->584 653 6b4d445-6b4d492 650->653 651->650 653->521 708 6b4d7b1-6b4d7b6 706->708 709 6b4d7be-6b4d7c7 706->709 708->709 709->507 710 6b4d7cd-6b4d7e0 709->710 712 6b4d7e6-6b4d7ec 710->712 713 6b4d9ba-6b4d9c4 710->713 714 6b4d7ee-6b4d7f3 712->714 715 6b4d7fb-6b4d804 712->715 713->706 713->707 714->715 715->507 716 6b4d80a-6b4d82b 715->716 719 6b4d82d-6b4d832 716->719 720 6b4d83a-6b4d843 716->720 719->720 720->507 721 6b4d849-6b4d866 720->721 721->713 724 6b4d86c-6b4d872 721->724 724->507 725 6b4d878-6b4d891 724->725 727 6b4d897-6b4d8be 725->727 728 6b4d9ad-6b4d9b4 725->728 727->507 731 6b4d8c4-6b4d8ce 727->731 728->713 728->724 731->507 732 6b4d8d4-6b4d8eb 731->732 734 6b4d8ed-6b4d8f8 732->734 735 6b4d8fa-6b4d915 732->735 734->735 735->728 740 6b4d91b-6b4d934 call 6b46620 735->740 744 6b4d936-6b4d93b 740->744 745 6b4d943-6b4d94c 740->745 744->745 745->507 746 6b4d952-6b4d9a6 745->746 746->728
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $dq$$dq$$dq
                                                                                                          • API String ID: 0-2861643491
                                                                                                          • Opcode ID: ef469b7c52d299fd6c283fb5286e9dc735a0753a68e5a6864133239d54addf2a
                                                                                                          • Instruction ID: d8dcc46eb6e3e8ea487396907db3b89a9773c665e49783f7673ebaec3495bc5b
                                                                                                          • Opcode Fuzzy Hash: ef469b7c52d299fd6c283fb5286e9dc735a0753a68e5a6864133239d54addf2a
                                                                                                          • Instruction Fuzzy Hash: 13624E70A0021ACFCB55EF68D590A5EB7F2FF84311B208A68D40A9F359DB75ED46CB81
                                                                                                          Function 06B44BE0 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 754 6b44be0-6b44c04 755 6b44c06-6b44c09 754->755 756 6b44c2a-6b44c2d 755->756 757 6b44c0b-6b44c25 755->757 758 6b44c33-6b44d2b 756->758 759 6b4530c-6b4530e 756->759 757->756 777 6b44d31-6b44d7e call 6b45488 758->777 778 6b44dae-6b44db5 758->778 761 6b45315-6b45318 759->761 762 6b45310 759->762 761->755 764 6b4531e-6b4532b 761->764 762->761 791 6b44d84-6b44da0 777->791 779 6b44e39-6b44e42 778->779 780 6b44dbb-6b44e2b 778->780 779->764 797 6b44e36 780->797 798 6b44e2d 780->798 794 6b44da2 791->794 795 6b44dab 791->795 794->795 795->778 797->779 798->797
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: fiq$XPiq$\Oiq
                                                                                                          • API String ID: 0-1639307521
                                                                                                          • Opcode ID: a9754691293427c909c8d048835b6efbeaf71d81ba46092337a38e1970b84727
                                                                                                          • Instruction ID: 39ffa419f11439c796c79cabd5ee833e1e24af4dc518c9cf2967585286e8dfb7
                                                                                                          • Opcode Fuzzy Hash: a9754691293427c909c8d048835b6efbeaf71d81ba46092337a38e1970b84727
                                                                                                          • Instruction Fuzzy Hash: E1618D71F102099FEF54AFA4D8547AEBBF6FB88700F208469D106AB3A5DA758C058B91
                                                                                                          Function 06B491BF Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1273 6b491bf-6b491f5 1274 6b491f7-6b491fa 1273->1274 1275 6b49200-6b49215 1274->1275 1276 6b49ab8-6b49abb 1274->1276 1284 6b49217-6b4921d 1275->1284 1285 6b4922d-6b49243 1275->1285 1277 6b49ae1-6b49ae3 1276->1277 1278 6b49abd-6b49adc 1276->1278 1279 6b49ae5 1277->1279 1280 6b49aea-6b49aed 1277->1280 1278->1277 1279->1280 1280->1274 1283 6b49af3-6b49afd 1280->1283 1286 6b49221-6b49223 1284->1286 1287 6b4921f 1284->1287 1290 6b4924e-6b49250 1285->1290 1286->1285 1287->1285 1291 6b49252-6b49258 1290->1291 1292 6b49268-6b492d9 1290->1292 1293 6b4925c-6b4925e 1291->1293 1294 6b4925a 1291->1294 1303 6b49305-6b49321 1292->1303 1304 6b492db-6b492fe 1292->1304 1293->1292 1294->1292 1309 6b49323-6b49346 1303->1309 1310 6b4934d-6b49368 1303->1310 1304->1303 1309->1310 1315 6b49393-6b493ae 1310->1315 1316 6b4936a-6b4938c 1310->1316 1321 6b493b0-6b493cc 1315->1321 1322 6b493d3-6b493e1 1315->1322 1316->1315 1321->1322 1323 6b493f1-6b4946b 1322->1323 1324 6b493e3-6b493ec 1322->1324 1330 6b4946d-6b4948b 1323->1330 1331 6b494b8-6b494cd 1323->1331 1324->1283 1335 6b494a7-6b494b6 1330->1335 1336 6b4948d-6b4949c 1330->1336 1331->1276 1335->1330 1335->1331 1336->1335
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $dq$$dq
                                                                                                          • API String ID: 0-2340669324
                                                                                                          • Opcode ID: 39611219a4198ebca6f5ae82ddb44b516dcd8b2ad57ef29374c0ef4eb018bb3a
                                                                                                          • Instruction ID: ed1a031ef9c518b6ef2b81c492660689c51a57c68abdf5893d2d7b82f4db827a
                                                                                                          • Opcode Fuzzy Hash: 39611219a4198ebca6f5ae82ddb44b516dcd8b2ad57ef29374c0ef4eb018bb3a
                                                                                                          • Instruction Fuzzy Hash: 57513F70F101099FDB54EF74E950BAFB7F6EF85604F108569D809EB394EA38AD028B91
                                                                                                          Function 06B44BD0 Relevance: 2.6, Strings: 2, Instructions: 137COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 1376 6b44bd0-6b44c04 1377 6b44c06-6b44c09 1376->1377 1378 6b44c2a-6b44c2d 1377->1378 1379 6b44c0b-6b44c25 1377->1379 1380 6b44c33-6b44d2b 1378->1380 1381 6b4530c-6b4530e 1378->1381 1379->1378 1399 6b44d31-6b44d7e call 6b45488 1380->1399 1400 6b44dae-6b44db5 1380->1400 1383 6b45315-6b45318 1381->1383 1384 6b45310 1381->1384 1383->1377 1386 6b4531e-6b4532b 1383->1386 1384->1383 1413 6b44d84-6b44da0 1399->1413 1401 6b44e39-6b44e42 1400->1401 1402 6b44dbb-6b44e2b 1400->1402 1401->1386 1419 6b44e36 1402->1419 1420 6b44e2d 1402->1420 1416 6b44da2 1413->1416 1417 6b44dab 1413->1417 1416->1417 1417->1400 1419->1401 1420->1419
