Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
W9UAjNR4L6.exe

Overview

General Information

Sample name:W9UAjNR4L6.exe
renamed because original name is a hash value
Original sample name:25a598f19fc93ed7abd222c542270070.exe
Analysis ID:1562541
MD5:25a598f19fc93ed7abd222c542270070
SHA1:81e6b383f7200927d12ec89ea471ac72657d2e6a
SHA256:791ddabc0fe9675f1de59e055ffd6a292be34144d9f02803311eb9fb3dcc44ea
Tags:exenjratRATuser-abuse_ch
Infos:

Detection

Njrat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Njrat
.NET source code contains potential unpacker
AI detected suspicious sample
Contains functionality to disable the Task Manager (.Net Source)
Contains functionality to spread to USB devices (.Net source)
Creates autorun.inf (USB autostart)
Disables zone checking for all users
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the windows firewall
Uses netsh to modify the Windows network and firewall settings
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Yara signature match

Classification

Process Tree

  • System is w10x64
  • W9UAjNR4L6.exe (PID: 6036 cmdline: "C:\Users\user\Desktop\W9UAjNR4L6.exe" MD5: 25A598F19FC93ED7ABD222C542270070)
    • netsh.exe (PID: 7128 cmdline: netsh firewall add allowedprogram "C:\Users\user\Desktop\W9UAjNR4L6.exe" "W9UAjNR4L6.exe" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
      • conhost.exe (PID: 8 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • netsh.exe (PID: 3744 cmdline: netsh firewall delete allowedprogram "C:\Users\user\Desktop\W9UAjNR4L6.exe" MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
      • conhost.exe (PID: 6200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • netsh.exe (PID: 5480 cmdline: netsh firewall add allowedprogram "C:\Users\user\Desktop\W9UAjNR4L6.exe" "W9UAjNR4L6.exe" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
      • conhost.exe (PID: 5960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
NjRATRedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.
  • AQUATIC PANDA
  • Earth Lusca
  • Operation C-Major
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Malware Configuration

Threatname: Njrat

{"Campaign ID": "HacKed", "Version": "0.7d", "Install Name": "479c12dc394ac2d8130b559c835e22f3", "Install Dir": "Adobe Update", "Registry Value": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Network Seprator": "|'|'|"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
W9UAjNR4L6.exeJoeSecurity_NjratYara detected NjratJoe Security
    W9UAjNR4L6.exeWindows_Trojan_Njrat_30f3c220unknownunknown
    • 0x1266a:$a1: get_Registry
    • 0x15177:$a2: SEE_MASK_NOZONECHECKS
    • 0x14e19:$a3: Download ERROR
    • 0x153cd:$a4: cmd.exe /c ping 0 -n 2 & del "
    • 0x13356:$a5: netsh firewall delete allowedprogram "
    W9UAjNR4L6.exeCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
    • 0x153cd:$x1: cmd.exe /c ping 0 -n 2 & del "
    • 0x12ee2:$s1: winmgmts:\\.\root\SecurityCenter2
    • 0x14e37:$s3: Executed As
    • 0x1165d:$s5: Stub.exe
    • 0x14e19:$s6: Download ERROR
    • 0x12ea4:$s8: Select * From AntiVirusProduct
    W9UAjNR4L6.exeNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
    • 0x15177:$reg: SEE_MASK_NOZONECHECKS
    • 0x14dfd:$msg: Execute ERROR
    • 0x14e51:$msg: Execute ERROR
    • 0x153cd:$ping: cmd.exe /c ping 0 -n 2 & del
    W9UAjNR4L6.exeMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
    • 0x13356:$s1: netsh firewall delete allowedprogram
    • 0x133a8:$s2: netsh firewall add allowedprogram
    • 0x153cd:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 63 00 20 00 70 00 69 00 6E 00 67
    • 0x14dfd:$s4: Execute ERROR
    • 0x14e51:$s4: Execute ERROR
    • 0x14e19:$s5: Download ERROR

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Umbrella.flv.exeJoeSecurity_NjratYara detected NjratJoe Security
      C:\Umbrella.flv.exeWindows_Trojan_Njrat_30f3c220unknownunknown
      • 0x1266a:$a1: get_Registry
      • 0x15177:$a2: SEE_MASK_NOZONECHECKS
      • 0x14e19:$a3: Download ERROR
      • 0x153cd:$a4: cmd.exe /c ping 0 -n 2 & del "
      • 0x13356:$a5: netsh firewall delete allowedprogram "
      C:\Umbrella.flv.exeCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
      • 0x153cd:$x1: cmd.exe /c ping 0 -n 2 & del "
      • 0x12ee2:$s1: winmgmts:\\.\root\SecurityCenter2
      • 0x14e37:$s3: Executed As
      • 0x1165d:$s5: Stub.exe
      • 0x14e19:$s6: Download ERROR
      • 0x12ea4:$s8: Select * From AntiVirusProduct
      C:\Umbrella.flv.exeNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
      • 0x15177:$reg: SEE_MASK_NOZONECHECKS
      • 0x14dfd:$msg: Execute ERROR
      • 0x14e51:$msg: Execute ERROR
      • 0x153cd:$ping: cmd.exe /c ping 0 -n 2 & del
      C:\Umbrella.flv.exeMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
      • 0x13356:$s1: netsh firewall delete allowedprogram
      • 0x133a8:$s2: netsh firewall add allowedprogram
      • 0x153cd:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 63 00 20 00 70 00 69 00 6E 00 67
      • 0x14dfd:$s4: Execute ERROR
      • 0x14e51:$s4: Execute ERROR
      • 0x14e19:$s5: Download ERROR

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000000.1660962736.0000000000532000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_NjratYara detected NjratJoe Security
        00000000.00000000.1660962736.0000000000532000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Njrat_30f3c220unknownunknown
        • 0x1246a:$a1: get_Registry
        • 0x14f77:$a2: SEE_MASK_NOZONECHECKS
        • 0x14c19:$a3: Download ERROR
        • 0x151cd:$a4: cmd.exe /c ping 0 -n 2 & del "
        • 0x13156:$a5: netsh firewall delete allowedprogram "
        00000000.00000000.1660962736.0000000000532000.00000002.00000001.01000000.00000003.sdmpNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
        • 0x14f77:$reg: SEE_MASK_NOZONECHECKS
        • 0x14bfd:$msg: Execute ERROR
        • 0x14c51:$msg: Execute ERROR
        • 0x151cd:$ping: cmd.exe /c ping 0 -n 2 & del
        00000000.00000002.4124195324.0000000002B51000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_NjratYara detected NjratJoe Security
          Process Memory Space: W9UAjNR4L6.exe PID: 6036JoeSecurity_NjratYara detected NjratJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.0.W9UAjNR4L6.exe.530000.0.unpackJoeSecurity_NjratYara detected NjratJoe Security
              0.0.W9UAjNR4L6.exe.530000.0.unpackWindows_Trojan_Njrat_30f3c220unknownunknown
              • 0x1266a:$a1: get_Registry
              • 0x15177:$a2: SEE_MASK_NOZONECHECKS
              • 0x14e19:$a3: Download ERROR
              • 0x153cd:$a4: cmd.exe /c ping 0 -n 2 & del "
              • 0x13356:$a5: netsh firewall delete allowedprogram "
              0.0.W9UAjNR4L6.exe.530000.0.unpackCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
              • 0x153cd:$x1: cmd.exe /c ping 0 -n 2 & del "
              • 0x12ee2:$s1: winmgmts:\\.\root\SecurityCenter2
              • 0x14e37:$s3: Executed As
              • 0x1165d:$s5: Stub.exe
              • 0x14e19:$s6: Download ERROR
              • 0x12ea4:$s8: Select * From AntiVirusProduct
              0.0.W9UAjNR4L6.exe.530000.0.unpackNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
              • 0x15177:$reg: SEE_MASK_NOZONECHECKS
              • 0x14dfd:$msg: Execute ERROR
              • 0x14e51:$msg: Execute ERROR
              • 0x153cd:$ping: cmd.exe /c ping 0 -n 2 & del
              0.0.W9UAjNR4L6.exe.530000.0.unpackMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
              • 0x13356:$s1: netsh firewall delete allowedprogram
              • 0x133a8:$s2: netsh firewall add allowedprogram
              • 0x153cd:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 63 00 20 00 70 00 69 00 6E 00 67
              • 0x14dfd:$s4: Execute ERROR
              • 0x14e51:$s4: Execute ERROR
              • 0x14e19:$s5: Download ERROR