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: fiq$XPiq
                                                                                                          • API String ID: 0-1767242014
                                                                                                          • Opcode ID: e738ca16bdf3246f2ba26a29ee7c7174807d92075586fcdaffbdeae75751e69f
                                                                                                          • Instruction ID: cdcac209a024f7fdbbb856a718c9acde3e6b52254198228e745d29cf78c7e86e
                                                                                                          • Opcode Fuzzy Hash: e738ca16bdf3246f2ba26a29ee7c7174807d92075586fcdaffbdeae75751e69f
                                                                                                          • Instruction Fuzzy Hash: A7518F71F002099FDB54AFA5C4547AEBBF6FFC8700F208429E106AB3A5DA759C01CB90
                                                                                                          Function 0162EC39 Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4129662465.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_1620000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e98b3f79d29fb6361fecbd4e0493d2df5bae92c8ac60ff1096daa065baabaa05
                                                                                                          • Instruction ID: 56b1c8fd9eb95739551a20b09d112451c1e3204cca40c49c9b1b97bf6906616b
                                                                                                          • Opcode Fuzzy Hash: e98b3f79d29fb6361fecbd4e0493d2df5bae92c8ac60ff1096daa065baabaa05
                                                                                                          • Instruction Fuzzy Hash: 61412172D003599FCB00EFA9D8046DABBF5EF8A210F1485AAD508A7281DB349844CBE1
                                                                                                          Function 0162ED20 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GlobalMemoryStatusEx.KERNEL32 ref: 0162ED87
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4129662465.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_1620000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: GlobalMemoryStatus
                                                                                                          • String ID:
                                                                                                          • API String ID: 1890195054-0
                                                                                                          • Opcode ID: 873ba0dd70ef2b45c22080be716cb64f8c4c513cdaed55a2e9901a0f6390243c
                                                                                                          • Instruction ID: 74c422c746aa5beaf87e28e7918bdc258fe6face6bf5bd6a473f3bad238269d1
                                                                                                          • Opcode Fuzzy Hash: 873ba0dd70ef2b45c22080be716cb64f8c4c513cdaed55a2e9901a0f6390243c
                                                                                                          • Instruction Fuzzy Hash: 5B1120B2C006699BCB10DF9AC844BDEFBF4EF48320F11856AD818A7240D378A944CFA1
                                                                                                          Function 06B4DB2D Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: PHdq
                                                                                                          • API String ID: 0-2991842255
                                                                                                          • Opcode ID: d501e7a4d9127d225bff103b9e533adcd8339c81353a139f98eddf93dcd84ea8
                                                                                                          • Instruction ID: c04f55520ee56bbcd150feff4f0ed3c1db777cff7b2b48b62644669f1ba7cfb0
                                                                                                          • Opcode Fuzzy Hash: d501e7a4d9127d225bff103b9e533adcd8339c81353a139f98eddf93dcd84ea8
                                                                                                          • Instruction Fuzzy Hash: 2341B1B0E0030A9FDF65EF65D44469EBBB2FF85300F204969E805EB241DBB09846DB81
                                                                                                          Function 06B42278 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: PHdq
                                                                                                          • API String ID: 0-2991842255
                                                                                                          • Opcode ID: cd9746fb0bd480c37d593eb5090be2297f177ea20a26f8f3d89854c3a19631a1
                                                                                                          • Instruction ID: 870e3281d9467c12ee73062d695e8d2a3df5f637a42f8136d92e8bea13db84ec
                                                                                                          • Opcode Fuzzy Hash: cd9746fb0bd480c37d593eb5090be2297f177ea20a26f8f3d89854c3a19631a1
                                                                                                          • Instruction Fuzzy Hash: E7319070B002058FDB69AF74D55476E3BF7FB89600B105868E406EB394DE38DD41E791
                                                                                                          Function 06B423F0 Relevance: 1.0, Instructions: 1000COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 78bc1704c3b30063410a29aca7a8edb8bce6e3aa75f7df6112fceac7a5ee048c
                                                                                                          • Instruction ID: df61239af7ddd13e8358f6684ba66f17068fc9df0eb058d179eaeb96233e96a5
                                                                                                          • Opcode Fuzzy Hash: 78bc1704c3b30063410a29aca7a8edb8bce6e3aa75f7df6112fceac7a5ee048c
                                                                                                          • Instruction Fuzzy Hash: 7C924474E002048FDB64EB68C584B6DBBF2FF45314F5498A9E409AB365DB35ED81EB80
                                                                                                          Function 06B4C1F0 Relevance: .6, Instructions: 642COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8652d357e4991e13bba9899241371e16ac99e1c5ebfada7245d841513b42473a
                                                                                                          • Instruction ID: 35d977051d82be0a4fb515b46de7dc01f3b693176fe2a3fd2ac5dd4bc5b8aa71
                                                                                                          • Opcode Fuzzy Hash: 8652d357e4991e13bba9899241371e16ac99e1c5ebfada7245d841513b42473a
                                                                                                          • Instruction Fuzzy Hash: A0329070B012199FDB54EF68E880AADBBF2FB88710F109569E405EB355DB38EC41DB91
                                                                                                          Function 06B46DA0 Relevance: .3, Instructions: 257COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b8fb3b24238790c5689f6c9cae3722846a35bc9dc63f62e7d5851198f251538b
                                                                                                          • Instruction ID: d49517789c7e4a62dc18d2850460d06601d4beff77880ba06bb55f17fc785804
                                                                                                          • Opcode Fuzzy Hash: b8fb3b24238790c5689f6c9cae3722846a35bc9dc63f62e7d5851198f251538b
                                                                                                          • Instruction Fuzzy Hash: 9DA17870A012149FCB64EB68D594B6DB7F2FF84315F14C4A9E40AAB355EB36EC42DB80
                                                                                                          Function 06B46268 Relevance: .2, Instructions: 229COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 267ba71791b93f222db72050547e392f28e0fe61a8cad27f3c5958d977079679
                                                                                                          • Instruction ID: 7dc0d2dcb5b5d9dfa67a6af7bd1ea639be0fc531a95e076b6c096313914f5be8
                                                                                                          • Opcode Fuzzy Hash: 267ba71791b93f222db72050547e392f28e0fe61a8cad27f3c5958d977079679
                                                                                                          • Instruction Fuzzy Hash: AB61B2B1F001215FCF54AA6EC88066FBADBEFD5210B254479E80EDB364EE65EC4287C1
                                                                                                          Function 06B44311 Relevance: .2, Instructions: 222COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 91a98b453fefbbae79ba4af568f304508320972be27466602dc5b0fe8cc15607
                                                                                                          • Instruction ID: effa3bd2de5f20ee22faab0cbc7c5aa35e5962b28e5babbaab1630709df3ed4e
                                                                                                          • Opcode Fuzzy Hash: 91a98b453fefbbae79ba4af568f304508320972be27466602dc5b0fe8cc15607
                                                                                                          • Instruction Fuzzy Hash: 36815C70B006099FDF54EFA8D5507AEB7F6EF89300F108469D90AEB395EA34EC428B41
                                                                                                          Function 06B44634 Relevance: .2, Instructions: 217COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1cbbcba8aeca9d72e9625092b253a2d574fb399c837634c235725756f52e849b
                                                                                                          • Instruction ID: b5da99659a2add589615f5814d04a340ce9bc68fae0d0cfe87a516b2ca6c084f
                                                                                                          • Opcode Fuzzy Hash: 1cbbcba8aeca9d72e9625092b253a2d574fb399c837634c235725756f52e849b
                                                                                                          • Instruction Fuzzy Hash: 9B914F70E1021A8FDF60DFA4C840B9DB7B1FF89310F208599D549BB295DB70AA85CF91
                                                                                                          Function 06B44648 Relevance: .2, Instructions: 210COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0de320f009a596e87f319693c6d05df7076cff7960ffca8106aabb5185bdcccc
                                                                                                          • Instruction ID: 643f7152fc3381e52f798e561f33df19cd38842a996bf21c939701333124f63e
                                                                                                          • Opcode Fuzzy Hash: 0de320f009a596e87f319693c6d05df7076cff7960ffca8106aabb5185bdcccc
                                                                                                          • Instruction Fuzzy Hash: 54912D70E1061A8BDF60DFA8C840B9DB7B1FF89310F208599D549BB395DB70AA85CF91
                                                                                                          Function 06B4EB80 Relevance: .2, Instructions: 204COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bdccf5418f5d6e8c506772de47f146346dbb48cd867e8fa25e52c437b02801fe
                                                                                                          • Instruction ID: 1b57e3cf9e05a5f5cadc3c7366152c2fdb433dea8c34b2df48db1c8d1a319bae
                                                                                                          • Opcode Fuzzy Hash: bdccf5418f5d6e8c506772de47f146346dbb48cd867e8fa25e52c437b02801fe
                                                                                                          • Instruction Fuzzy Hash: E8710CB0A002199FDB54EFA8D980A9DBBF6FF84301F248569E406EB355DB34ED46CB50
                                                                                                          Function 06B4EB90 Relevance: .2, Instructions: 201COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f78483b48176e9ecef2acf07f5f154e4d529918bf44f4bf2195d27de1c043c46
                                                                                                          • Instruction ID: 0d864a4814b82243e4177d1507415598c2f180794d5f12a1f9666813abfb341a
                                                                                                          • Opcode Fuzzy Hash: f78483b48176e9ecef2acf07f5f154e4d529918bf44f4bf2195d27de1c043c46
                                                                                                          • Instruction Fuzzy Hash: 78711EB0A002199FDB54EFA8D980A9DBBF6FF84300F248569E405EB355DB34ED46CB51