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-11-25T17:37:05.645458+010020211761Malware Command and Control Activity Detected192.168.2.4497303.126.37.1812824TCP
              2024-11-25T17:37:09.173294+010020211761Malware Command and Control Activity Detected192.168.2.4497313.126.37.1812824TCP
              2024-11-25T17:37:12.983923+010020211761Malware Command and Control Activity Detected192.168.2.4497323.126.37.1812824TCP
              2024-11-25T17:37:16.481312+010020211761Malware Command and Control Activity Detected192.168.2.4497333.126.37.1812824TCP
              2024-11-25T17:37:20.055878+010020211761Malware Command and Control Activity Detected192.168.2.4497363.126.37.1812824TCP
              2024-11-25T17:37:23.718786+010020211761Malware Command and Control Activity Detected192.168.2.4497403.126.37.1812824TCP
              2024-11-25T17:37:27.227897+010020211761Malware Command and Control Activity Detected192.168.2.4497423.126.37.1812824TCP
              2024-11-25T17:37:30.993211+010020211761Malware Command and Control Activity Detected192.168.2.4497433.126.37.1812824TCP
              2024-11-25T17:37:34.511539+010020211761Malware Command and Control Activity Detected192.168.2.4497443.126.37.1812824TCP
              2024-11-25T17:37:37.946487+010020211761Malware Command and Control Activity Detected192.168.2.4497453.126.37.1812824TCP
              2024-11-25T17:37:41.712320+010020211761Malware Command and Control Activity Detected192.168.2.4497463.126.37.1812824TCP
              2024-11-25T17:37:45.405759+010020211761Malware Command and Control Activity Detected192.168.2.4497473.126.37.1812824TCP
              2024-11-25T17:37:49.026428+010020211761Malware Command and Control Activity Detected192.168.2.4497483.126.37.1812824TCP
              2024-11-25T17:37:52.618515+010020211761Malware Command and Control Activity Detected192.168.2.4497493.126.37.1812824TCP
              2024-11-25T17:37:56.196588+010020211761Malware Command and Control Activity Detected192.168.2.4497503.126.37.1812824TCP
              2024-11-25T17:38:00.056353+010020211761Malware Command and Control Activity Detected192.168.2.4497533.126.37.1812824TCP
              2024-11-25T17:38:03.557267+010020211761Malware Command and Control Activity Detected192.168.2.4497593.126.37.1812824TCP
              2024-11-25T17:38:07.186505+010020211761Malware Command and Control Activity Detected192.168.2.44976518.156.13.20912824TCP
              2024-11-25T17:38:10.614625+010020211761Malware Command and Control Activity Detected192.168.2.44977618.156.13.20912824TCP
              2024-11-25T17:38:13.808395+010020211761Malware Command and Control Activity Detected192.168.2.44978218.156.13.20912824TCP
              2024-11-25T17:38:17.020519+010020211761Malware Command and Control Activity Detected192.168.2.44978818.156.13.20912824TCP
              2024-11-25T17:38:20.189801+010020211761Malware Command and Control Activity Detected192.168.2.44979818.156.13.20912824TCP
              2024-11-25T17:38:23.045830+010020211761Malware Command and Control Activity Detected192.168.2.44980418.156.13.20912824TCP
              2024-11-25T17:38:25.777115+010020211761Malware Command and Control Activity Detected192.168.2.44981118.156.13.20912824TCP
              2024-11-25T17:38:28.452694+010020211761Malware Command and Control Activity Detected192.168.2.44981818.156.13.20912824TCP
              2024-11-25T17:38:31.260758+010020211761Malware Command and Control Activity Detected192.168.2.44982418.156.13.20912824TCP
              2024-11-25T17:38:34.046872+010020211761Malware Command and Control Activity Detected192.168.2.44983118.156.13.20912824TCP
              2024-11-25T17:38:36.743738+010020211761Malware Command and Control Activity Detected192.168.2.44983718.156.13.20912824TCP
              2024-11-25T17:38:39.508878+010020211761Malware Command and Control Activity Detected192.168.2.44984518.156.13.20912824TCP
              2024-11-25T17:38:41.977698+010020211761Malware Command and Control Activity Detected192.168.2.44985118.156.13.20912824TCP
              2024-11-25T17:38:44.744336+010020211761Malware Command and Control Activity Detected192.168.2.44985818.156.13.20912824TCP
              2024-11-25T17:38:47.499598+010020211761Malware Command and Control Activity Detected192.168.2.44986518.156.13.20912824TCP
              2024-11-25T17:38:50.133869+010020211761Malware Command and Control Activity Detected192.168.2.44987118.156.13.20912824TCP
              2024-11-25T17:38:52.557329+010020211761Malware Command and Control Activity Detected192.168.2.44987818.156.13.20912824TCP
              2024-11-25T17:38:54.665521+010020211761Malware Command and Control Activity Detected192.168.2.44988218.156.13.20912824TCP
              2024-11-25T17:38:56.779763+010020211761Malware Command and Control Activity Detected192.168.2.44988718.156.13.20912824TCP
              2024-11-25T17:38:58.901645+010020211761Malware Command and Control Activity Detected192.168.2.44989118.156.13.20912824TCP
              2024-11-25T17:39:01.123394+010020211761Malware Command and Control Activity Detected192.168.2.44989818.156.13.20912824TCP
              2024-11-25T17:39:03.380994+010020211761Malware Command and Control Activity Detected192.168.2.44990318.156.13.20912824TCP
              2024-11-25T17:39:05.758016+010020211761Malware Command and Control Activity Detected192.168.2.44990918.156.13.20912824TCP
              2024-11-25T17:39:08.368868+010020211761Malware Command and Control Activity Detected192.168.2.44991618.192.93.8612824TCP
              2024-11-25T17:39:11.078657+010020211761Malware Command and Control Activity Detected192.168.2.44992218.192.93.8612824TCP
              2024-11-25T17:39:13.847332+010020211761Malware Command and Control Activity Detected192.168.2.44992718.192.93.8612824TCP
              2024-11-25T17:39:16.594388+010020211761Malware Command and Control Activity Detected192.168.2.44993318.192.93.8612824TCP
              2024-11-25T17:39:19.047135+010020211761Malware Command and Control Activity Detected192.168.2.44993918.192.93.8612824TCP
              2024-11-25T17:39:21.464134+010020211761Malware Command and Control Activity Detected192.168.2.44994418.192.93.8612824TCP
              2024-11-25T17:39:23.634704+010020211761Malware Command and Control Activity Detected192.168.2.44994718.192.93.8612824TCP
              2024-11-25T17:39:25.385093+010020211761Malware Command and Control Activity Detected192.168.2.44995318.192.93.8612824TCP
              2024-11-25T17:39:27.565444+010020211761Malware Command and Control Activity Detected192.168.2.44995918.192.93.8612824TCP
              2024-11-25T17:39:29.720606+010020211761Malware Command and Control Activity Detected192.168.2.44996518.192.93.8612824TCP
              2024-11-25T17:39:31.917091+010020211761Malware Command and Control Activity Detected192.168.2.44996818.192.93.8612824TCP
              2024-11-25T17:39:33.564055+010020211761Malware Command and Control Activity Detected192.168.2.44997218.192.93.8612824TCP
              2024-11-25T17:39:35.688781+010020211761Malware Command and Control Activity Detected192.168.2.44997818.192.93.8612824TCP
              2024-11-25T17:39:37.944784+010020211761Malware Command and Control Activity Detected192.168.2.44998118.192.93.8612824TCP
              2024-11-25T17:39:40.237683+010020211761Malware Command and Control Activity Detected192.168.2.44998718.192.93.8612824TCP
              2024-11-25T17:39:42.064892+010020211761Malware Command and Control Activity Detected192.168.2.44999318.192.93.8612824TCP
              2024-11-25T17:39:44.110749+010020211761Malware Command and Control Activity Detected192.168.2.44999918.192.93.8612824TCP
              2024-11-25T17:39:46.354325+010020211761Malware Command and Control Activity Detected192.168.2.45000218.192.93.8612824TCP
              2024-11-25T17:39:48.360451+010020211761Malware Command and Control Activity Detected192.168.2.45000718.192.93.8612824TCP
              2024-11-25T17:39:49.969403+010020211761Malware Command and Control Activity Detected192.168.2.45001218.192.93.8612824TCP
              2024-11-25T17:39:52.281387+010020211761Malware Command and Control Activity Detected192.168.2.45001818.192.93.8612824TCP
              2024-11-25T17:39:54.344606+010020211761Malware Command and Control Activity Detected192.168.2.45002418.192.93.8612824TCP
              2024-11-25T17:39:56.532679+010020211761Malware Command and Control Activity Detected192.168.2.45002718.192.93.8612824TCP
              2024-11-25T17:39:58.612439+010020211761Malware Command and Control Activity Detected192.168.2.45003218.192.93.8612824TCP
              2024-11-25T17:40:00.203352+010020211761Malware Command and Control Activity Detected192.168.2.45003818.192.93.8612824TCP
              2024-11-25T17:40:02.281888+010020211761Malware Command and Control Activity Detected192.168.2.45004218.192.93.8612824TCP
              2024-11-25T17:40:04.515928+010020211761Malware Command and Control Activity Detected192.168.2.45004818.192.93.8612824TCP
              2024-11-25T17:40:06.409213+010020211761Malware Command and Control Activity Detected192.168.2.45005218.192.93.8612824TCP
              2024-11-25T17:40:08.533671+010020211761Malware Command and Control Activity Detected192.168.2.45005718.197.239.512824TCP
              2024-11-25T17:40:10.643778+010020211761Malware Command and Control Activity Detected192.168.2.45006318.197.239.512824TCP
              2024-11-25T17:40:12.774897+010020211761Malware Command and Control Activity Detected192.168.2.45006718.197.239.512824TCP
              2024-11-25T17:40:14.940732+010020211761Malware Command and Control Activity Detected192.168.2.45007318.197.239.512824TCP
              2024-11-25T17:40:16.531892+010020211761Malware Command and Control Activity Detected192.168.2.45007618.197.239.512824TCP
              2024-11-25T17:40:18.918232+010020211761Malware Command and Control Activity Detected192.168.2.45007718.197.239.512824TCP
              2024-11-25T17:40:20.923446+010020211761Malware Command and Control Activity Detected192.168.2.45007818.197.239.512824TCP
              2024-11-25T17:40:23.003503+010020211761Malware Command and Control Activity Detected192.168.2.45007918.197.239.512824TCP
              2024-11-25T17:40:24.969658+010020211761Malware Command and Control Activity Detected192.168.2.45008018.197.239.512824TCP
              2024-11-25T17:40:27.229934+010020211761Malware Command and Control Activity Detected192.168.2.45008118.197.239.512824TCP
              2024-11-25T17:40:29.342285+010020211761Malware Command and Control Activity Detected192.168.2.45008218.197.239.512824TCP
              2024-11-25T17:40:31.344912+010020211761Malware Command and Control Activity Detected192.168.2.45008318.197.239.512824TCP
              2024-11-25T17:40:32.910359+010020211761Malware Command and Control Activity Detected192.168.2.45008418.197.239.512824TCP
              2024-11-25T17:40:35.020544+010020211761Malware Command and Control Activity Detected192.168.2.45008518.197.239.512824TCP
              2024-11-25T17:40:37.016662+010020211761Malware Command and Control Activity Detected192.168.2.45008618.197.239.512824TCP
              2024-11-25T17:40:38.907187+010020211761Malware Command and Control Activity Detected192.168.2.45008718.197.239.512824TCP
              2024-11-25T17:40:40.630164+010020211761Malware Command and Control Activity Detected192.168.2.45008818.197.239.512824TCP
              2024-11-25T17:40:42.287464+010020211761Malware Command and Control Activity Detected192.168.2.45008918.197.239.512824TCP
              2024-11-25T17:40:43.761798+010020211761Malware Command and Control Activity Detected192.168.2.45009018.197.239.512824TCP
              2024-11-25T17:40:45.468544+010020211761Malware Command and Control Activity Detected192.168.2.45009118.197.239.512824TCP
              2024-11-25T17:40:47.313028+010020211761Malware Command and Control Activity Detected192.168.2.45009218.197.239.512824TCP
              2024-11-25T17:40:49.100588+010020211761Malware Command and Control Activity Detected192.168.2.45009318.197.239.512824TCP
              2024-11-25T17:40:50.578687+010020211761Malware Command and Control Activity Detected192.168.2.45009418.197.239.512824TCP
              2024-11-25T17:40:52.453488+010020211761Malware Command and Control Activity Detected192.168.2.45009518.197.239.512824TCP
              2024-11-25T17:40:54.282842+010020211761Malware Command and Control Activity Detected192.168.2.45009618.197.239.512824TCP
              2024-11-25T17:40:55.883918+010020211761Malware Command and Control Activity Detected192.168.2.45009718.197.239.512824TCP
              2024-11-25T17:40:57.433066+010020211761Malware Command and Control Activity Detected192.168.2.45009818.197.239.512824TCP
              2024-11-25T17:40:59.291685+010020211761Malware Command and Control Activity Detected192.168.2.45009918.197.239.512824TCP
              2024-11-25T17:41:00.949983+010020211761Malware Command and Control Activity Detected192.168.2.45010018.197.239.512824TCP
              2024-11-25T17:41:02.550162+010020211761Malware Command and Control Activity Detected192.168.2.45010118.197.239.512824TCP
              2024-11-25T17:41:04.274777+010020211761Malware Command and Control Activity Detected192.168.2.45010218.197.239.512824TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-11-25T17:37:05.645458+010020331321Malware Command and Control Activity Detected192.168.2.4497303.126.37.1812824TCP
              2024-11-25T17:37:09.173294+010020331321Malware Command and Control Activity Detected192.168.2.4497313.126.37.1812824TCP
              2024-11-25T17:37:12.983923+010020331321Malware Command and Control Activity Detected192.168.2.4497323.126.37.1812824TCP
              2024-11-25T17:37:16.481312+010020331321Malware Command and Control Activity Detected192.168.2.4497333.126.37.1812824TCP
              2024-11-25T17:37:20.055878+010020331321Malware Command and Control Activity Detected192.168.2.4497363.126.37.1812824TCP
              2024-11-25T17:37:23.718786+010020331321Malware Command and Control Activity Detected192.168.2.4497403.126.37.1812824TCP
              2024-11-25T17:37:27.227897+010020331321Malware Command and Control Activity Detected192.168.2.4497423.126.37.1812824TCP
              2024-11-25T17:37:30.993211+010020331321Malware Command and Control Activity Detected192.168.2.4497433.126.37.1812824TCP
              2024-11-25T17:37:34.511539+010020331321Malware Command and Control Activity Detected192.168.2.4497443.126.37.1812824TCP
              2024-11-25T17:37:37.946487+010020331321Malware Command and Control Activity Detected192.168.2.4497453.126.37.1812824TCP
              2024-11-25T17:37:41.712320+010020331321Malware Command and Control Activity Detected192.168.2.4497463.126.37.1812824TCP
              2024-11-25T17:37:45.405759+010020331321Malware Command and Control Activity Detected192.168.2.4497473.126.37.1812824TCP
              2024-11-25T17:37:49.026428+010020331321Malware Command and Control Activity Detected192.168.2.4497483.126.37.1812824TCP
              2024-11-25T17:37:52.618515+010020331321Malware Command and Control Activity Detected192.168.2.4497493.126.37.1812824TCP