                                                                                                          Function 06B4FCF1 Relevance: .2, Instructions: 182COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 48c6f6092722381a679a9201a6d4cae82bb2666ec46ea5c95c23e9a28fda3ad0
                                                                                                          • Instruction ID: 446b6f8d0087608d8dae40a0ad60b8367f42815866ca31be0bdad20f9bbab85c
                                                                                                          • Opcode Fuzzy Hash: 48c6f6092722381a679a9201a6d4cae82bb2666ec46ea5c95c23e9a28fda3ad0
                                                                                                          • Instruction Fuzzy Hash: 4D5101B1E111159FCF54BFB8E8846BDBBBAFBC5311F1088A9E106DB251DB358806CB91
                                                                                                          Function 06B4FAA0 Relevance: .2, Instructions: 181COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: fbaa3e0e4648d22b7e2cd13822fc0c4a32ab37b7c61191b4f664b3b8fab3c77b
                                                                                                          • Instruction ID: 4c120280a303eedaf04d932ba0244c477d37b0e32147967d971779a6b120e42d
                                                                                                          • Opcode Fuzzy Hash: fbaa3e0e4648d22b7e2cd13822fc0c4a32ab37b7c61191b4f664b3b8fab3c77b
                                                                                                          • Instruction Fuzzy Hash: 4851C4B0B202249BEF606ABCD89477F269ED7CA311F204576E50AD77D5CA3CCC4163A2
                                                                                                          Function 06B4FAB0 Relevance: .2, Instructions: 163COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8d8fe6b42995409ccbd44fcb40badf85cc051ff581c037bb782a708daa3dca09
                                                                                                          • Instruction ID: a282b2c8c9f3112db61fec4aa491f499db791b38bdf252a81f350bec884fcc2b
                                                                                                          • Opcode Fuzzy Hash: 8d8fe6b42995409ccbd44fcb40badf85cc051ff581c037bb782a708daa3dca09
                                                                                                          • Instruction Fuzzy Hash: 9451A2B0B202249BEF606ABCD85473F269ED7CA311F204439E50AD7795CE7CCC4163A2
                                                                                                          Function 06B45488 Relevance: .1, Instructions: 130COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9b2d7d0c0a6ab999e22854b8b80a5844bd85f8ef905fe6fc45121e0fce44cd93
                                                                                                          • Instruction ID: c8a15288895c0d405467b988a9bc963f2dbf4ac3653153b609c6458ae7b887a3
                                                                                                          • Opcode Fuzzy Hash: 9b2d7d0c0a6ab999e22854b8b80a5844bd85f8ef905fe6fc45121e0fce44cd93
                                                                                                          • Instruction Fuzzy Hash: FA414CB2A00A098FDF70DE99D880BBEB7F2EB84310F10496AE656D7644D330E955DB90
                                                                                                          Function 06B42128 Relevance: .1, Instructions: 96COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0f56bdf7bccfd08f926ab39222237ae319e74d013db0e473d74456c62297bc21
                                                                                                          • Instruction ID: 7ecac08c886d7d32a6e859453607d76f4bde3f2657c7cc074c1961c48081b497
                                                                                                          • Opcode Fuzzy Hash: 0f56bdf7bccfd08f926ab39222237ae319e74d013db0e473d74456c62297bc21
                                                                                                          • Instruction Fuzzy Hash: A3318F70E1021A9FCB58DFA4D8946AEB7B2FF89300F10D569E906E7350DB31AD46DB50
                                                                                                          Function 06B42138 Relevance: .1, Instructions: 91COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ffde67a181957c473623ee034895cf125dab9a6ff2ddd34fb6c019703584f8b7
                                                                                                          • Instruction ID: ee6b3b0359d348920ef76993088d0163035901971dadf2d6fbdc9539f9441afc
                                                                                                          • Opcode Fuzzy Hash: ffde67a181957c473623ee034895cf125dab9a6ff2ddd34fb6c019703584f8b7
                                                                                                          • Instruction Fuzzy Hash: C631A070E102169FCB58DFA4D89469EB7B2FF89300F10C569E906E7350DB31AD42DB50
                                                                                                          Function 06B43B10 Relevance: .1, Instructions: 86COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ce5ae4ea9090b699dae3f88166dbd2afbdf69c27aaabfc6d8056e53f42389dbd
                                                                                                          • Instruction ID: 43e93dbd5134263c3d10342cfd520f08cd867fa5dfd5c63a8d287f631914db87
                                                                                                          • Opcode Fuzzy Hash: ce5ae4ea9090b699dae3f88166dbd2afbdf69c27aaabfc6d8056e53f42389dbd
                                                                                                          • Instruction Fuzzy Hash: 2A219F71F016199FDB50EFA9E881BEEBBF5EB88710F148165E901E7390D738D8418BA0
                                                                                                          Function 06B43B20 Relevance: .1, Instructions: 78COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b3a24e903f73fb2f77cafe884020c92a81f4b52d653728903c05e0320680cd90
                                                                                                          • Instruction ID: 2dafa5f1c51b50dff6df1c61b302eee9cca585ef78f3ed153702853bc65174b5
                                                                                                          • Opcode Fuzzy Hash: b3a24e903f73fb2f77cafe884020c92a81f4b52d653728903c05e0320680cd90
                                                                                                          • Instruction Fuzzy Hash: 93217A75F006159FDB50EFAAE980BAEBBF5EB48310F148069E905E7350E738EC418B90
                                                                                                          Function 015DD3BC Relevance: .1, Instructions: 72COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4129483390.00000000015DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015DD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_15dd000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 961d2e47b105fcb565561ca6967969d2d27a5c6af58eff9d27c6c018b5ab8992
                                                                                                          • Instruction ID: 60b4bd8997030a05f7797222a20fc855d8357983ee33bd08d37864e795093333
                                                                                                          • Opcode Fuzzy Hash: 961d2e47b105fcb565561ca6967969d2d27a5c6af58eff9d27c6c018b5ab8992
                                                                                                          • Instruction Fuzzy Hash: AF210371604200DFCB11DF58D9C4B26BBB5FB84314F20C96DD80A0F282C3B6E446CB61
                                                                                                          Function 015DD20C Relevance: .1, Instructions: 72COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4129483390.00000000015DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015DD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_15dd000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3f1e82f9454169b85c1ad5e2ef4fbea133a3fba082e5200d15b0913b73977e24
                                                                                                          • Instruction ID: b4d6c0f326a98d602c2e142916bc5cd4d7113c32b728506d15253e3775842126
                                                                                                          • Opcode Fuzzy Hash: 3f1e82f9454169b85c1ad5e2ef4fbea133a3fba082e5200d15b0913b73977e24
                                                                                                          • Instruction Fuzzy Hash: 6021C2B16042449FDB21DF58D984B2ABBB5FB84334F24CA69D9490F286C37AD406CBA1
                                                                                                          Function 015DD044 Relevance: .1, Instructions: 72COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4129483390.00000000015DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015DD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_15dd000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 84c33ced7f44873541e7c774d851190668f085864aba3cea26fb37987b8b88eb
                                                                                                          • Instruction ID: d34fe00c707f0946967979ed112d993e206bacae19a00a71925b5760f20d7d67
                                                                                                          • Opcode Fuzzy Hash: 84c33ced7f44873541e7c774d851190668f085864aba3cea26fb37987b8b88eb
                                                                                                          • Instruction Fuzzy Hash: 0821F171604204AFCB21CFA8C884B26BBB5FB84314F24C969E90A4F282D736D446CB61
                                                                                                          Function 06B46D99 Relevance: .1, Instructions: 70COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 58d41e8c5d8601e0c7997816eb3cfbed7285cea7b248744138ec700d23b13d9e
                                                                                                          • Instruction ID: 49fb793d3776830aee53896dfce4cd0f044d33ef7e2d481eb18487aee26b6db2
                                                                                                          • Opcode Fuzzy Hash: 58d41e8c5d8601e0c7997816eb3cfbed7285cea7b248744138ec700d23b13d9e
                                                                                                          • Instruction Fuzzy Hash: AF21CD71B201189FCF84EBA8E9907AEB7F6EB84310F248479E405EB344EB359D518B80
                                                                                                          Function 06B43C30 Relevance: .1, Instructions: 59COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e9c557dfcb188615d155e6ea9bbae1b461c94b30b7672a86d6117037d68780aa
                                                                                                          • Instruction ID: efd0692c0e3dc5c2bfb79b13af0b48ed0affbd69bcfa46e67ce652eac257358f
                                                                                                          • Opcode Fuzzy Hash: e9c557dfcb188615d155e6ea9bbae1b461c94b30b7672a86d6117037d68780aa
                                                                                                          • Instruction Fuzzy Hash: 9C11C472B142289FEB94AA79D8106AF77FAEBC8311F044179C40AE7354EE35DC028BD1
                                                                                                          Function 06B4A380 Relevance: .1, Instructions: 57COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 822026041883b613e9544332edcd4caadac2e187191a5fa3233225d98f48cbbc
                                                                                                          • Instruction ID: 902c76c1b74b1e4d1d53b50d3e9bb5fb76d52699489405e09a9e5b9d37092374
                                                                                                          • Opcode Fuzzy Hash: 822026041883b613e9544332edcd4caadac2e187191a5fa3233225d98f48cbbc
                                                                                                          • Instruction Fuzzy Hash: 9001F5B07141111FC761AA7CE8A4B5F7BE6EB86614F1048ADF10AC7359EA24EC018391
                                                                                                          Function 06B4EE01 Relevance: .1, Instructions: 56COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 98add3ae74acbc58cebb07be3ebac1f3bdf797a8c2ba198fb69ff7bb6f450dba
                                                                                                          • Instruction ID: e939eb67543953a627fb47de3291488329c5e962045a5fdbe376f72df3f1f815
                                                                                                          • Opcode Fuzzy Hash: 98add3ae74acbc58cebb07be3ebac1f3bdf797a8c2ba198fb69ff7bb6f450dba
                                                                                                          • Instruction Fuzzy Hash: 4901DF71B201115FCBA0AAACA890B6F76D7FBC9610F108879F10ACB341EA25DC034395