              2024-11-25T17:37:56.196588+010020331321Malware Command and Control Activity Detected192.168.2.4497503.126.37.1812824TCP
              2024-11-25T17:38:00.056353+010020331321Malware Command and Control Activity Detected192.168.2.4497533.126.37.1812824TCP
              2024-11-25T17:38:03.557267+010020331321Malware Command and Control Activity Detected192.168.2.4497593.126.37.1812824TCP
              2024-11-25T17:38:07.186505+010020331321Malware Command and Control Activity Detected192.168.2.44976518.156.13.20912824TCP
              2024-11-25T17:38:10.614625+010020331321Malware Command and Control Activity Detected192.168.2.44977618.156.13.20912824TCP
              2024-11-25T17:38:13.808395+010020331321Malware Command and Control Activity Detected192.168.2.44978218.156.13.20912824TCP
              2024-11-25T17:38:17.020519+010020331321Malware Command and Control Activity Detected192.168.2.44978818.156.13.20912824TCP
              2024-11-25T17:38:20.189801+010020331321Malware Command and Control Activity Detected192.168.2.44979818.156.13.20912824TCP
              2024-11-25T17:38:23.045830+010020331321Malware Command and Control Activity Detected192.168.2.44980418.156.13.20912824TCP
              2024-11-25T17:38:25.777115+010020331321Malware Command and Control Activity Detected192.168.2.44981118.156.13.20912824TCP
              2024-11-25T17:38:28.452694+010020331321Malware Command and Control Activity Detected192.168.2.44981818.156.13.20912824TCP
              2024-11-25T17:38:31.260758+010020331321Malware Command and Control Activity Detected192.168.2.44982418.156.13.20912824TCP
              2024-11-25T17:38:34.046872+010020331321Malware Command and Control Activity Detected192.168.2.44983118.156.13.20912824TCP
              2024-11-25T17:38:36.743738+010020331321Malware Command and Control Activity Detected192.168.2.44983718.156.13.20912824TCP
              2024-11-25T17:38:39.508878+010020331321Malware Command and Control Activity Detected192.168.2.44984518.156.13.20912824TCP
              2024-11-25T17:38:41.977698+010020331321Malware Command and Control Activity Detected192.168.2.44985118.156.13.20912824TCP
              2024-11-25T17:38:44.744336+010020331321Malware Command and Control Activity Detected192.168.2.44985818.156.13.20912824TCP
              2024-11-25T17:38:47.499598+010020331321Malware Command and Control Activity Detected192.168.2.44986518.156.13.20912824TCP
              2024-11-25T17:38:50.133869+010020331321Malware Command and Control Activity Detected192.168.2.44987118.156.13.20912824TCP
              2024-11-25T17:38:52.557329+010020331321Malware Command and Control Activity Detected192.168.2.44987818.156.13.20912824TCP
              2024-11-25T17:38:54.665521+010020331321Malware Command and Control Activity Detected192.168.2.44988218.156.13.20912824TCP
              2024-11-25T17:38:56.779763+010020331321Malware Command and Control Activity Detected192.168.2.44988718.156.13.20912824TCP
              2024-11-25T17:38:58.901645+010020331321Malware Command and Control Activity Detected192.168.2.44989118.156.13.20912824TCP
              2024-11-25T17:39:01.123394+010020331321Malware Command and Control Activity Detected192.168.2.44989818.156.13.20912824TCP
              2024-11-25T17:39:03.380994+010020331321Malware Command and Control Activity Detected192.168.2.44990318.156.13.20912824TCP
              2024-11-25T17:39:05.758016+010020331321Malware Command and Control Activity Detected192.168.2.44990918.156.13.20912824TCP
              2024-11-25T17:39:08.368868+010020331321Malware Command and Control Activity Detected192.168.2.44991618.192.93.8612824TCP
              2024-11-25T17:39:11.078657+010020331321Malware Command and Control Activity Detected192.168.2.44992218.192.93.8612824TCP
              2024-11-25T17:39:13.847332+010020331321Malware Command and Control Activity Detected192.168.2.44992718.192.93.8612824TCP
              2024-11-25T17:39:16.594388+010020331321Malware Command and Control Activity Detected192.168.2.44993318.192.93.8612824TCP
              2024-11-25T17:39:19.047135+010020331321Malware Command and Control Activity Detected192.168.2.44993918.192.93.8612824TCP
              2024-11-25T17:39:21.464134+010020331321Malware Command and Control Activity Detected192.168.2.44994418.192.93.8612824TCP
              2024-11-25T17:39:23.634704+010020331321Malware Command and Control Activity Detected192.168.2.44994718.192.93.8612824TCP
              2024-11-25T17:39:25.385093+010020331321Malware Command and Control Activity Detected192.168.2.44995318.192.93.8612824TCP
              2024-11-25T17:39:27.565444+010020331321Malware Command and Control Activity Detected192.168.2.44995918.192.93.8612824TCP
              2024-11-25T17:39:29.720606+010020331321Malware Command and Control Activity Detected192.168.2.44996518.192.93.8612824TCP
              2024-11-25T17:39:31.917091+010020331321Malware Command and Control Activity Detected192.168.2.44996818.192.93.8612824TCP
              2024-11-25T17:39:33.564055+010020331321Malware Command and Control Activity Detected192.168.2.44997218.192.93.8612824TCP
              2024-11-25T17:39:35.688781+010020331321Malware Command and Control Activity Detected192.168.2.44997818.192.93.8612824TCP
              2024-11-25T17:39:37.944784+010020331321Malware Command and Control Activity Detected192.168.2.44998118.192.93.8612824TCP
              2024-11-25T17:39:40.237683+010020331321Malware Command and Control Activity Detected192.168.2.44998718.192.93.8612824TCP
              2024-11-25T17:39:42.064892+010020331321Malware Command and Control Activity Detected192.168.2.44999318.192.93.8612824TCP
              2024-11-25T17:39:44.110749+010020331321Malware Command and Control Activity Detected192.168.2.44999918.192.93.8612824TCP
              2024-11-25T17:39:46.354325+010020331321Malware Command and Control Activity Detected192.168.2.45000218.192.93.8612824TCP
              2024-11-25T17:39:48.360451+010020331321Malware Command and Control Activity Detected192.168.2.45000718.192.93.8612824TCP
              2024-11-25T17:39:49.969403+010020331321Malware Command and Control Activity Detected192.168.2.45001218.192.93.8612824TCP
              2024-11-25T17:39:52.281387+010020331321Malware Command and Control Activity Detected192.168.2.45001818.192.93.8612824TCP
              2024-11-25T17:39:54.344606+010020331321Malware Command and Control Activity Detected192.168.2.45002418.192.93.8612824TCP
              2024-11-25T17:39:56.532679+010020331321Malware Command and Control Activity Detected192.168.2.45002718.192.93.8612824TCP
              2024-11-25T17:39:58.612439+010020331321Malware Command and Control Activity Detected192.168.2.45003218.192.93.8612824TCP
              2024-11-25T17:40:00.203352+010020331321Malware Command and Control Activity Detected192.168.2.45003818.192.93.8612824TCP
              2024-11-25T17:40:02.281888+010020331321Malware Command and Control Activity Detected192.168.2.45004218.192.93.8612824TCP
              2024-11-25T17:40:04.515928+010020331321Malware Command and Control Activity Detected192.168.2.45004818.192.93.8612824TCP
              2024-11-25T17:40:06.409213+010020331321Malware Command and Control Activity Detected192.168.2.45005218.192.93.8612824TCP
              2024-11-25T17:40:08.533671+010020331321Malware Command and Control Activity Detected192.168.2.45005718.197.239.512824TCP
              2024-11-25T17:40:10.643778+010020331321Malware Command and Control Activity Detected192.168.2.45006318.197.239.512824TCP
              2024-11-25T17:40:12.774897+010020331321Malware Command and Control Activity Detected192.168.2.45006718.197.239.512824TCP
              2024-11-25T17:40:14.940732+010020331321Malware Command and Control Activity Detected192.168.2.45007318.197.239.512824TCP
              2024-11-25T17:40:16.531892+010020331321Malware Command and Control Activity Detected192.168.2.45007618.197.239.512824TCP
              2024-11-25T17:40:18.918232+010020331321Malware Command and Control Activity Detected192.168.2.45007718.197.239.512824TCP
              2024-11-25T17:40:20.923446+010020331321Malware Command and Control Activity Detected192.168.2.45007818.197.239.512824TCP
              2024-11-25T17:40:23.003503+010020331321Malware Command and Control Activity Detected192.168.2.45007918.197.239.512824TCP
              2024-11-25T17:40:24.969658+010020331321Malware Command and Control Activity Detected192.168.2.45008018.197.239.512824TCP
              2024-11-25T17:40:27.229934+010020331321Malware Command and Control Activity Detected192.168.2.45008118.197.239.512824TCP
              2024-11-25T17:40:29.342285+010020331321Malware Command and Control Activity Detected192.168.2.45008218.197.239.512824TCP
              2024-11-25T17:40:31.344912+010020331321Malware Command and Control Activity Detected192.168.2.45008318.197.239.512824TCP
              2024-11-25T17:40:32.910359+010020331321Malware Command and Control Activity Detected192.168.2.45008418.197.239.512824TCP
              2024-11-25T17:40:35.020544+010020331321Malware Command and Control Activity Detected192.168.2.45008518.197.239.512824TCP
              2024-11-25T17:40:37.016662+010020331321Malware Command and Control Activity Detected192.168.2.45008618.197.239.512824TCP
              2024-11-25T17:40:38.907187+010020331321Malware Command and Control Activity Detected192.168.2.45008718.197.239.512824TCP
              2024-11-25T17:40:40.630164+010020331321Malware Command and Control Activity Detected192.168.2.45008818.197.239.512824TCP
              2024-11-25T17:40:42.287464+010020331321Malware Command and Control Activity Detected192.168.2.45008918.197.239.512824TCP
              2024-11-25T17:40:43.761798+010020331321Malware Command and Control Activity Detected192.168.2.45009018.197.239.512824TCP
              2024-11-25T17:40:45.468544+010020331321Malware Command and Control Activity Detected192.168.2.45009118.197.239.512824TCP
              2024-11-25T17:40:47.313028+010020331321Malware Command and Control Activity Detected192.168.2.45009218.197.239.512824TCP
              2024-11-25T17:40:49.100588+010020331321Malware Command and Control Activity Detected192.168.2.45009318.197.239.512824TCP
              2024-11-25T17:40:50.578687+010020331321Malware Command and Control Activity Detected192.168.2.45009418.197.239.512824TCP
              2024-11-25T17:40:52.453488+010020331321Malware Command and Control Activity Detected192.168.2.45009518.197.239.512824TCP
              2024-11-25T17:40:54.282842+010020331321Malware Command and Control Activity Detected192.168.2.45009618.197.239.512824TCP
              2024-11-25T17:40:55.883918+010020331321Malware Command and Control Activity Detected192.168.2.45009718.197.239.512824TCP
              2024-11-25T17:40:57.433066+010020331321Malware Command and Control Activity Detected192.168.2.45009818.197.239.512824TCP
              2024-11-25T17:40:59.291685+010020331321Malware Command and Control Activity Detected192.168.2.45009918.197.239.512824TCP
              2024-11-25T17:41:00.949983+010020331321Malware Command and Control Activity Detected192.168.2.45010018.197.239.512824TCP
              2024-11-25T17:41:02.550162+010020331321Malware Command and Control Activity Detected192.168.2.45010118.197.239.512824TCP
              2024-11-25T17:41:04.274777+010020331321Malware Command and Control Activity Detected192.168.2.45010218.197.239.512824TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-11-25T17:37:27.488424+010028255641Malware Command and Control Activity Detected192.168.2.4497423.126.37.1812824TCP
              2024-11-25T17:37:35.611147+010028255641Malware Command and Control Activity Detected192.168.2.4497443.126.37.1812824TCP
              2024-11-25T17:37:42.574745+010028255641Malware Command and Control Activity Detected192.168.2.4497463.126.37.1812824TCP
              2024-11-25T17:38:04.427567+010028255641Malware Command and Control Activity Detected192.168.2.4497593.126.37.1812824TCP
              2024-11-25T17:38:07.431361+010028255641Malware Command and Control Activity Detected192.168.2.44976518.156.13.20912824TCP
              2024-11-25T17:39:22.574522+010028255641Malware Command and Control Activity Detected192.168.2.44994418.192.93.8612824TCP
              2024-11-25T17:39:30.996199+010028255641Malware Command and Control Activity Detected192.168.2.44996518.192.93.8612824TCP
              2024-11-25T17:39:45.546330+010028255641Malware Command and Control Activity Detected192.168.2.44999918.192.93.8612824TCP
              2024-11-25T17:39:50.528202+010028255641Malware Command and Control Activity Detected192.168.2.45001218.192.93.8612824TCP
              2024-11-25T17:39:50.871101+010028255641Malware Command and Control Activity Detected192.168.2.45001218.192.93.8612824TCP
              2024-11-25T17:39:57.043844+010028255641Malware Command and Control Activity Detected192.168.2.45002718.192.93.8612824TCP
              2024-11-25T17:39:59.261927+010028255641Malware Command and Control Activity Detected192.168.2.45003218.192.93.8612824TCP
              2024-11-25T17:40:00.985076+010028255641Malware Command and Control Activity Detected192.168.2.45003818.192.93.8612824TCP
              2024-11-25T17:40:06.665114+010028255641Malware Command and Control Activity Detected192.168.2.45005218.192.93.8612824TCP
              2024-11-25T17:40:29.645754+010028255641Malware Command and Control Activity Detected192.168.2.45008218.197.239.512824TCP
              2024-11-25T17:40:49.387296+010028255641Malware Command and Control Activity Detected192.168.2.45009318.197.239.512824TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: W9UAjNR4L6.exeAvira: detected
              Antivirus detection for dropped file
              Source: C:\Umbrella.flv.exeAvira: detection malicious, Label: TR/Dropper.Gen
              Found malware configuration
              Source: 0.0.W9UAjNR4L6.exe.530000.0.unpackMalware Configuration Extractor: Njrat {"Campaign ID": "HacKed", "Version": "0.7d", "Install Name": "479c12dc394ac2d8130b559c835e22f3", "Install Dir": "Adobe Update", "Registry Value": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Network Seprator": "|'|'|"}
              Multi AV Scanner detection for dropped file
              Source: C:\Umbrella.flv.exeReversingLabs: Detection: 84%
              Multi AV Scanner detection for submitted file
              Source: W9UAjNR4L6.exeReversingLabs: Detection: 84%
              Yara detected Njrat
              Source: Yara matchFile source: W9UAjNR4L6.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.W9UAjNR4L6.exe.530000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.1660962736.0000000000532000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.4124195324.0000000002B51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: W9UAjNR4L6.exe PID: 6036, type: MEMORYSTR
              Source: Yara matchFile source: C:\Umbrella.flv.exe, type: DROPPED
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
              Machine Learning detection for dropped file
              Source: C:\Umbrella.flv.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: W9UAjNR4L6.exeJoe Sandbox ML: detected
              Source: W9UAjNR4L6.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
              Source: W9UAjNR4L6.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