                                                                                                          Function 06B44270 Relevance: .1, Instructions: 56COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0b2cf3c73a63a0f47097a1b44859de41a5e9831a75d8c11ebfea699516363140
                                                                                                          • Instruction ID: bd7f343fdfd82f76182fc490aaf182f2817403d3bd94437409a298c5881e5eda
                                                                                                          • Opcode Fuzzy Hash: 0b2cf3c73a63a0f47097a1b44859de41a5e9831a75d8c11ebfea699516363140
                                                                                                          • Instruction Fuzzy Hash: 7201B1B1B245110FDBA1A9BCA85071B7ADBEFCA720F10847AF10ACB355DD65CC414391
                                                                                                          Function 06B43C20 Relevance: .1, Instructions: 54COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 527e28a2388d00cebdf4a41f8d86c4f3c639cf0ecce70b31132a0aa725520261
                                                                                                          • Instruction ID: 48faccfe0385cbb362dfa909cc877ac93cb065915b1b7e5d9a7959a0e12397d2
                                                                                                          • Opcode Fuzzy Hash: 527e28a2388d00cebdf4a41f8d86c4f3c639cf0ecce70b31132a0aa725520261
                                                                                                          • Instruction Fuzzy Hash: E601D875B100256BEB94A975EC117EB3AEFDBC8211F044175D006D3241DE248C114BE1
                                                                                                          Function 015DD03F Relevance: .1, Instructions: 53COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4129483390.00000000015DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015DD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_15dd000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                          • Instruction ID: 28795765dd1fe9f113a9d3aa6a73bc365d672579dfd1633c12359f05c55622de
                                                                                                          • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                          • Instruction Fuzzy Hash: A911BE75504244CFDB12CF68C5C4B19FB72FB84314F24C6A9D8494F292C33AD44ACB51
                                                                                                          Function 015DD3B7 Relevance: .1, Instructions: 53COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4129483390.00000000015DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015DD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_15dd000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                          • Instruction ID: be69cb568ad658075661089ed3548d4ebc76b1e0803779a041b529311a4e6cd8
                                                                                                          • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                          • Instruction Fuzzy Hash: 1011BE75504280DFDB12CF58D5C4B59BB72FB44314F24C6ADD8494F296C37AE40ACBA1
                                                                                                          Function 015DD207 Relevance: .1, Instructions: 53COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4129483390.00000000015DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015DD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_15dd000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 118f051af2fa4d3b71157da4c1d703aecab942a5cdb4903c1e78cbe3821e71d1
                                                                                                          • Instruction ID: a0296815de0e217e943267a43b0b3f683eba38c1cabc7279cf2eb4ede5bbd572
                                                                                                          • Opcode Fuzzy Hash: 118f051af2fa4d3b71157da4c1d703aecab942a5cdb4903c1e78cbe3821e71d1
                                                                                                          • Instruction Fuzzy Hash: 7511BF76504284CFDB12CF58D5C4B1AFF71FB84324F24C6AAD8494B696C33AD40ACBA2
                                                                                                          Function 06B438F0 Relevance: .1, Instructions: 52COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0802eaf2de11877b72fc392abc49943c3374b9a6beb80541b9c38919882ec6d8
                                                                                                          • Instruction ID: 9c99a697ace0759981d97bc343cc16a473900b807386311defafadedc8b7b3fb
                                                                                                          • Opcode Fuzzy Hash: 0802eaf2de11877b72fc392abc49943c3374b9a6beb80541b9c38919882ec6d8
                                                                                                          • Instruction Fuzzy Hash: 4111CFB1D01219AFCB00DF9AD884ACEFBF4FB48310F50816AE918A7241C375A954CFA5
                                                                                                          Function 06B438E8 Relevance: .1, Instructions: 52COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b11de733e8ef0f3d6f575ace5743f3e357ce7138aaa57642561f112268e8a0d5
                                                                                                          • Instruction ID: 9110c5e943f97d1c3c3cd738d3e1037c909b1cc9f5f0c4b067b7a81c1d1ca420
                                                                                                          • Opcode Fuzzy Hash: b11de733e8ef0f3d6f575ace5743f3e357ce7138aaa57642561f112268e8a0d5
                                                                                                          • Instruction Fuzzy Hash: 1F21C2B1D01259AFCB10DF9AD884ACEFFB4FB49310F50815AE918B7241C3756554CFA5
                                                                                                          Function 06B44280 Relevance: .1, Instructions: 51COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5539f2e705f68daa9a68a9b57ffb60d03cdb4fd084328071e2ff730e7c595ad7
                                                                                                          • Instruction ID: 50bc2933bf27a7db835d11c0a2579718435e769cb091822650cc894a0b7cc179