              Spreading

              barindex
              Contains functionality to spread to USB devices (.Net source)
              Source: W9UAjNR4L6.exe, -.cs.Net Code: @
              Source: Umbrella.flv.exe.0.dr, -.cs.Net Code: @
              Creates autorun.inf (USB autostart)
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeFile created: C:\autorun.infJump to behavior
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124195324.0000000002B51000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \autorun.inf
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124195324.0000000002B51000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124195324.0000000002B51000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf$OEk
              Source: W9UAjNR4L6.exe, 00000000.00000000.1660962736.0000000000532000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: \autorun.inf
              Source: W9UAjNR4L6.exe, 00000000.00000000.1660962736.0000000000532000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
              Source: W9UAjNR4L6.exe, 00000000.00000000.1660962736.0000000000532000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
              Source: W9UAjNR4L6.exeBinary or memory string: \autorun.inf
              Source: W9UAjNR4L6.exeBinary or memory string: [autorun]
              Source: W9UAjNR4L6.exeBinary or memory string: autorun.inf
              Source: Umbrella.flv.exe.0.drBinary or memory string: \autorun.inf
              Source: Umbrella.flv.exe.0.drBinary or memory string: [autorun]
              Source: Umbrella.flv.exe.0.drBinary or memory string: autorun.inf
              Source: autorun.inf.0.drBinary or memory string: [autorun]

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49731 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49731 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49733 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49733 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49742 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49742 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49750 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49753 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49746 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49742 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49746 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49753 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49745 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49776 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49732 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49776 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49740 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49746 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49745 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49765 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49750 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49732 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49765 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49736 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49744 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49759 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49740 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49782 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49748 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49759 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49748 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49749 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49749 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49744 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49759 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49744 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49782 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49736 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49747 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49747 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49788 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49765 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49798 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49743 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49824 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49730 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49818 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49818 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49788 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49831 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49845 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49824 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49845 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49804 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49798 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49831 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49730 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49858 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49858 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49804 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49837 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49837 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49851 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49851 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49878 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49878 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49743 -> 3.126.37.18:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49887 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49887 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49891 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49891 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49871 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49922 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49922 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49871 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49939 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49939 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49944 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49947 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49947 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49898 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49898 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49953 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49944 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49933 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49933 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49953 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49944 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49959 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49959 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49811 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49965 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49965 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49916 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49916 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49965 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49909 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49972 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49972 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49865 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49909 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49865 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49882 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49981 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49882 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49981 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49978 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49978 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49993 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49993 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49903 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49903 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49927 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49927 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50007 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50018 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50018 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50007 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50024 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50024 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49811 -> 18.156.13.209:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50002 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50002 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50012 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50012 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50048 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50048 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49999 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49999 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50032 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50042 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50042 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50027 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50052 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50057 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50038 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50038 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50038 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50012 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50052 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50032 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50083 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50083 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50087 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50087 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50057 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50095 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50095 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50101 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50101 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50063 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50076 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49999 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50052 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50080 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50032 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50080 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50094 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50079 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50027 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50078 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50063 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50078 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50076 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50073 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50073 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50091 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50085 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50067 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50091 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50097 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50067 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50099 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50092 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50092 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50027 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50081 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50085 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50081 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50094 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50086 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50086 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50100 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50079 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50099 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50088 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50084 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50098 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50084 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50098 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50097 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50090 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50077 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50100 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50088 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50102 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50090 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50077 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50096 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50102 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50096 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50082 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50082 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50082 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50093 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50093 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50093 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49968 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49968 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49987 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49987 -> 18.192.93.86:12824
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50089 -> 18.197.239.5:12824
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50089 -> 18.197.239.5:12824
              Source: global trafficTCP traffic: 192.168.2.4:49730 -> 3.126.37.18:12824
              Source: global trafficTCP traffic: 192.168.2.4:49765 -> 18.156.13.209:12824
              Source: global trafficTCP traffic: 192.168.2.4:49916 -> 18.192.93.86:12824
              Source: global trafficTCP traffic: 192.168.2.4:50057 -> 18.197.239.5:12824
              Source: Joe Sandbox ViewIP Address: 3.126.37.18 3.126.37.18
              Source: Joe Sandbox ViewIP Address: 18.156.13.209 18.156.13.209
              Source: Joe Sandbox ViewIP Address: 18.192.93.86 18.192.93.86
              Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
              Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
              Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficDNS traffic detected: DNS query: 2.tcp.eu.ngrok.io
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

              E-Banking Fraud

              barindex
              Yara detected Njrat
              Source: Yara matchFile source: W9UAjNR4L6.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.W9UAjNR4L6.exe.530000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.1660962736.0000000000532000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.4124195324.0000000002B51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: W9UAjNR4L6.exe PID: 6036, type: MEMORYSTR
              Source: Yara matchFile source: C:\Umbrella.flv.exe, type: DROPPED

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: W9UAjNR4L6.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: W9UAjNR4L6.exe, type: SAMPLEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
              Source: W9UAjNR4L6.exe, type: SAMPLEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
              Source: W9UAjNR4L6.exe, type: SAMPLEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
              Source: 0.0.W9UAjNR4L6.exe.530000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: 0.0.W9UAjNR4L6.exe.530000.0.unpack, type: UNPACKEDPEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
              Source: 0.0.W9UAjNR4L6.exe.530000.0.unpack, type: UNPACKEDPEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
              Source: 0.0.W9UAjNR4L6.exe.530000.0.unpack, type: UNPACKEDPEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
              Source: 00000000.00000000.1660962736.0000000000532000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: 00000000.00000000.1660962736.0000000000532000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
              Source: C:\Umbrella.flv.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: C:\Umbrella.flv.exe, type: DROPPEDMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
              Source: C:\Umbrella.flv.exe, type: DROPPEDMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
              Source: C:\Umbrella.flv.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess Stats: CPU usage > 49%
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_00C02BCF0_2_00C02BCF
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_00C0247C0_2_00C0247C
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_00C025FE0_2_00C025FE
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_00C1C0B00_2_00C1C0B0
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_04D042980_2_04D04298
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_04D047D40_2_04D047D4
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_04D044F10_2_04D044F1
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_04D049F90_2_04D049F9
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_04D0499D0_2_04D0499D
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_04D04B5B0_2_04D04B5B
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_04D045440_2_04D04544
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_04D0470F0_2_04D0470F
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_04D046300_2_04D04630
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_04D049360_2_04D04936
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_04D050E30_2_04D050E3
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_04D04F9D0_2_04D04F9D
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_04D04C8F0_2_04D04C8F
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_04D054590_2_04D05459
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_04D0505D0_2_04D0505D
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_04D0536F0_2_04D0536F
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_04D050000_2_04D05000
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_04D04F2F0_2_04D04F2F
              Source: W9UAjNR4L6.exe, 00000000.00000002.4123378997.0000000000ABE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs W9UAjNR4L6.exe
              Source: W9UAjNR4L6.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: W9UAjNR4L6.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: W9UAjNR4L6.exe, type: SAMPLEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: W9UAjNR4L6.exe, type: SAMPLEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
              Source: W9UAjNR4L6.exe, type: SAMPLEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
              Source: 0.0.W9UAjNR4L6.exe.530000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: 0.0.W9UAjNR4L6.exe.530000.0.unpack, type: UNPACKEDPEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.0.W9UAjNR4L6.exe.530000.0.unpack, type: UNPACKEDPEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
              Source: 0.0.W9UAjNR4L6.exe.530000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
              Source: 00000000.00000000.1660962736.0000000000532000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: 00000000.00000000.1660962736.0000000000532000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
              Source: C:\Umbrella.flv.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: C:\Umbrella.flv.exe, type: DROPPEDMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: C:\Umbrella.flv.exe, type: DROPPEDMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
              Source: C:\Umbrella.flv.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
              Source: classification engineClassification label: mal100.spre.phis.troj.evad.winEXE@10/7@4/4
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_054C26AE AdjustTokenPrivileges,0_2_054C26AE
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeCode function: 0_2_054C2677 AdjustTokenPrivileges,0_2_054C2677
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeFile created: C:\Users\user\AppData\Roaming\appJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeMutant created: \Sessions\1\BaseNamedObjects\479c12dc394ac2d8130b559c835e22f3
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6200:120:WilError_03
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5960:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8:120:WilError_03
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeFile created: C:\Users\user\AppData\Local\Temp\FransescoPast.txtJump to behavior
              Source: W9UAjNR4L6.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: W9UAjNR4L6.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: W9UAjNR4L6.exeReversingLabs: Detection: 84%
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeFile read: C:\Users\user\Desktop\W9UAjNR4L6.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\W9UAjNR4L6.exe "C:\Users\user\Desktop\W9UAjNR4L6.exe"
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\W9UAjNR4L6.exe" "W9UAjNR4L6.exe" ENABLE
              Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall delete allowedprogram "C:\Users\user\Desktop\W9UAjNR4L6.exe"
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\W9UAjNR4L6.exe" "W9UAjNR4L6.exe" ENABLE
              Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\W9UAjNR4L6.exe" "W9UAjNR4L6.exe" ENABLEJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall delete allowedprogram "C:\Users\user\Desktop\W9UAjNR4L6.exe"Jump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\W9UAjNR4L6.exe" "W9UAjNR4L6.exe" ENABLEJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InprocServer32Jump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
              Source: W9UAjNR4L6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
              Source: W9UAjNR4L6.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