                                                                                                          • Opcode Fuzzy Hash: 5539f2e705f68daa9a68a9b57ffb60d03cdb4fd084328071e2ff730e7c595ad7
                                                                                                          • Instruction Fuzzy Hash: 70016DB1B205114FDBA4A9ADA45072BB6DAEBC9720F20847AF10ACB358DD65DC4243D1
                                                                                                          Function 06B4EE10 Relevance: .0, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e7db530de9c98d1704b832a8012461eb807b42aac094cebf86ac5e2fcc2dce20
                                                                                                          • Instruction ID: bc4e12ee9b565f8fba3ee0b426bde79a736096b61436eef310d3f2bf0e5c978d
                                                                                                          • Opcode Fuzzy Hash: e7db530de9c98d1704b832a8012461eb807b42aac094cebf86ac5e2fcc2dce20
                                                                                                          • Instruction Fuzzy Hash: DE01AFB1B200114FCBA4AABCA49072F62D7FBC9A20F109879F20AC7344EE25DC034395
                                                                                                          Function 06B4A390 Relevance: .0, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: aa770f75a591cd5a0cab1ce928db9ceb84ef1910bd5f0469f430421312e391a2
                                                                                                          • Instruction ID: 009e7a15e4af0ea2fb5c419dc1dd7801ab52fe5436904ea26b90138834e1f537
                                                                                                          • Opcode Fuzzy Hash: aa770f75a591cd5a0cab1ce928db9ceb84ef1910bd5f0469f430421312e391a2
                                                                                                          • Instruction Fuzzy Hash: 7C0181B0B501154FDBA0EAACE495B1F73E6FB89750F109878E50AD7358EE25EC428781
                                                                                                          Function 015CD8C5 Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4129435132.00000000015CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015CD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_15cd000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 03660113622884ceb23491c60b5477bb2475c73270d14c1e0ab6d66be77a8bf5
                                                                                                          • Instruction ID: 4b44a68b91b8e70292ebced310a1b44eb8916041280d95d1aeb7d1e656019b6c
                                                                                                          • Opcode Fuzzy Hash: 03660113622884ceb23491c60b5477bb2475c73270d14c1e0ab6d66be77a8bf5
                                                                                                          • Instruction Fuzzy Hash: C901D4350083449EE7104E99DC84B6AFFF8EB55A25F08C82EED0D8E282C7249840C6B1
                                                                                                          Function 06B4C838 Relevance: .0, Instructions: 39COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 062b5b3e29512631501167c5cd9f362b8d6ed9e3e4f613245b19e04f677f36b2
                                                                                                          • Instruction ID: cfa1f3cd1ed0af337fe006c1fb728951da840731b17b19b347c78850bcaeab14
                                                                                                          • Opcode Fuzzy Hash: 062b5b3e29512631501167c5cd9f362b8d6ed9e3e4f613245b19e04f677f36b2
                                                                                                          • Instruction Fuzzy Hash: 8AF02472E32234E7DB14A964EC005EABB7AEB40215F004565E802FB281D77559158BC0
                                                                                                          Function 015CD8C4 Relevance: .0, Instructions: 36COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4129435132.00000000015CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015CD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_15cd000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2a5d70be39c3ec75c46392edddfa98cf23e5b9f57557309e0642b7bba20ac67e
                                                                                                          • Instruction ID: 80c5defdb9ac213368388399a4a8c944713af985c9587ebd8fcd9eec875cbc1c
                                                                                                          • Opcode Fuzzy Hash: 2a5d70be39c3ec75c46392edddfa98cf23e5b9f57557309e0642b7bba20ac67e
                                                                                                          • Instruction Fuzzy Hash: 72F06276408344AEE7118E5ADCC4B6AFFA8EB55A34F18C45EED484F286C3799844CAB1
                                                                                                          Function 06B4C848 Relevance: .0, Instructions: 33COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1f384aed25fe9830d0d7948f4d6d03611efdcdd448c769eedcfd21af2030f118
                                                                                                          • Instruction ID: 194ef7feb53c0b9e17462e866ff26df23d9dbf42f0f885e9cec7421b85eb51f5
                                                                                                          • Opcode Fuzzy Hash: 1f384aed25fe9830d0d7948f4d6d03611efdcdd448c769eedcfd21af2030f118
                                                                                                          • Instruction Fuzzy Hash: B1F0A072E212389BDB14A965EC009AABB3AFB84750F104479E912E7384DB75AC008BC0
                                                                                                          Function 06B464F1 Relevance: .0, Instructions: 31COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 78bdb40264e8c335343810204ade33eb4ba4b8a31d36ca78598e1064c16ed7e5
                                                                                                          • Instruction ID: 26fdd3ad404ea3f6cc7d00001a5c1dc629846f72d218b98449167d21492eab97
                                                                                                          • Opcode Fuzzy Hash: 78bdb40264e8c335343810204ade33eb4ba4b8a31d36ca78598e1064c16ed7e5
                                                                                                          • Instruction Fuzzy Hash: 52E092F0E2110C6BEB60EA74A945B9A7BAEDB43214F1458E5E504C7107F237DD01EBA2