              Data Obfuscation

              barindex
              .NET source code contains potential unpacker
              Source: W9UAjNR4L6.exe, -.cs.Net Code: @ System.Reflection.Assembly.Load(byte[])
              Source: Umbrella.flv.exe.0.dr, -.cs.Net Code: @ System.Reflection.Assembly.Load(byte[])
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeFile created: C:\Umbrella.flv.exeJump to dropped file
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeMemory allocated: DD0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeMemory allocated: 2B50000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeMemory allocated: 4B50000 memory commit | memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeWindow / User API: threadDelayed 683Jump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeWindow / User API: threadDelayed 3409Jump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeWindow / User API: threadDelayed 5178Jump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeWindow / User API: foregroundWindowGot 782Jump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeWindow / User API: foregroundWindowGot 771Jump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exe TID: 4588Thread sleep count: 683 > 30Jump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exe TID: 4588Thread sleep time: -68300s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exe TID: 6108Thread sleep count: 3409 > 30Jump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exe TID: 6108Thread sleep time: -3409000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exe TID: 6108Thread sleep count: 5178 > 30Jump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exe TID: 6108Thread sleep time: -5178000s >= -30000sJump to behavior
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: netsh.exe, 00000001.00000002.1691165565.0000000000EDA000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.1700323426.0000000000512000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll[
              Source: W9UAjNR4L6.exe, 00000000.00000002.4123378997.0000000000B4C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWdd name="AspNe
              Source: netsh.exe, 00000003.00000002.1698510909.000000000078A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllb
              Source: W9UAjNR4L6.exe, 00000000.00000002.4123378997.0000000000B4C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeMemory allocated: page read and write | page guardJump to behavior
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:36:54 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:31:38 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 07:38:55 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 20:37:14 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 20:54:49 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:13:36 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:02:10 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/11 | 12:46:58 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:00:55 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 08:56:18 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:08:57 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 08:25:35 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp, W9UAjNR4L6.exe, 00000000.00000002.4124195324.00000000030B5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/28 | 08:22:46 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 04:05:37 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 11:29:07 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/30 | 13:01:36 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:08:04 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:39:30 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:14:19 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/27 | 12:52:12 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:44:19 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 02:57:43 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 21:20:05 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/11 | 13:33:38 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:30:26 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:15:30 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 22:57:25 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:15:49 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/07 | 05:01:46 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:00:16 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:28:41 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:38:00 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:50:53 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 08:51:01 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:23:57 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:30:08 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 00:32:13 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 01:04:50 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:18:39 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:35:24 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:22:04 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:01:46 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp, W9UAjNR4L6.exe, 00000000.00000002.4124195324.00000000030B5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/28 | 03:26:41 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/15 | 23:37:45 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:43:28 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:14:00 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 22:30:46 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124195324.0000000002B51000.00000004.00000800.00020000.00000000.sdmp, W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:28:02 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:02:33 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/16 | 00:53:19 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:11:05 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:29:28 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:18:43 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp, W9UAjNR4L6.exe, 00000000.00000002.4124195324.00000000030B5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/25 | 11:38:37 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 03:28:16 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:54:17 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 20:41:02 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:44:58 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:44:05 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 00:43:02 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:46:13 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:34:46 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:05:14 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:17:09 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:50:30 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/07 | 05:00:16 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:19:07 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 03:19:11 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:09:48 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/30 | 12:41:52 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 21:28:13 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 21:05:05 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:55:18 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 11:46:44 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:45:59 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:01:17 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:32:39 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:57:02 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 09:44:28 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:24:35 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:22:31 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:55:47 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 22:13:09 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 08:51:51 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 12:41:39 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:50:01 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 01:19:26 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:27:11 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 16:58:30 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:21:21 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:17:52 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:21:03 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:11:44 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:35:14 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 01:37:59 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 01:03:59 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:40:42 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:25:55 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:42:45 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:03:40 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 13:30:03 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:27:48 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:52:04 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/07 | 05:18:43 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/07 | 05:24:54 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:29:03 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:19:44 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:56:24 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 02:40:46 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/11 | 12:50:09 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 01:38:50 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/13 | 17:28:51 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:08:28 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 03:42:39 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:35:00 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp, W9UAjNR4L6.exe, 00000000.00000002.4124195324.00000000030B5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/28 | 08:21:16 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:25:41 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/15 | 23:17:51 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:48:53 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/15 | 22:54:53 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 08:50:47 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/16 | 01:07:12 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:05:51 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/07 | 05:55:37 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:45:10 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp, W9UAjNR4L6.exe, 00000000.00000002.4124195324.00000000030B5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/28 | 08:09:53 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:34:23 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:02:00 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 01:13:55 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 21:32:24 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 12:18:11 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:56:38 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:15:10 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 13:16:56 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 13:27:45 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:56:28 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:25:28 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:36:44 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/15 | 22:22:40 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 07:51:48 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 21:26:13 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:18:45 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:33:22 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 01:28:54 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/15 | 23:06:25 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 05:19:49 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:51:21 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 22:47:06 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 01:12:25 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:34:21 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:16:22 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/22 | 15:05:39 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:19:30 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:04:21 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/13 | 18:09:59 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:18:06 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 23:40:34 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/16 | 00:56:33 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:08:47 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:28:04 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:06:24 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:52:23 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:38:39 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:00:18 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/22 | 16:53:12 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:54:54 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:36:34 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/07 | 05:51:50 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 22:52:47 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:23:32 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/13 | 17:09:50 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:07:17 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 21:20:58 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:16:03 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:51:11 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:39:24 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp, W9UAjNR4L6.exe, 00000000.00000002.4124195324.00000000030B5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/30 | 11:59:13 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/27 | 12:50:28 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:06:44 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:47:33 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/16 | 00:43:21 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/16 | 00:19:02 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 07:30:37 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 02:46:17 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/07 | 05:06:24 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 01:14:48 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp, W9UAjNR4L6.exe, 00000000.00000002.4124195324.00000000030B5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/25 | 19:28:42 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/05 | 00:16:19 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:17:33 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:22:33 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:12:35 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:40:22 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 01:57:14 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:39:38 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:30:46 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/13 | 18:08:29 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 00:39:51 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/07 | 05:21:01 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 01:03:20 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:19:17 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:28:35 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:59:05 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:49:46 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 00:58:15 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:31:00 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:04:56 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 20:57:45 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:47:23 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:53:24 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/30 | 12:30:26 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:01:19 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/22 | 15:48:02 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:29:34 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/05 | 00:30:40 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/30 | 13:11:32 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:45:35 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:14:15 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:40:32 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:58:32 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/22 | 17:19:04 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:08:08 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 09:22:11 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 17:16:14 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 08:16:30 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:26:58 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:09:58 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:02:47 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:12:06 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:10:08 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 02:19:58 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/05 | 00:51:27 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 03:58:03 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 01:16:32 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/15 | 23:49:27 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:56:48 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/13 | 18:51:32 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 22:43:42 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 22:10:15 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:32:37 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:00:49 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:45:39 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:10:51 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/27 | 13:44:46 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 01:19:29 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 01:08:37 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:10:32 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp, W9UAjNR4L6.exe, 00000000.00000002.4124195324.00000000030B5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/28 | 08:32:42 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:45:20 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/13 | 18:25:29 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 07:47:21 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/22 | 16:52:58 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 21:16:31 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:51:46 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/22 | 17:15:56 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 22:53:01 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:32:23 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/27 | 13:07:15 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:31:09 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 21:37:18 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/13 | 17:51:03 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:08:18 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/07 | 05:01:09 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 03:02:14 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/11 | 13:28:57 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/09 | 09:26:12 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:23:05 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/05 | 00:04:37 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:13:46 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/07 | 05:15:29 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 04:24:38 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:11:25 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 12:30:11 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 07:29:04 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:59:52 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:02:39 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 05:20:06 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:46:28 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/22 | 15:26:24 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 01:18:33 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 08:51:14 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/22 | 16:03:45 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:25:57 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 08:27:58 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:39:48 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/09 | 09:17:09 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:11:13 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:55:55 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 22:55:02 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 22:11:09 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:06:34 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:15:45 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:03:49 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:10:42 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 13:22:08 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/15 | 23:56:46 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:20:40 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/13 | 18:02:58 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:05:10 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:30:22 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/15 | 23:36:52 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 00:47:26 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 22:59:48 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 01:33:35 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:26:34 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:46:05 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 08:48:06 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/30 | 12:37:27 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:41:25 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 23:17:23 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/30 | 12:16:03 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:14:29 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 09:12:28 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 11:42:20 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:43:38 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:26:55 - Program Manager
              Source: W9UAjNR4L6.exe, Umbrella.flv.exe.0.drBinary or memory string: Shell_traywnd+MostrarBarraDeTarefas
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:30:36 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 13:01:43 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:22:41 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 17:04:54 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 07:57:56 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:28:59 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:30:45 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/02 | 17:10:55 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:52:17 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/13 | 18:29:14 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:22:02 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:03:03 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:46:30 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp, W9UAjNR4L6.exe, 00000000.00000002.4124195324.0000000002BC6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 09:15:59 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:38:01 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/22 | 16:45:17 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:11:07 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 21:02:53 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:43:26 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 22:42:12 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 10:22:36 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/11 | 13:13:07 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/30 | 12:18:04 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/15 | 22:40:33 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:16:52 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 02:56:50 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:52:00 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:07:25 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:49:20 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 09:10:42 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:31:39 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:43:12 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:20:57 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:00:56 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 07:50:18 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 22:44:29 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/07 | 04:39:38 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 04:34:56 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/11 | 13:06:03 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 03:13:03 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 11:38:32 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:49:34 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/27 | 13:10:49 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 20:38:07 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 04:21:07 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:35:41 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:22:14 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/02 | 17:03:51 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:05:27 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:13:26 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:44:11 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:46:50 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 08:18:53 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:19:34 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:10:12 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 10:54:27 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:58:02 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:48:29 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:05:33 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:05:24 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:00:24 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:27:05 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 02:10:56 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:18:26 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:12:16 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/27 | 13:15:49 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 10:56:11 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 07:35:52 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/22 | 15:47:31 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 23:27:41 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:10:52 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/05 | 08:43:55 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 20:45:07 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:47:06 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 22:54:31 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:44:09 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 22:45:20 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 13:13:40 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:31:07 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:13:28 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:53:54 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 22:19:01 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:00:10 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:53:22 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 22:42:28 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 23:31:09 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 13:34:27 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:21:31 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 01:05:43 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 13:08:44 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:00:26 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/07 | 05:38:37 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:27:56 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:57:54 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:56:01 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:22:51 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:35:04 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:04:04 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 22:53:54 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 01:50:50 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 09:06:54 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:12:08 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:42:33 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:29:42 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:32:47 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 12:47:30 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/30 | 13:03:20 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/22 | 17:17:57 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 09:39:47 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:18:14 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:51:09 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:21:01 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:26:57 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/11 | 12:59:31 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:38:57 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:44:46 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:14:36 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp, W9UAjNR4L6.exe, 00000000.00000002.4124195324.00000000030B5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/28 | 07:10:35 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:44:29 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 00:58:52 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:28:32 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:17:15 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 01:11:32 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:15:08 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:11:45 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:03:11 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 07:25:19 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:33:30 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 23:41:27 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:18:53 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp, W9UAjNR4L6.exe, 00000000.00000002.4124195324.00000000030B5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/28 | 07:55:21 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:41:34 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 22:28:59 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 22:31:23 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/13 | 18:32:31 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 09:17:52 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:47:36 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/13 | 17:50:10 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:09:21 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:15:51 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:04:19 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/15 | 23:02:55 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 22:20:34 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:22:34 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 22:07:04 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/30 | 12:48:16 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:07:57 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:30:38 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/30 | 12:53:12 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 01:06:00 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 09:28:58 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:09:11 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 23:59:54 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/22 | 15:29:01 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:20:18 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/05 | 00:24:51 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:07:11 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:18:46 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 18:17:13 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/13 | 17:09:13 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:10:05 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/15 | 23:35:44 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 04:54:47 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/15 | 22:37:53 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 05:52:53 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:31:56 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 06:06:26 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:02:20 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 00:30:12 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/04 | 20:51:32 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 23:20:04 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/13 | 17:38:49 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 01:10:24 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 03:58:40 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/20 | 09:08:27 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 01:11:57 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:12:33 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmp, W9UAjNR4L6.exe, 00000000.00000002.4124195324.00000000030B5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/11/28 | 08:16:35 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/07 | 05:27:48 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/22 | 17:11:32 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 17:37:37 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/15 | 23:57:39 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 00:07:37 - Program Manager
              Source: W9UAjNR4L6.exe, 00000000.00000002.4124950688.0000000003CD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/25 | 09:09:31 - Program Manager
              Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Lowering of HIPS / PFW / Operating System Security Settings

              barindex
              Contains functionality to disable the Task Manager (.Net Source)
              Source: W9UAjNR4L6.exe, -.cs.Net Code: @
              Source: Umbrella.flv.exe.0.dr, -.cs.Net Code: @
              Disables zone checking for all users
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeRegistry value created: HKEY_CURRENT_USER\Environment SEE_MASK_NOZONECHECKSJump to behavior
              Modifies the windows firewall
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\W9UAjNR4L6.exe" "W9UAjNR4L6.exe" ENABLE
              Uses netsh to modify the Windows network and firewall settings
              Source: C:\Users\user\Desktop\W9UAjNR4L6.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\W9UAjNR4L6.exe" "W9UAjNR4L6.exe" ENABLE

              Stealing of Sensitive Information

              barindex
              Yara detected Njrat
              Source: Yara matchFile source: W9UAjNR4L6.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.W9UAjNR4L6.exe.530000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.1660962736.0000000000532000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.4124195324.0000000002B51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: W9UAjNR4L6.exe PID: 6036, type: MEMORYSTR
              Source: Yara matchFile source: C:\Umbrella.flv.exe, type: DROPPED

              Remote Access Functionality

              barindex
              Yara detected Njrat
              Source: Yara matchFile source: W9UAjNR4L6.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.W9UAjNR4L6.exe.530000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.1660962736.0000000000532000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.4124195324.0000000002B51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: W9UAjNR4L6.exe PID: 6036, type: MEMORYSTR
              Source: Yara matchFile source: C:\Umbrella.flv.exe, type: DROPPED

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire Infrastructure21
              Replication Through Removable Media              		Windows Management Instrumentation1
              DLL Side-Loading              		1
              Access Token Manipulation              		1
              Masquerading              		OS Credential Dumping11
              Security Software Discovery              		Remote Services1
              Archive Collected Data              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts2
              Process Injection              		2
              Virtualization/Sandbox Evasion              		LSASS Memory2
              Virtualization/Sandbox Evasion              		Remote Desktop Protocol1
              Clipboard Data              		1
              Non-Standard Port              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		41
              Disable or Modify Tools              		Security Account Manager1
              Process Discovery              		SMB/Windows Admin SharesData from Network Shared Drive1
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Access Token Manipulation              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture1
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
              Process Injection              		LSA Secrets1
              Peripheral Device Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Software Packing              		Cached Domain Credentials12
              System Information Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562541 Sample: W9UAjNR4L6.exe Startdate: 25/11/2024 Architecture: WINDOWS Score: 100 31 2.tcp.eu.ngrok.io 2->31 39 Suricata IDS alerts for network traffic 2->39 41 Found malware configuration 2->41 43 Malicious sample detected (through community Yara rule) 2->43 45 11 other signatures 2->45 8 W9UAjNR4L6.exe 1 11 2->8         started        signatures3 process4 dnsIp5 33 18.156.13.209, 12824, 49765, 49776 AMAZON-02US United States 8->33 35 18.192.93.86, 12824, 49916, 49922 AMAZON-02US United States 8->35 37 2 other IPs or domains 8->37 25 C:\Umbrella.flv.exe, PE32 8->25 dropped 27 C:\autorun.inf, Microsoft 8->27 dropped 29 C:\Umbrella.flv.exe:Zone.Identifier, ASCII 8->29 dropped 47 Creates autorun.inf (USB autostart) 8->47 49 Disables zone checking for all users 8->49 51 Uses netsh to modify the Windows network and firewall settings 8->51 53 Modifies the windows firewall 8->53 13 netsh.exe 2 8->13         started        15 netsh.exe 2 8->15         started        17 netsh.exe 2 8->17         started        file6 signatures7 process8 process9 19 conhost.exe 13->19         started        21 conhost.exe 15->21         started        23 conhost.exe 17->23         started       

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              W9UAjNR4L6.exe84%ReversingLabsByteCode-MSIL.Backdoor.njRAT
              W9UAjNR4L6.exe100%AviraTR/Dropper.Gen
              W9UAjNR4L6.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Umbrella.flv.exe100%AviraTR/Dropper.Gen
              C:\Umbrella.flv.exe100%Joe Sandbox ML
              C:\Umbrella.flv.exe84%ReversingLabsByteCode-MSIL.Backdoor.njRAT

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              No Antivirus matches

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              2.tcp.eu.ngrok.io
              		3.126.37.18
              		truetrue
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                3.126.37.18
                		2.tcp.eu.ngrok.ioUnited States
                		16509AMAZON-02UStrue
                18.156.13.209
                		unknownUnited States
                		16509AMAZON-02UStrue
                18.192.93.86
                		unknownUnited States
                		16509AMAZON-02UStrue
                18.197.239.5
                		unknownUnited States
                		16509AMAZON-02UStrue