                                                                                                          Non-executed Functions

                                                                                                          Function 06B47720 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                          • API String ID: 0-3623093008
                                                                                                          • Opcode ID: d9a6022caf767a7551fe3d13d0734c718237d9eec70718b414ba44bf31bc6a97
                                                                                                          • Instruction ID: 81fcc7fde68fe48cdf60346ed89ef4328ee1ac417957fc4db6e6b51319ec48ed
                                                                                                          • Opcode Fuzzy Hash: d9a6022caf767a7551fe3d13d0734c718237d9eec70718b414ba44bf31bc6a97
                                                                                                          • Instruction Fuzzy Hash: 02123A70E002198FDB64EF65D954AAEB7B2FF88301F2095B9D409AB265DF309D85CF80
                                                                                                          Function 06B4A9B0 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                          • API String ID: 0-634254105
                                                                                                          • Opcode ID: 8da64f0ae568e8988a473ec3baea04d137dee3a85addcf12f2520e019deda39f
                                                                                                          • Instruction ID: 8268dfed7345482fd8cac05c91071f986ad024dbb2c1e33f5b4c04a40f74fcab
                                                                                                          • Opcode Fuzzy Hash: 8da64f0ae568e8988a473ec3baea04d137dee3a85addcf12f2520e019deda39f
                                                                                                          • Instruction Fuzzy Hash: 589181B0A40219DFDB64EF64D994B6E7BF3FF44301F209569E801AB299DB349D41DB80
                                                                                                          Function 06B47120 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: .5|q$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                          • API String ID: 0-3447281907
                                                                                                          • Opcode ID: dfb762266bb05125a2edec2fe7e8311cd0f3b1a7b995874f06c7faf435c2a12e
                                                                                                          • Instruction ID: 1604d038e029a59078eb9ea27c660ed9253b0f2766ea554864ff770ae9001e27
                                                                                                          • Opcode Fuzzy Hash: dfb762266bb05125a2edec2fe7e8311cd0f3b1a7b995874f06c7faf435c2a12e
                                                                                                          • Instruction Fuzzy Hash: E7F10870A01219CFDB54EFA8D554A6EB7B3FF88301F248569D405AB394DF39AC42DB81
                                                                                                          Function 06B48458 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $dq$$dq$$dq$$dq
                                                                                                          • API String ID: 0-185584874
                                                                                                          • Opcode ID: c823b3871204928538b0e01c934d4917ab12ed183412d50245cb8d17fa0c4e55
                                                                                                          • Instruction ID: 4023ca8053ea6509104430f1008f0d80abc59c0faa2b3a5a8601dad33f324ec8
                                                                                                          • Opcode Fuzzy Hash: c823b3871204928538b0e01c934d4917ab12ed183412d50245cb8d17fa0c4e55
                                                                                                          • Instruction Fuzzy Hash: 78B13B70E012198FDB54EFA4D5906AEB7B3FF84301F248569D40AAB394DB74DC86DB80
                                                                                                          Function 06B4AD3A Relevance: 5.2, Strings: 4, Instructions: 172COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $dq$$dq$$dq$$dq
                                                                                                          • API String ID: 0-185584874
                                                                                                          • Opcode ID: 31e1acfc14f893cdafeeeed7515a0066bd498e523ad6562975281243dea1cb8a
                                                                                                          • Instruction ID: 7ed85336e9875e9e30dd38ea40e3e3ab78c12b608cf582f17c2773dc38d7facf
                                                                                                          • Opcode Fuzzy Hash: 31e1acfc14f893cdafeeeed7515a0066bd498e523ad6562975281243dea1cb8a
                                                                                                          • Instruction Fuzzy Hash: 8651C4B0E51215DFDF64EF64E8806AE77B2FB88301F205569E815E7258DB34EC41DB90
                                                                                                          Function 06B48870 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.4138710664.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_6b40000_RegSvcs.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: LRdq$LRdq$$dq$$dq
                                                                                                          • API String ID: 0-340319088
                                                                                                          • Opcode ID: a62bfae03229ee5e8d9cfac20dc4700f7d940b71f287b8314c5fa569b6069e0c
                                                                                                          • Instruction ID: 8aa489a6a46a9b80073405312a8ad3838161598f370bddf18a8fa90e339c4468
                                                                                                          • Opcode Fuzzy Hash: a62bfae03229ee5e8d9cfac20dc4700f7d940b71f287b8314c5fa569b6069e0c
                                                                                                          • Instruction Fuzzy Hash: 21518070B002169FDB54EF68E940A6A77F2FF89300B1495A9E406AB3A5DB35EC40CB91