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1562541
                Start date and time:2024-11-25 17:36:08 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 7m 17s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:11
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:W9UAjNR4L6.exe
                renamed because original name is a hash value
                Original Sample Name:25a598f19fc93ed7abd222c542270070.exe
                Detection:MAL
                Classification:mal100.spre.phis.troj.evad.winEXE@10/7@4/4
                EGA Information:
                • Successful, ratio: 100%
                HCA Information:
                • Successful, ratio: 98%
                • Number of executed functions: 151
                • Number of non-executed functions: 4
                Cookbook Comments:
                • Found application associated with file extension: .exe
                • Override analysis time to 240s for sample files taking high CPU consumption

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • VT rate limit hit for: W9UAjNR4L6.exe

                Simulations

                Behavior and APIs

                TimeTypeDescription
                11:37:33API Interceptor638797x Sleep call for process: W9UAjNR4L6.exe modified

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                3.126.37.187zFM.exeGet hashmaliciousZTratBrowse
                  4xKDL5YCfQ.exeGet hashmaliciousNjratBrowse
                    b8UsrDOVGV.exeGet hashmaliciousNjratBrowse
                      tiodtk2cfy.exeGet hashmaliciousNjratBrowse
                        pQBmVoyRnw.exeGet hashmaliciousNjratBrowse
                          NezbdhNgwG.exeGet hashmaliciousNjratBrowse
                            xdPdkPMD8u.exeGet hashmaliciousNjratBrowse
                              VBUXm77rfL.exeGet hashmaliciousNjratBrowse
                                gEuhLHV0.posh.ps1Get hashmaliciousMetasploitBrowse
                                  MibKbjH4.posh.ps1Get hashmaliciousUnknownBrowse
                                    18.156.13.209http://www.sdrclm.cn/vendor/phpdocumentor/P800/P90GT_Invoice_Related_Property_Tax_P800.exeGet hashmaliciousRedLineBrowse
                                    • 2.tcp.eu.ngrok.io:17685/
                                    18.192.93.86P90GT_Invoice_Related_Property_Tax_P800.exeGet hashmaliciousRedLineBrowse
                                    • 2.tcp.eu.ngrok.io:17685/
                                    http://www.sdrclm.cn/vendor/phpdocumentor/P800/P90GT_Invoice_Related_Property_Tax_P800.exeGet hashmaliciousRedLineBrowse
                                    • 2.tcp.eu.ngrok.io:17685/

                                    Domains

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    2.tcp.eu.ngrok.ioULNZPn6D33.exeGet hashmaliciousSliverBrowse
                                    • 18.197.239.5
                                    Injector.exeGet hashmaliciousZTratBrowse
                                    • 18.197.239.5
                                    7zFM.exeGet hashmaliciousZTratBrowse
                                    • 3.126.37.18
                                    Game Laucher.exeGet hashmaliciousNjratBrowse
                                    • 18.192.93.86
                                    10.exeGet hashmaliciousUnknownBrowse
                                    • 18.192.93.86
                                    En3e396wX1.exeGet hashmaliciousNjratBrowse
                                    • 18.197.239.5
                                    ZxocxU01PB.exeGet hashmaliciousNjratBrowse
                                    • 18.197.239.5
                                    4xKDL5YCfQ.exeGet hashmaliciousNjratBrowse
                                    • 18.156.13.209
                                    R3ov8eFFFP.exeGet hashmaliciousNjratBrowse
                                    • 3.127.138.57
                                    Ve0c8i5So2.exeGet hashmaliciousNjratBrowse
                                    • 18.157.68.73

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    AMAZON-02USAccountDocuments - christinal.docxGet hashmaliciousUnknownBrowse
                                    • 13.227.8.48
                                    https://protection.cloze.email/r/EKJc7NAc1aGPd0140vt6MnJzYkpI4pQCyldpUEBtdFT8T8dhNmmHodcXxvKddJW4AhfqaDIQj32BX0HxSGbmPeDqDQs/n/SlBNQ05FV1NMRVRURVI/y52l9ppb.r.ap-northeast-1.awstrack.me/L0/https:%2F%2Fcloudprotectionc5f91e84a2b3d9e748f2a1d9b7e5f0c4a2b3d9e7a5pages.dynamixs.workers.dev%2F/1/010601933048cf65-492c630f-d6b3-471e-a31f-bf186231f1e8-000000/SL9CcqykWh2mQIC7eGiOMwzMSpk=185Get hashmaliciousUnknownBrowse
                                    • 35.79.77.164
                                    https://eastmancuts.jimdosite.com/Get hashmaliciousUnknownBrowse
                                    • 54.171.97.194
                                    https://www.google.com/url?q=https://clickme.thryv.com/ls/click?upn%3Du001.3HlspJ5fg-2BP4CQkV7GSVhvWTpgC6w0k7sA8b2Z9JBYU9BEMXtqHWLHW9PPcpforJszQ3_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOhzL2fXxOYix3CjCrzlLwoIPSXb9PavK50mtpdK-2FWF7thydb3q6E5ptEQiOVUz527Ewi1t813S-2FHejAJLe09fD2VqgM8mtwuQZA9i83VLkCPF4iItCSPXKUpNgWQKWxjEO6jlBp5GYVLghrpKcDuea5GONmLMVlbh4fQe7dtjhTFxxxExxfN1kv5tnx1PPl9DjYIyE468wz1qa1Z-2FWJgZrJbIFEpqhd4o5tGGyUoiPcIot5l2j9dpjy7QKj99ZiCz-2BBLi5dHUIl8gC4RxZBl-2FMaH4IZlQyWpqM-2BtZ9uE3ezFUl2fORMwAp4lQk-3D%23Cjanetrosenbach@imageindustries.com&source=gmail-imap&ust=1733149343000000&usg=AOvVaw1uIAp-JnZbTlkY9Td9ZLJjGet hashmaliciousHTMLPhisherBrowse
                                    • 3.160.188.6
                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                    • 3.160.188.18
                                    Annual_Q4_Benefits_&_Bonus_for_Ed.riley#IyNURVhUTlVNUkFORE9NNDUjIw==.docxGet hashmaliciousHTMLPhisherBrowse
                                    • 18.158.211.73
                                    la.bot.arm7.elfGet hashmaliciousUnknownBrowse
                                    • 3.120.233.20
                                    https://docs.zoom.us/doc/5mbYcD6lRBK5O3HcDEXhFA?from=emailGet hashmaliciousUnknownBrowse
                                    • 52.84.151.54
                                    la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                    • 15.188.89.37
                                    http://begantotireo.xyzGet hashmaliciousUnknownBrowse
                                    • 76.223.26.96
                                    AMAZON-02USAccountDocuments - christinal.docxGet hashmaliciousUnknownBrowse
                                    • 13.227.8.48
                                    https://protection.cloze.email/r/EKJc7NAc1aGPd0140vt6MnJzYkpI4pQCyldpUEBtdFT8T8dhNmmHodcXxvKddJW4AhfqaDIQj32BX0HxSGbmPeDqDQs/n/SlBNQ05FV1NMRVRURVI/y52l9ppb.r.ap-northeast-1.awstrack.me/L0/https:%2F%2Fcloudprotectionc5f91e84a2b3d9e748f2a1d9b7e5f0c4a2b3d9e7a5pages.dynamixs.workers.dev%2F/1/010601933048cf65-492c630f-d6b3-471e-a31f-bf186231f1e8-000000/SL9CcqykWh2mQIC7eGiOMwzMSpk=185Get hashmaliciousUnknownBrowse
                                    • 35.79.77.164
                                    https://eastmancuts.jimdosite.com/Get hashmaliciousUnknownBrowse
                                    • 54.171.97.194
                                    https://www.google.com/url?q=https://clickme.thryv.com/ls/click?upn%3Du001.3HlspJ5fg-2BP4CQkV7GSVhvWTpgC6w0k7sA8b2Z9JBYU9BEMXtqHWLHW9PPcpforJszQ3_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOhzL2fXxOYix3CjCrzlLwoIPSXb9PavK50mtpdK-2FWF7thydb3q6E5ptEQiOVUz527Ewi1t813S-2FHejAJLe09fD2VqgM8mtwuQZA9i83VLkCPF4iItCSPXKUpNgWQKWxjEO6jlBp5GYVLghrpKcDuea5GONmLMVlbh4fQe7dtjhTFxxxExxfN1kv5tnx1PPl9DjYIyE468wz1qa1Z-2FWJgZrJbIFEpqhd4o5tGGyUoiPcIot5l2j9dpjy7QKj99ZiCz-2BBLi5dHUIl8gC4RxZBl-2FMaH4IZlQyWpqM-2BtZ9uE3ezFUl2fORMwAp4lQk-3D%23Cjanetrosenbach@imageindustries.com&source=gmail-imap&ust=1733149343000000&usg=AOvVaw1uIAp-JnZbTlkY9Td9ZLJjGet hashmaliciousHTMLPhisherBrowse
                                    • 3.160.188.6
                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                    • 3.160.188.18
                                    Annual_Q4_Benefits_&_Bonus_for_Ed.riley#IyNURVhUTlVNUkFORE9NNDUjIw==.docxGet hashmaliciousHTMLPhisherBrowse
                                    • 18.158.211.73
                                    la.bot.arm7.elfGet hashmaliciousUnknownBrowse
                                    • 3.120.233.20
                                    https://docs.zoom.us/doc/5mbYcD6lRBK5O3HcDEXhFA?from=emailGet hashmaliciousUnknownBrowse
                                    • 52.84.151.54
                                    la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                    • 15.188.89.37
                                    http://begantotireo.xyzGet hashmaliciousUnknownBrowse
                                    • 76.223.26.96
                                    AMAZON-02USAccountDocuments - christinal.docxGet hashmaliciousUnknownBrowse
                                    • 13.227.8.48
                                    https://protection.cloze.email/r/EKJc7NAc1aGPd0140vt6MnJzYkpI4pQCyldpUEBtdFT8T8dhNmmHodcXxvKddJW4AhfqaDIQj32BX0HxSGbmPeDqDQs/n/SlBNQ05FV1NMRVRURVI/y52l9ppb.r.ap-northeast-1.awstrack.me/L0/https:%2F%2Fcloudprotectionc5f91e84a2b3d9e748f2a1d9b7e5f0c4a2b3d9e7a5pages.dynamixs.workers.dev%2F/1/010601933048cf65-492c630f-d6b3-471e-a31f-bf186231f1e8-000000/SL9CcqykWh2mQIC7eGiOMwzMSpk=185Get hashmaliciousUnknownBrowse
                                    • 35.79.77.164
                                    https://eastmancuts.jimdosite.com/Get hashmaliciousUnknownBrowse
                                    • 54.171.97.194
                                    https://www.google.com/url?q=https://clickme.thryv.com/ls/click?upn%3Du001.3HlspJ5fg-2BP4CQkV7GSVhvWTpgC6w0k7sA8b2Z9JBYU9BEMXtqHWLHW9PPcpforJszQ3_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOhzL2fXxOYix3CjCrzlLwoIPSXb9PavK50mtpdK-2FWF7thydb3q6E5ptEQiOVUz527Ewi1t813S-2FHejAJLe09fD2VqgM8mtwuQZA9i83VLkCPF4iItCSPXKUpNgWQKWxjEO6jlBp5GYVLghrpKcDuea5GONmLMVlbh4fQe7dtjhTFxxxExxfN1kv5tnx1PPl9DjYIyE468wz1qa1Z-2FWJgZrJbIFEpqhd4o5tGGyUoiPcIot5l2j9dpjy7QKj99ZiCz-2BBLi5dHUIl8gC4RxZBl-2FMaH4IZlQyWpqM-2BtZ9uE3ezFUl2fORMwAp4lQk-3D%23Cjanetrosenbach@imageindustries.com&source=gmail-imap&ust=1733149343000000&usg=AOvVaw1uIAp-JnZbTlkY9Td9ZLJjGet hashmaliciousHTMLPhisherBrowse
                                    • 3.160.188.6
                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                    • 3.160.188.18
                                    Annual_Q4_Benefits_&_Bonus_for_Ed.riley#IyNURVhUTlVNUkFORE9NNDUjIw==.docxGet hashmaliciousHTMLPhisherBrowse
                                    • 18.158.211.73
                                    la.bot.arm7.elfGet hashmaliciousUnknownBrowse
                                    • 3.120.233.20
                                    https://docs.zoom.us/doc/5mbYcD6lRBK5O3HcDEXhFA?from=emailGet hashmaliciousUnknownBrowse
                                    • 52.84.151.54
                                    la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                    • 15.188.89.37
                                    http://begantotireo.xyzGet hashmaliciousUnknownBrowse
                                    • 76.223.26.96

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\Umbrella.flv.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\W9UAjNR4L6.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):93184
                                    Entropy (8bit):5.551118199874692
                                    Encrypted:false
                                    SSDEEP:768:EGZel/M+0uGAfIi+qXuzMywjZdLJakHX+xWvYR4SYzktFI3tr3/iTnRVOR1MY4ZW:Ol/l0pUjBjZdL4kHG5mktQJVR1Ap8v
                                    MD5:25A598F19FC93ED7ABD222C542270070
                                    SHA1:81E6B383F7200927D12EC89EA471AC72657D2E6A
                                    SHA-256:791DDABC0FE9675F1DE59E055FFD6A292BE34144D9F02803311EB9FB3DCC44EA
                                    SHA-512:B58FACCEFFFDBE44F5725080C0442E827A7AAE7FCCA5763C065D4163D0AA78744643701D1F28EC0412957945297DD11C08A46E42B30D190DF2ADBF58BA70661F
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Umbrella.flv.exe, Author: Joe Security
                                    • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Umbrella.flv.exe, Author: unknown
                                    • Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Umbrella.flv.exe, Author: Florian Roth
                                    • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Umbrella.flv.exe, Author: JPCERT/CC Incident Response Group
                                    • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Umbrella.flv.exe, Author: ditekSHen
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 84%
                                    Reputation:low
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ag.................h..........^.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...df... ...h.................. ..`.reloc...............j..............@..B........................................................@.......H.......................................................................&.(......**..(......*.s.........s.........s.........s..........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.

                                    C:\Umbrella.flv.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\W9UAjNR4L6.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Reputation:high, very likely benign file
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\AppData\Roaming\app

                                    Download File
                                    Process:C:\Users\user\Desktop\W9UAjNR4L6.exe
                                    File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                    Category:dropped
                                    Size (bytes):5
                                    Entropy (8bit):2.321928094887362
                                    Encrypted:false
                                    SSDEEP:3:j:j
                                    MD5:CAC4598FDC0F92181616D12833EB6CA1
                                    SHA1:80A7B7A46A0E8E674B782B9EB569E5430A69C84B
                                    SHA-256:275918973C23AD700F278C69CC03C9C82EC9F4D9ED0F53111AD22BEC197FF440
                                    SHA-512:01A7556BFCCE6D9D8251AADC7F6E6169FDD0477D487CE88729C44BFE8B85B2EEE500985D553C0479765EF5B5C6DC3517C0305EFB9089814C3F8A9EA6FC51C713
                                    Malicious:false
                                    Reputation:moderate, very likely benign file
                                    Preview:.25

                                    C:\autorun.inf

                                    Download File
                                    Process:C:\Users\user\Desktop\W9UAjNR4L6.exe
                                    File Type:Microsoft Windows Autorun file
                                    Category:dropped
                                    Size (bytes):55
                                    Entropy (8bit):4.474554204780528
                                    Encrypted:false
                                    SSDEEP:3:It1KV2PHQCyK0x:e1KAwCyD
                                    MD5:40B1630BE21F39CB17BD1963CAE5A207
                                    SHA1:63C14BD151D42820DD45C033363FA5B9E1D34124
                                    SHA-256:F87E55F1A423B65FD639146F71F6027DBD4D6E69B65D9A17F1744774AA6589E1
                                    SHA-512:833112ED4A9A3C621D2FFFC78F83502B2937B82A2CF9BC692D75D907CE2AA46C2D97CFE23C402DB3292B2DD2655FF8692C3CD00D5BA4D792C3D8AF24958E1926
                                    Malicious:true
                                    Preview:[autorun]..open=C:\Umbrella.flv.exe..shellexecute=C:\..

                                    \Device\ConDrv

                                    Download File
                                    Process:C:\Windows\SysWOW64\netsh.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):313
                                    Entropy (8bit):4.971939296804078
                                    Encrypted:false
                                    SSDEEP:6:/ojfKsUTGN8Ypox42k9L+DbGMKeQE+vigqAZs2E+AYeDPO+Yswyha:wjPIGNrkHk9iaeIM6ADDPOHyha
                                    MD5:689E2126A85BF55121488295EE068FA1
                                    SHA1:09BAAA253A49D80C18326DFBCA106551EBF22DD6
                                    SHA-256:D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
                                    SHA-512:C3736A8FC7E6573FA1B26FE6A901C05EE85C55A4A276F8F569D9EADC9A58BEC507D1BB90DBF9EA62AE79A6783178C69304187D6B90441D82E46F5F56172B5C5C
                                    Malicious:false
                                    Preview:..IMPORTANT: Command executed successfully...However, "netsh firewall" is deprecated;..use "netsh advfirewall firewall" instead...For more information on using "netsh advfirewall firewall" commands..instead of "netsh firewall", see KB article 947709..at https://go.microsoft.com/fwlink/?linkid=121488 .....Ok.....

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Entropy (8bit):5.551118199874692
                                    TrID:
                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                    • Windows Screen Saver (13104/52) 0.07%
                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                    File name:W9UAjNR4L6.exe
                                    File size:93'184 bytes
                                    MD5:25a598f19fc93ed7abd222c542270070
                                    SHA1:81e6b383f7200927d12ec89ea471ac72657d2e6a
                                    SHA256:791ddabc0fe9675f1de59e055ffd6a292be34144d9f02803311eb9fb3dcc44ea
                                    SHA512:b58faccefffdbe44f5725080c0442e827a7aae7fcca5763c065d4163d0aa78744643701d1f28ec0412957945297dd11c08a46e42b30d190df2adbf58ba70661f
                                    SSDEEP:768:EGZel/M+0uGAfIi+qXuzMywjZdLJakHX+xWvYR4SYzktFI3tr3/iTnRVOR1MY4ZW:Ol/l0pUjBjZdL4kHG5mktQJVR1Ap8v
                                    TLSH:C093E74D37E550A5E2FE4AF3A870B2400FB9F0471742938D49E1A9761A33AD84F94DBB
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ag.................h..........^.... ........@.. ....................................@................................

                                    File Icon

                                    Icon Hash:90cececece8e8eb0

                                    Static PE Info

                                    General

                                    Entrypoint:0x41865e
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                    Time Stamp:0x6741C4DC [Sat Nov 23 12:04:44 2024 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                    Entrypoint Preview

                                    Instruction
                                    jmp dword ptr [00402000h]
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x1860c0x4f.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1a0000xc.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x20000x166640x168009ae6749b428cd274e5936d5baee28938False0.36336805555555557data5.583774361201999IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    .reloc0x1a0000xc0x200ff06ea9c63404a08dec111ab855065d8False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Imports

                                    DLLImport
                                    mscoree.dll_CorExeMain

                                    Network Behavior

                                    Suricata IDS Alerts

                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                    2024-11-25T17:37:05.645458+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.4497303.126.37.1812824TCP
                                    2024-11-25T17:37:05.645458+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.4497303.126.37.1812824TCP
                                    2024-11-25T17:37:09.173294+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.4497313.126.37.1812824TCP
                                    2024-11-25T17:37:09.173294+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.4497313.126.37.1812824TCP
                                    2024-11-25T17:37:12.983923+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.4497323.126.37.1812824TCP
                                    2024-11-25T17:37:12.983923+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.4497323.126.37.1812824TCP
                                    2024-11-25T17:37:16.481312+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.4497333.126.37.1812824TCP
                                    2024-11-25T17:37:16.481312+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.4497333.126.37.1812824TCP
                                    2024-11-25T17:37:20.055878+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.4497363.126.37.1812824TCP
                                    2024-11-25T17:37:20.055878+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.4497363.126.37.1812824TCP
                                    2024-11-25T17:37:23.718786+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.4497403.126.37.1812824TCP
                                    2024-11-25T17:37:23.718786+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.4497403.126.37.1812824TCP
                                    2024-11-25T17:37:27.227897+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.4497423.126.37.1812824TCP
                                    2024-11-25T17:37:27.227897+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.4497423.126.37.1812824TCP
                                    2024-11-25T17:37:27.488424+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.4497423.126.37.1812824TCP
                                    2024-11-25T17:37:30.993211+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.4497433.126.37.1812824TCP
                                    2024-11-25T17:37:30.993211+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.4497433.126.37.1812824TCP
                                    2024-11-25T17:37:34.511539+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.4497443.126.37.1812824TCP
                                    2024-11-25T17:37:34.511539+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.4497443.126.37.1812824TCP
                                    2024-11-25T17:37:35.611147+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.4497443.126.37.1812824TCP
                                    2024-11-25T17:37:37.946487+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.4497453.126.37.1812824TCP
                                    2024-11-25T17:37:37.946487+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.4497453.126.37.1812824TCP
                                    2024-11-25T17:37:41.712320+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.4497463.126.37.1812824TCP
                                    2024-11-25T17:37:41.712320+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.4497463.126.37.1812824TCP
                                    2024-11-25T17:37:42.574745+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.4497463.126.37.1812824TCP
                                    2024-11-25T17:37:45.405759+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.4497473.126.37.1812824TCP
                                    2024-11-25T17:37:45.405759+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.4497473.126.37.1812824TCP
                                    2024-11-25T17:37:49.026428+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.4497483.126.37.1812824TCP
                                    2024-11-25T17:37:49.026428+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.4497483.126.37.1812824TCP
                                    2024-11-25T17:37:52.618515+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.4497493.126.37.1812824TCP
                                    2024-11-25T17:37:52.618515+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.4497493.126.37.1812824TCP
                                    2024-11-25T17:37:56.196588+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.4497503.126.37.1812824TCP
                                    2024-11-25T17:37:56.196588+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.4497503.126.37.1812824TCP
                                    2024-11-25T17:38:00.056353+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.4497533.126.37.1812824TCP
                                    2024-11-25T17:38:00.056353+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.4497533.126.37.1812824TCP
                                    2024-11-25T17:38:03.557267+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.4497593.126.37.1812824TCP
                                    2024-11-25T17:38:03.557267+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.4497593.126.37.1812824TCP
                                    2024-11-25T17:38:04.427567+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.4497593.126.37.1812824TCP
                                    2024-11-25T17:38:07.186505+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44976518.156.13.20912824TCP
                                    2024-11-25T17:38:07.186505+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44976518.156.13.20912824TCP
                                    2024-11-25T17:38:07.431361+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.44976518.156.13.20912824TCP
                                    2024-11-25T17:38:10.614625+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44977618.156.13.20912824TCP
                                    2024-11-25T17:38:10.614625+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44977618.156.13.20912824TCP
                                    2024-11-25T17:38:13.808395+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44978218.156.13.20912824TCP
                                    2024-11-25T17:38:13.808395+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44978218.156.13.20912824TCP
                                    2024-11-25T17:38:17.020519+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44978818.156.13.20912824TCP
                                    2024-11-25T17:38:17.020519+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44978818.156.13.20912824TCP
                                    2024-11-25T17:38:20.189801+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44979818.156.13.20912824TCP
                                    2024-11-25T17:38:20.189801+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44979818.156.13.20912824TCP
                                    2024-11-25T17:38:23.045830+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44980418.156.13.20912824TCP
                                    2024-11-25T17:38:23.045830+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44980418.156.13.20912824TCP
                                    2024-11-25T17:38:25.777115+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44981118.156.13.20912824TCP
                                    2024-11-25T17:38:25.777115+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44981118.156.13.20912824TCP
                                    2024-11-25T17:38:28.452694+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44981818.156.13.20912824TCP
                                    2024-11-25T17:38:28.452694+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44981818.156.13.20912824TCP
                                    2024-11-25T17:38:31.260758+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44982418.156.13.20912824TCP
                                    2024-11-25T17:38:31.260758+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44982418.156.13.20912824TCP
                                    2024-11-25T17:38:34.046872+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44983118.156.13.20912824TCP
                                    2024-11-25T17:38:34.046872+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44983118.156.13.20912824TCP
                                    2024-11-25T17:38:36.743738+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44983718.156.13.20912824TCP
                                    2024-11-25T17:38:36.743738+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44983718.156.13.20912824TCP
                                    2024-11-25T17:38:39.508878+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44984518.156.13.20912824TCP
                                    2024-11-25T17:38:39.508878+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44984518.156.13.20912824TCP
                                    2024-11-25T17:38:41.977698+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44985118.156.13.20912824TCP
                                    2024-11-25T17:38:41.977698+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44985118.156.13.20912824TCP
                                    2024-11-25T17:38:44.744336+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44985818.156.13.20912824TCP
                                    2024-11-25T17:38:44.744336+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44985818.156.13.20912824TCP
                                    2024-11-25T17:38:47.499598+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44986518.156.13.20912824TCP
                                    2024-11-25T17:38:47.499598+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44986518.156.13.20912824TCP
                                    2024-11-25T17:38:50.133869+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44987118.156.13.20912824TCP
                                    2024-11-25T17:38:50.133869+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44987118.156.13.20912824TCP
                                    2024-11-25T17:38:52.557329+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44987818.156.13.20912824TCP
                                    2024-11-25T17:38:52.557329+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44987818.156.13.20912824TCP
                                    2024-11-25T17:38:54.665521+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44988218.156.13.20912824TCP
                                    2024-11-25T17:38:54.665521+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44988218.156.13.20912824TCP
                                    2024-11-25T17:38:56.779763+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44988718.156.13.20912824TCP
                                    2024-11-25T17:38:56.779763+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44988718.156.13.20912824TCP
                                    2024-11-25T17:38:58.901645+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44989118.156.13.20912824TCP
                                    2024-11-25T17:38:58.901645+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44989118.156.13.20912824TCP
                                    2024-11-25T17:39:01.123394+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44989818.156.13.20912824TCP
                                    2024-11-25T17:39:01.123394+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44989818.156.13.20912824TCP
                                    2024-11-25T17:39:03.380994+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44990318.156.13.20912824TCP
                                    2024-11-25T17:39:03.380994+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44990318.156.13.20912824TCP
                                    2024-11-25T17:39:05.758016+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44990918.156.13.20912824TCP
                                    2024-11-25T17:39:05.758016+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44990918.156.13.20912824TCP
                                    2024-11-25T17:39:08.368868+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44991618.192.93.8612824TCP
                                    2024-11-25T17:39:08.368868+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44991618.192.93.8612824TCP
                                    2024-11-25T17:39:11.078657+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44992218.192.93.8612824TCP
                                    2024-11-25T17:39:11.078657+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44992218.192.93.8612824TCP
                                    2024-11-25T17:39:13.847332+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44992718.192.93.8612824TCP
                                    2024-11-25T17:39:13.847332+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44992718.192.93.8612824TCP
                                    2024-11-25T17:39:16.594388+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44993318.192.93.8612824TCP
                                    2024-11-25T17:39:16.594388+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44993318.192.93.8612824TCP
                                    2024-11-25T17:39:19.047135+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44993918.192.93.8612824TCP
                                    2024-11-25T17:39:19.047135+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44993918.192.93.8612824TCP
                                    2024-11-25T17:39:21.464134+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44994418.192.93.8612824TCP
                                    2024-11-25T17:39:21.464134+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44994418.192.93.8612824TCP
                                    2024-11-25T17:39:22.574522+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.44994418.192.93.8612824TCP
                                    2024-11-25T17:39:23.634704+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44994718.192.93.8612824TCP
                                    2024-11-25T17:39:23.634704+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44994718.192.93.8612824TCP
                                    2024-11-25T17:39:25.385093+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44995318.192.93.8612824TCP
                                    2024-11-25T17:39:25.385093+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44995318.192.93.8612824TCP
                                    2024-11-25T17:39:27.565444+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44995918.192.93.8612824TCP
                                    2024-11-25T17:39:27.565444+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44995918.192.93.8612824TCP
                                    2024-11-25T17:39:29.720606+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44996518.192.93.8612824TCP
                                    2024-11-25T17:39:29.720606+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44996518.192.93.8612824TCP
                                    2024-11-25T17:39:30.996199+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.44996518.192.93.8612824TCP
                                    2024-11-25T17:39:31.917091+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44996818.192.93.8612824TCP
                                    2024-11-25T17:39:31.917091+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44996818.192.93.8612824TCP
                                    2024-11-25T17:39:33.564055+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44997218.192.93.8612824TCP
                                    2024-11-25T17:39:33.564055+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44997218.192.93.8612824TCP
                                    2024-11-25T17:39:35.688781+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44997818.192.93.8612824TCP
                                    2024-11-25T17:39:35.688781+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44997818.192.93.8612824TCP
                                    2024-11-25T17:39:37.944784+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44998118.192.93.8612824TCP
                                    2024-11-25T17:39:37.944784+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44998118.192.93.8612824TCP
                                    2024-11-25T17:39:40.237683+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44998718.192.93.8612824TCP
                                    2024-11-25T17:39:40.237683+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44998718.192.93.8612824TCP
                                    2024-11-25T17:39:42.064892+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44999318.192.93.8612824TCP
                                    2024-11-25T17:39:42.064892+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44999318.192.93.8612824TCP
                                    2024-11-25T17:39:44.110749+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.44999918.192.93.8612824TCP
                                    2024-11-25T17:39:44.110749+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.44999918.192.93.8612824TCP
                                    2024-11-25T17:39:45.546330+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.44999918.192.93.8612824TCP
                                    2024-11-25T17:39:46.354325+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45000218.192.93.8612824TCP
                                    2024-11-25T17:39:46.354325+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45000218.192.93.8612824TCP
                                    2024-11-25T17:39:48.360451+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45000718.192.93.8612824TCP
                                    2024-11-25T17:39:48.360451+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45000718.192.93.8612824TCP
                                    2024-11-25T17:39:49.969403+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45001218.192.93.8612824TCP
                                    2024-11-25T17:39:49.969403+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45001218.192.93.8612824TCP
                                    2024-11-25T17:39:50.528202+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.45001218.192.93.8612824TCP
                                    2024-11-25T17:39:50.871101+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.45001218.192.93.8612824TCP
                                    2024-11-25T17:39:52.281387+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45001818.192.93.8612824TCP
                                    2024-11-25T17:39:52.281387+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45001818.192.93.8612824TCP
                                    2024-11-25T17:39:54.344606+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45002418.192.93.8612824TCP
                                    2024-11-25T17:39:54.344606+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45002418.192.93.8612824TCP
                                    2024-11-25T17:39:56.532679+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45002718.192.93.8612824TCP
                                    2024-11-25T17:39:56.532679+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45002718.192.93.8612824TCP
                                    2024-11-25T17:39:57.043844+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.45002718.192.93.8612824TCP
                                    2024-11-25T17:39:58.612439+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45003218.192.93.8612824TCP
                                    2024-11-25T17:39:58.612439+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45003218.192.93.8612824TCP
                                    2024-11-25T17:39:59.261927+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.45003218.192.93.8612824TCP
                                    2024-11-25T17:40:00.203352+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45003818.192.93.8612824TCP
                                    2024-11-25T17:40:00.203352+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45003818.192.93.8612824TCP
                                    2024-11-25T17:40:00.985076+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.45003818.192.93.8612824TCP
                                    2024-11-25T17:40:02.281888+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45004218.192.93.8612824TCP
                                    2024-11-25T17:40:02.281888+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45004218.192.93.8612824TCP
                                    2024-11-25T17:40:04.515928+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45004818.192.93.8612824TCP
                                    2024-11-25T17:40:04.515928+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45004818.192.93.8612824TCP
                                    2024-11-25T17:40:06.409213+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45005218.192.93.8612824TCP
                                    2024-11-25T17:40:06.409213+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45005218.192.93.8612824TCP
                                    2024-11-25T17:40:06.665114+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.45005218.192.93.8612824TCP
                                    2024-11-25T17:40:08.533671+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45005718.197.239.512824TCP
                                    2024-11-25T17:40:08.533671+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45005718.197.239.512824TCP
                                    2024-11-25T17:40:10.643778+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45006318.197.239.512824TCP
                                    2024-11-25T17:40:10.643778+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45006318.197.239.512824TCP
                                    2024-11-25T17:40:12.774897+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45006718.197.239.512824TCP
                                    2024-11-25T17:40:12.774897+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45006718.197.239.512824TCP
                                    2024-11-25T17:40:14.940732+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45007318.197.239.512824TCP
                                    2024-11-25T17:40:14.940732+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45007318.197.239.512824TCP
                                    2024-11-25T17:40:16.531892+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45007618.197.239.512824TCP
                                    2024-11-25T17:40:16.531892+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45007618.197.239.512824TCP
                                    2024-11-25T17:40:18.918232+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45007718.197.239.512824TCP
                                    2024-11-25T17:40:18.918232+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45007718.197.239.512824TCP
                                    2024-11-25T17:40:20.923446+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45007818.197.239.512824TCP
                                    2024-11-25T17:40:20.923446+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45007818.197.239.512824TCP
                                    2024-11-25T17:40:23.003503+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45007918.197.239.512824TCP
                                    2024-11-25T17:40:23.003503+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45007918.197.239.512824TCP
                                    2024-11-25T17:40:24.969658+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45008018.197.239.512824TCP
                                    2024-11-25T17:40:24.969658+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45008018.197.239.512824TCP
                                    2024-11-25T17:40:27.229934+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45008118.197.239.512824TCP
                                    2024-11-25T17:40:27.229934+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45008118.197.239.512824TCP
                                    2024-11-25T17:40:29.342285+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45008218.197.239.512824TCP
                                    2024-11-25T17:40:29.342285+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45008218.197.239.512824TCP
                                    2024-11-25T17:40:29.645754+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.45008218.197.239.512824TCP
                                    2024-11-25T17:40:31.344912+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45008318.197.239.512824TCP
                                    2024-11-25T17:40:31.344912+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45008318.197.239.512824TCP
                                    2024-11-25T17:40:32.910359+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45008418.197.239.512824TCP
                                    2024-11-25T17:40:32.910359+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45008418.197.239.512824TCP
                                    2024-11-25T17:40:35.020544+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45008518.197.239.512824TCP
                                    2024-11-25T17:40:35.020544+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45008518.197.239.512824TCP
                                    2024-11-25T17:40:37.016662+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45008618.197.239.512824TCP
                                    2024-11-25T17:40:37.016662+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45008618.197.239.512824TCP
                                    2024-11-25T17:40:38.907187+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45008718.197.239.512824TCP
                                    2024-11-25T17:40:38.907187+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45008718.197.239.512824TCP
                                    2024-11-25T17:40:40.630164+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45008818.197.239.512824TCP
                                    2024-11-25T17:40:40.630164+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45008818.197.239.512824TCP
                                    2024-11-25T17:40:42.287464+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45008918.197.239.512824TCP
                                    2024-11-25T17:40:42.287464+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45008918.197.239.512824TCP
                                    2024-11-25T17:40:43.761798+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45009018.197.239.512824TCP
                                    2024-11-25T17:40:43.761798+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45009018.197.239.512824TCP
                                    2024-11-25T17:40:45.468544+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45009118.197.239.512824TCP
                                    2024-11-25T17:40:45.468544+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45009118.197.239.512824TCP
                                    2024-11-25T17:40:47.313028+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45009218.197.239.512824TCP
                                    2024-11-25T17:40:47.313028+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45009218.197.239.512824TCP
                                    2024-11-25T17:40:49.100588+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45009318.197.239.512824TCP
                                    2024-11-25T17:40:49.100588+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45009318.197.239.512824TCP
                                    2024-11-25T17:40:49.387296+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.45009318.197.239.512824TCP
                                    2024-11-25T17:40:50.578687+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45009418.197.239.512824TCP
                                    2024-11-25T17:40:50.578687+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45009418.197.239.512824TCP
                                    2024-11-25T17:40:52.453488+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45009518.197.239.512824TCP
                                    2024-11-25T17:40:52.453488+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45009518.197.239.512824TCP
                                    2024-11-25T17:40:54.282842+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45009618.197.239.512824TCP
                                    2024-11-25T17:40:54.282842+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45009618.197.239.512824TCP
                                    2024-11-25T17:40:55.883918+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45009718.197.239.512824TCP
                                    2024-11-25T17:40:55.883918+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45009718.197.239.512824TCP
                                    2024-11-25T17:40:57.433066+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45009818.197.239.512824TCP
                                    2024-11-25T17:40:57.433066+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45009818.197.239.512824TCP
                                    2024-11-25T17:40:59.291685+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45009918.197.239.512824TCP
                                    2024-11-25T17:40:59.291685+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45009918.197.239.512824TCP
                                    2024-11-25T17:41:00.949983+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45010018.197.239.512824TCP
                                    2024-11-25T17:41:00.949983+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45010018.197.239.512824TCP
                                    2024-11-25T17:41:02.550162+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45010118.197.239.512824TCP
                                    2024-11-25T17:41:02.550162+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45010118.197.239.512824TCP
                                    2024-11-25T17:41:04.274777+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.45010218.197.239.512824TCP
                                    2024-11-25T17:41:04.274777+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.45010218.197.239.512824TCP

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Nov 25, 2024 17:37:05.390366077 CET4973012824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:05.511183977 CET12824497303.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:05.511274099 CET4973012824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:05.645457983 CET4973012824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:05.765448093 CET12824497303.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:05.765503883 CET4973012824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:05.885669947 CET12824497303.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:07.035363913 CET12824497303.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:07.035593033 CET4973012824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:09.045857906 CET4973012824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:09.047260046 CET4973112824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:09.170896053 CET12824497303.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:09.172139883 CET12824497313.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:09.172214985 CET4973112824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:09.173294067 CET4973112824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:09.293620110 CET12824497313.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:09.293710947 CET4973112824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:09.414917946 CET12824497313.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:10.844494104 CET12824497313.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:10.844676018 CET4973112824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:12.855587959 CET4973112824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:12.856587887 CET4973212824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:12.982407093 CET12824497313.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:12.983124018 CET12824497323.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:12.983309031 CET4973212824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:12.983922958 CET4973212824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:13.104773045 CET12824497323.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:13.104964972 CET4973212824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:13.225153923 CET12824497323.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:14.341418982 CET12824497323.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:14.341523886 CET4973212824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:16.355448008 CET4973212824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:16.356617928 CET4973312824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:16.476996899 CET12824497323.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:16.480335951 CET12824497333.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:16.480437040 CET4973312824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:16.481312037 CET4973312824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:16.604954958 CET12824497333.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:16.605010033 CET4973312824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:16.726243973 CET12824497333.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:17.924386978 CET12824497333.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:17.926104069 CET4973312824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:19.933501005 CET4973312824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:19.934959888 CET4973612824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:20.053678036 CET12824497333.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:20.055068970 CET12824497363.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:20.055207014 CET4973612824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:20.055877924 CET4973612824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:20.175857067 CET12824497363.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:20.175966024 CET4973612824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:20.296262980 CET12824497363.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:21.577419996 CET12824497363.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:21.577624083 CET4973612824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:23.589709997 CET4973612824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:23.590567112 CET4974012824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:23.713346004 CET12824497363.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:23.714066982 CET12824497403.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:23.718286991 CET4974012824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:23.718786001 CET4974012824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:23.838965893 CET12824497403.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:23.839029074 CET4974012824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:23.964176893 CET12824497403.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:25.098208904 CET12824497403.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:25.098293066 CET4974012824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:27.105298996 CET4974012824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:27.106518984 CET4974212824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:27.225842953 CET12824497403.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:27.226958990 CET12824497423.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:27.227190971 CET4974212824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:27.227896929 CET4974212824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:27.349701881 CET12824497423.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:27.349761963 CET4974212824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:27.473090887 CET12824497423.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:27.488424063 CET4974212824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:27.614661932 CET12824497423.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:28.869262934 CET12824497423.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:28.869343996 CET4974212824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:30.870965004 CET4974212824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:30.872396946 CET4974312824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:30.991146088 CET12824497423.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:30.992480040 CET12824497433.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:30.992707968 CET4974312824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:30.993211031 CET4974312824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:31.113328934 CET12824497433.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:31.113410950 CET4974312824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:31.233573914 CET12824497433.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:32.384622097 CET12824497433.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:32.384757042 CET4974312824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:34.386688948 CET4974312824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:34.388976097 CET4974412824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:34.507236004 CET12824497433.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:34.509382010 CET12824497443.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:34.509454966 CET4974412824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:34.511538982 CET4974412824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:34.633444071 CET12824497443.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:34.633518934 CET4974412824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:34.753649950 CET12824497443.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:35.611146927 CET4974412824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:35.733108997 CET12824497443.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:35.813036919 CET12824497443.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:35.813204050 CET4974412824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:37.824182034 CET4974412824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:37.825635910 CET4974512824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:37.944628000 CET12824497443.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:37.945669889 CET12824497453.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:37.945875883 CET4974512824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:37.946486950 CET4974512824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:38.066651106 CET12824497453.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:38.066819906 CET4974512824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:38.190080881 CET12824497453.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:39.585867882 CET12824497453.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:39.585954905 CET4974512824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:41.589725971 CET4974512824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:41.591299057 CET4974612824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:41.709995985 CET12824497453.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:41.711379051 CET12824497463.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:41.711450100 CET4974612824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:41.712320089 CET4974612824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:41.832474947 CET12824497463.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:41.832536936 CET4974612824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:41.952682972 CET12824497463.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:42.574744940 CET4974612824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:42.697671890 CET12824497463.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:43.266458035 CET12824497463.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:43.266537905 CET4974612824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:45.277255058 CET4974612824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:45.278187037 CET4974712824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:45.404392004 CET12824497463.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:45.404973030 CET12824497473.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:45.405066013 CET4974712824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:45.405759096 CET4974712824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:45.527607918 CET12824497473.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:45.527705908 CET4974712824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:45.647881985 CET12824497473.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:46.878285885 CET12824497473.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:46.878369093 CET4974712824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:48.886835098 CET4974712824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:48.888520956 CET4974812824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:49.009244919 CET12824497473.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:49.010680914 CET12824497483.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:49.010776043 CET4974812824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:49.026427984 CET4974812824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:49.147572994 CET12824497483.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:49.147756100 CET4974812824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:49.268579960 CET12824497483.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:50.494189978 CET12824497483.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:50.494281054 CET4974812824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:52.495975971 CET4974812824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:52.497562885 CET4974912824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:52.616516113 CET12824497483.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:52.617677927 CET12824497493.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:52.617758989 CET4974912824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:52.618515015 CET4974912824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:52.739203930 CET12824497493.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:52.739272118 CET4974912824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:52.862226963 CET12824497493.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:54.066910982 CET12824497493.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:54.067008972 CET4974912824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:56.074220896 CET4974912824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:56.075385094 CET4975012824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:56.194679022 CET12824497493.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:56.195389986 CET12824497503.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:56.195570946 CET4975012824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:56.196588039 CET4975012824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:56.316660881 CET12824497503.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:56.316879034 CET4975012824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:56.438235998 CET12824497503.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:57.926135063 CET12824497503.126.37.18192.168.2.4
                                    Nov 25, 2024 17:37:57.926224947 CET4975012824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:59.933470964 CET4975012824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:37:59.934560061 CET4975312824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:38:00.054342985 CET12824497503.126.37.18192.168.2.4
                                    Nov 25, 2024 17:38:00.055458069 CET12824497533.126.37.18192.168.2.4
                                    Nov 25, 2024 17:38:00.055552006 CET4975312824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:38:00.056353092 CET4975312824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:38:00.179187059 CET12824497533.126.37.18192.168.2.4
                                    Nov 25, 2024 17:38:00.182791948 CET4975312824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:38:00.302927971 CET12824497533.126.37.18192.168.2.4
                                    Nov 25, 2024 17:38:01.401604891 CET12824497533.126.37.18192.168.2.4
                                    Nov 25, 2024 17:38:01.401671886 CET4975312824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:38:03.418013096 CET4975312824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:38:03.419843912 CET4975912824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:38:03.538268089 CET12824497533.126.37.18192.168.2.4
                                    Nov 25, 2024 17:38:03.539822102 CET12824497593.126.37.18192.168.2.4
                                    Nov 25, 2024 17:38:03.539901018 CET4975912824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:38:03.557266951 CET4975912824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:38:03.677424908 CET12824497593.126.37.18192.168.2.4
                                    Nov 25, 2024 17:38:03.677608967 CET4975912824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:38:03.797856092 CET12824497593.126.37.18192.168.2.4
                                    Nov 25, 2024 17:38:04.427567005 CET4975912824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:38:04.547638893 CET12824497593.126.37.18192.168.2.4
                                    Nov 25, 2024 17:38:04.927627087 CET12824497593.126.37.18192.168.2.4
                                    Nov 25, 2024 17:38:04.927689075 CET4975912824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:38:06.808737993 CET4975912824192.168.2.43.126.37.18
                                    Nov 25, 2024 17:38:06.928956032 CET12824497593.126.37.18192.168.2.4
                                    Nov 25, 2024 17:38:07.044218063 CET4976512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:07.171135902 CET128244976518.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:07.171252012 CET4976512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:07.186505079 CET4976512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:07.310977936 CET128244976518.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:07.311042070 CET4976512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:07.431298018 CET128244976518.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:07.431360960 CET4976512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:07.551531076 CET128244976518.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:08.725128889 CET128244976518.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:08.725387096 CET4976512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:10.480881929 CET4976512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:10.487535954 CET4977612824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:10.607033968 CET128244976518.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:10.613296986 CET128244977618.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:10.613487959 CET4977612824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:10.614624977 CET4977612824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:10.734863997 CET128244977618.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:10.735006094 CET4977612824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:10.855187893 CET128244977618.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:12.051789045 CET128244977618.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:12.051996946 CET4977612824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:13.683526039 CET4977612824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:13.686728954 CET4978212824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:13.803951025 CET128244977618.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:13.807060003 CET128244978218.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:13.807154894 CET4978212824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:13.808394909 CET4978212824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:13.932466030 CET128244978218.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:13.932607889 CET4978212824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:14.055202007 CET128244978218.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:15.338596106 CET128244978218.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:15.338701963 CET4978212824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:16.872220039 CET4978212824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:16.896709919 CET4978812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:16.992495060 CET128244978218.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:17.018302917 CET128244978818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:17.018388033 CET4978812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:17.020519018 CET4978812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:17.414541960 CET128244978818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:17.414621115 CET4978812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:17.534774065 CET128244978818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:18.626784086 CET128244978818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:18.630100965 CET4978812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:20.062398911 CET4978812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:20.068039894 CET4979812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:20.182521105 CET128244978818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:20.188076019 CET128244979818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:20.188184023 CET4979812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:20.189800978 CET4979812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:20.310441971 CET128244979818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:20.310498953 CET4979812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:20.430607080 CET128244979818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:21.591434002 CET128244979818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:21.591609955 CET4979812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:22.917927980 CET4979812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:22.919012070 CET4980412824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:23.043735027 CET128244979818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:23.044781923 CET128244980418.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:23.044857025 CET4980412824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:23.045830011 CET4980412824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:23.173856020 CET128244980418.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:23.173911095 CET4980412824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:23.351906061 CET128244980418.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:24.417893887 CET128244980418.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:24.417978048 CET4980412824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:25.652404070 CET4980412824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:25.653482914 CET4981112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:25.772855043 CET128244980418.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:25.773602009 CET128244981118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:25.773691893 CET4981112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:25.777115107 CET4981112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:25.903345108 CET128244981118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:25.903836966 CET4981112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:26.023870945 CET128244981118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:27.166013956 CET128244981118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:27.166091919 CET4981112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:28.324178934 CET4981112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:28.325186014 CET4981812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:28.450666904 CET128244981118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:28.451611042 CET128244981818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:28.451752901 CET4981812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:28.452693939 CET4981812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:28.574357986 CET128244981818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:28.574456930 CET4981812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:28.696145058 CET128244981818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:30.047749043 CET128244981818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:30.048072100 CET4981812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:31.138232946 CET4981812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:31.139204025 CET4982412824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:31.258958101 CET128244981818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:31.259773016 CET128244982418.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:31.259850025 CET4982412824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:31.260757923 CET4982412824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:31.380728006 CET128244982418.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:31.380783081 CET4982412824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:31.500917912 CET128244982418.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:32.908560991 CET128244982418.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:32.908660889 CET4982412824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:33.917974949 CET4982412824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:33.919105053 CET4983112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:34.044779062 CET128244982418.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:34.045681000 CET128244983118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:34.045783997 CET4983112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:34.046871901 CET4983112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:34.171740055 CET128244983118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:34.172171116 CET4983112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:34.297396898 CET128244983118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:35.646737099 CET128244983118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:35.648086071 CET4983112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:36.589827061 CET4983112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:36.590945005 CET4983712824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:36.709917068 CET128244983118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:36.742702007 CET128244983718.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:36.742932081 CET4983712824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:36.743737936 CET4983712824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:36.863745928 CET128244983718.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:36.863846064 CET4983712824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:36.983839989 CET128244983718.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:38.498825073 CET128244983718.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:38.499030113 CET4983712824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:39.386874914 CET4983712824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:39.387912989 CET4984512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:39.506947041 CET128244983718.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:39.507849932 CET128244984518.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:39.507936954 CET4984512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:39.508877993 CET4984512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:39.628846884 CET128244984518.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:39.628917933 CET4984512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:39.748958111 CET128244984518.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:41.030947924 CET128244984518.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:41.031181097 CET4984512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:41.855436087 CET4984512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:41.856422901 CET4985112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:41.975449085 CET128244984518.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:41.976638079 CET128244985118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:41.976821899 CET4985112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:41.977698088 CET4985112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:42.097719908 CET128244985118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:42.097831964 CET4985112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:42.218332052 CET128244985118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:43.847454071 CET128244985118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:43.847506046 CET4985112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:44.621058941 CET4985112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:44.621964931 CET4985812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:44.742207050 CET128244985118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:44.743042946 CET128244985818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:44.743129015 CET4985812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:44.744335890 CET4985812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:44.864290953 CET128244985818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:44.864361048 CET4985812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:44.987957954 CET128244985818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:46.646126032 CET128244985818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:46.646183968 CET4985812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:47.371260881 CET4985812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:47.372677088 CET4986512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:47.496732950 CET128244985818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:47.497811079 CET128244986518.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:47.497911930 CET4986512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:47.499598026 CET4986512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:47.619528055 CET128244986518.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:47.619679928 CET4986512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:47.739790916 CET128244986518.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:49.337873936 CET128244986518.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:49.337928057 CET4986512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:50.011742115 CET4986512824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:50.012806892 CET4987112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:50.131962061 CET128244986518.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:50.132888079 CET128244987118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:50.132956028 CET4987112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:50.133868933 CET4987112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:50.256853104 CET128244987118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:50.256939888 CET4987112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:50.383747101 CET128244987118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:51.804527044 CET128244987118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:51.805003881 CET4987112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:52.433798075 CET4987112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:52.435339928 CET4987812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:52.554838896 CET128244987118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:52.556340933 CET128244987818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:52.556565046 CET4987812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:52.557328939 CET4987812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:52.679177999 CET128244987818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:52.679305077 CET4987812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:52.802879095 CET128244987818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:53.964950085 CET128244987818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:53.965003014 CET4987812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:54.542987108 CET4987812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:54.544198036 CET4988212824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:54.663547993 CET128244987818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:54.664448977 CET128244988218.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:54.664518118 CET4988212824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:54.665520906 CET4988212824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:54.785824060 CET128244988218.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:54.785882950 CET4988212824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:54.906981945 CET128244988218.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:56.088918924 CET128244988218.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:56.091160059 CET4988212824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:56.653189898 CET4988212824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:56.657876015 CET4988712824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:56.773945093 CET128244988218.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:56.778573990 CET128244988718.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:56.778670073 CET4988712824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:56.779762983 CET4988712824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:56.899785042 CET128244988718.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:56.899840117 CET4988712824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:57.020241022 CET128244988718.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:58.268635035 CET128244988718.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:58.268704891 CET4988712824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:58.777456999 CET4988712824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:58.778491974 CET4989112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:58.899542093 CET128244988718.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:58.900587082 CET128244989118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:58.900755882 CET4989112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:58.901644945 CET4989112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:59.025057077 CET128244989118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:38:59.025136948 CET4989112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:38:59.151916027 CET128244989118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:39:00.516755104 CET128244989118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:39:00.516856909 CET4989112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:00.996130943 CET4989112824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:00.997009993 CET4989812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:01.116446018 CET128244989118.156.13.209192.168.2.4
                                    Nov 25, 2024 17:39:01.118242025 CET128244989818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:39:01.122524977 CET4989812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:01.123394012 CET4989812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:01.243278027 CET128244989818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:39:01.246229887 CET4989812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:01.369102955 CET128244989818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:39:02.791382074 CET128244989818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:39:02.791461945 CET4989812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:03.232795954 CET4989812824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:03.239950895 CET4990312824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:03.353446007 CET128244989818.156.13.209192.168.2.4
                                    Nov 25, 2024 17:39:03.359954119 CET128244990318.156.13.209192.168.2.4
                                    Nov 25, 2024 17:39:03.362189054 CET4990312824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:03.380994081 CET4990312824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:03.500983953 CET128244990318.156.13.209192.168.2.4
                                    Nov 25, 2024 17:39:03.502126932 CET4990312824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:03.622081995 CET128244990318.156.13.209192.168.2.4
                                    Nov 25, 2024 17:39:05.215420961 CET128244990318.156.13.209192.168.2.4
                                    Nov 25, 2024 17:39:05.215492010 CET4990312824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:05.636676073 CET4990312824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:05.637427092 CET4990912824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:05.756730080 CET128244990318.156.13.209192.168.2.4
                                    Nov 25, 2024 17:39:05.757354021 CET128244990918.156.13.209192.168.2.4
                                    Nov 25, 2024 17:39:05.757438898 CET4990912824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:05.758016109 CET4990912824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:05.878096104 CET128244990918.156.13.209192.168.2.4
                                    Nov 25, 2024 17:39:05.878182888 CET4990912824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:05.998107910 CET128244990918.156.13.209192.168.2.4
                                    Nov 25, 2024 17:39:07.616302967 CET128244990918.156.13.209192.168.2.4
                                    Nov 25, 2024 17:39:07.616390944 CET4990912824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:08.011708021 CET4990912824192.168.2.418.156.13.209
                                    Nov 25, 2024 17:39:08.133363008 CET128244990918.156.13.209192.168.2.4
                                    Nov 25, 2024 17:39:08.247479916 CET4991612824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:08.367614031 CET128244991618.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:08.367693901 CET4991612824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:08.368868113 CET4991612824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:08.488941908 CET128244991618.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:08.489006996 CET4991612824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:08.609086037 CET128244991618.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:10.431494951 CET128244991618.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:10.432161093 CET4991612824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:10.792996883 CET4991612824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:10.793910027 CET4992212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:11.077672005 CET128244991618.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:11.077717066 CET128244992218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:11.077790022 CET4992212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:11.078656912 CET4992212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:11.545886040 CET128244992218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:11.545958996 CET4992212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:12.339775085 CET4992212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:12.454519033 CET128244992218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:12.673568010 CET128244992218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:13.125572920 CET128244992218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:13.127784014 CET4992212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:13.465194941 CET4992212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:13.490257025 CET4992712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:13.593044996 CET128244992218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:13.846266985 CET128244992718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:13.846692085 CET4992712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:13.847332001 CET4992712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:13.974894047 CET128244992718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:13.974971056 CET4992712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:14.225555897 CET128244992718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:15.915724039 CET128244992718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:15.915813923 CET4992712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:16.231235027 CET4992712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:16.232189894 CET4993312824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:16.593605995 CET128244992718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:16.593653917 CET128244993318.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:16.593739033 CET4993312824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:16.594388008 CET4993312824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:16.949325085 CET128244993318.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:16.949470997 CET4993312824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:17.077750921 CET128244993318.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:18.621828079 CET128244993318.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:18.621995926 CET4993312824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:18.917979956 CET4993312824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:18.918752909 CET4993912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:19.045881987 CET128244993318.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:19.046427965 CET128244993918.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:19.046524048 CET4993912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:19.047135115 CET4993912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:19.393841028 CET128244993918.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:19.393961906 CET4993912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:19.522141933 CET128244993918.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:20.816957951 CET128244993918.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:20.817024946 CET4993912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:21.101079941 CET4993912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:21.105674982 CET4994412824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:21.286120892 CET128244993918.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:21.461147070 CET128244994418.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:21.463280916 CET4994412824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:21.464133978 CET4994412824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:21.591458082 CET128244994418.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:21.591531038 CET4994412824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:21.719661951 CET128244994418.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:22.574522018 CET4994412824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:22.701880932 CET128244994418.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:23.185590982 CET128244994418.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:23.185702085 CET4994412824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:23.454190016 CET4994412824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:23.455209970 CET4994712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:23.581645012 CET128244994418.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:23.634133101 CET128244994718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:23.634203911 CET4994712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:23.634704113 CET4994712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:23.837806940 CET128244994718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:23.837857008 CET4994712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:23.965723038 CET128244994718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:25.004806995 CET128244994718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:25.004883051 CET4994712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:25.253443956 CET4994712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:25.254542112 CET4995312824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:25.383152008 CET128244994718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:25.384152889 CET128244995318.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:25.384572983 CET4995312824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:25.385092974 CET4995312824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:25.512979031 CET128244995318.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:25.513087034 CET4995312824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:25.641658068 CET128244995318.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:27.205904007 CET128244995318.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:27.206233025 CET4995312824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:27.433644056 CET4995312824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:27.434453964 CET4995912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:27.561063051 CET128244995318.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:27.561976910 CET128244995918.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:27.562067986 CET4995912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:27.565443993 CET4995912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:27.693116903 CET128244995918.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:27.693183899 CET4995912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:27.820739031 CET128244995918.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:29.382765055 CET128244995918.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:29.382828951 CET4995912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:29.589916945 CET4995912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:29.591032982 CET4996512824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:29.718760967 CET128244995918.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:29.719705105 CET128244996518.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:29.719773054 CET4996512824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:29.720606089 CET4996512824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:29.848202944 CET128244996518.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:29.848268032 CET4996512824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:30.077420950 CET128244996518.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:30.996198893 CET4996512824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:31.186423063 CET128244996518.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:31.520582914 CET128244996518.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:31.520720005 CET4996512824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:31.730798960 CET4996512824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:31.751653910 CET4996812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:31.909672976 CET128244996518.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:31.909684896 CET128244996818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:31.909761906 CET4996812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:31.917090893 CET4996812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:32.044718981 CET128244996818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:32.044770002 CET4996812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:32.172944069 CET128244996818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:33.241401911 CET128244996818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:33.241556883 CET4996812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:33.433669090 CET4996812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:33.434715033 CET4997212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:33.562954903 CET128244996818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:33.563503027 CET128244997218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:33.563580990 CET4997212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:33.564054966 CET4997212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:33.855504036 CET128244997218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:33.855585098 CET4997212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:33.985861063 CET128244997218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:35.389305115 CET128244997218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:35.389388084 CET4997212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:35.558619976 CET4997212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:35.559489012 CET4997812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:35.686580896 CET128244997218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:35.687660933 CET128244997818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:35.687738895 CET4997812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:35.688781023 CET4997812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:35.993927002 CET128244997818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:35.994014025 CET4997812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:36.329436064 CET128244997818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:37.480015993 CET128244997818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:37.480200052 CET4997812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:37.657260895 CET4997812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:37.687141895 CET4998112824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:37.943372011 CET128244997818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:37.943398952 CET128244998118.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:37.943555117 CET4998112824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:37.944783926 CET4998112824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:38.072268009 CET128244998118.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:38.072329998 CET4998112824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:38.361498117 CET128244998118.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:39.767853022 CET128244998118.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:39.768188000 CET4998112824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:39.918191910 CET4998112824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:39.918890953 CET4998712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:40.236876011 CET128244998118.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:40.236949921 CET128244998718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:40.237169027 CET4998712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:40.237683058 CET4998712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:40.365080118 CET128244998718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:40.368256092 CET4998712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:40.657623053 CET128244998718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:41.664649010 CET128244998718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:41.664757967 CET4998712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:41.808633089 CET4998712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:41.809437037 CET4999312824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:42.064285040 CET128244998718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:42.064337015 CET128244999318.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:42.064429998 CET4999312824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:42.064892054 CET4999312824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:42.194006920 CET128244999318.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:42.196180105 CET4999312824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:42.324306965 CET128244999318.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:43.570086002 CET128244999318.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:43.570204020 CET4999312824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:43.724827051 CET4999312824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:43.729787111 CET4999912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:43.981165886 CET128244999318.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:44.109813929 CET128244999918.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:44.109900951 CET4999912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:44.110749006 CET4999912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:44.238435984 CET128244999918.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:44.238615036 CET4999912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:44.366275072 CET128244999918.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:45.546329975 CET4999912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:45.673899889 CET128244999918.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:45.916233063 CET128244999918.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:45.916295052 CET4999912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:46.043333054 CET4999912824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:46.044327021 CET5000212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:46.337476969 CET128244999918.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:46.337580919 CET128245000218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:46.337721109 CET5000212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:46.354325056 CET5000212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:46.721064091 CET128245000218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:46.722331047 CET5000212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:46.849881887 CET128245000218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:48.118746996 CET128245000218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:48.118813992 CET5000212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:48.230530977 CET5000212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:48.231301069 CET5000712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:48.358798027 CET128245000218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:48.359720945 CET128245000718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:48.359944105 CET5000712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:48.360450983 CET5000712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:48.488223076 CET128245000718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:48.488279104 CET5000712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:48.615686893 CET128245000718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:49.721158981 CET128245000718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:49.721268892 CET5000712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:49.839919090 CET5000712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:49.840958118 CET5001212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:49.967674971 CET128245000718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:49.968508959 CET128245001218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:49.968596935 CET5001212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:49.969403028 CET5001212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:50.096733093 CET128245001218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:50.096900940 CET5001212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:50.223920107 CET128245001218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:50.528202057 CET5001212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:50.871100903 CET5001212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:50.953607082 CET128245001218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:50.998851061 CET128245001218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:52.041964054 CET128245001218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:52.042304039 CET5001212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:52.152400017 CET5001212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:52.153115034 CET5001812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:52.279973030 CET128245001218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:52.280641079 CET128245001818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:52.280782938 CET5001812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:52.281387091 CET5001812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:52.408977032 CET128245001818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:52.410419941 CET5001812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:52.538032055 CET128245001818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:54.117552996 CET128245001818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:54.117643118 CET5001812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:54.215066910 CET5001812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:54.216073036 CET5002412824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:54.342678070 CET128245001818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:54.343708038 CET128245002418.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:54.343791962 CET5002412824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:54.344605923 CET5002412824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:54.472151041 CET128245002418.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:54.472239971 CET5002412824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:54.600644112 CET128245002418.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:56.313612938 CET128245002418.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:56.313687086 CET5002412824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:56.402687073 CET5002412824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:56.404387951 CET5002712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:56.530139923 CET128245002418.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:56.531744957 CET128245002718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:56.531831980 CET5002712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:56.532679081 CET5002712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:56.849746943 CET128245002718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:56.849807024 CET5002712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:56.977751017 CET128245002718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:57.043843985 CET5002712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:57.171372890 CET128245002718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:58.400819063 CET128245002718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:58.400881052 CET5002712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:58.482284069 CET5002712824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:58.484193087 CET5003212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:58.609818935 CET128245002718.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:58.611479044 CET128245003218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:58.611565113 CET5003212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:58.612438917 CET5003212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:58.739861965 CET128245003218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:58.739937067 CET5003212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:58.866970062 CET128245003218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:59.261926889 CET5003212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:39:59.389508963 CET128245003218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:59.999145985 CET128245003218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:39:59.999202967 CET5003212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:00.074388027 CET5003212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:00.075047970 CET5003812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:00.201869965 CET128245003218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:00.202750921 CET128245003818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:00.202944040 CET5003812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:00.203351974 CET5003812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:00.330981970 CET128245003818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:00.331168890 CET5003812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:00.458870888 CET128245003818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:00.985075951 CET5003812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:01.112833977 CET128245003818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:02.078346968 CET128245003818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:02.078413963 CET5003812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:02.152460098 CET5003812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:02.153332949 CET5004212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:02.280175924 CET128245003818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:02.280900955 CET128245004218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:02.280987024 CET5004212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:02.281888008 CET5004212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:02.409342051 CET128245004218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:02.409533978 CET5004212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:02.536974907 CET128245004218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:04.309516907 CET128245004218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:04.309612036 CET5004212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:04.386847019 CET5004212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:04.387887955 CET5004812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:04.514333010 CET128245004218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:04.515146017 CET128245004818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:04.515242100 CET5004812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:04.515928030 CET5004812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:04.643466949 CET128245004818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:04.643541098 CET5004812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:04.771135092 CET128245004818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:06.209826946 CET128245004818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:06.209896088 CET5004812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:06.277899981 CET5004812824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:06.280641079 CET5005212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:06.405366898 CET128245004818.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:06.408298016 CET128245005218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:06.408648968 CET5005212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:06.409213066 CET5005212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:06.536943913 CET128245005218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:06.537281990 CET5005212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:06.664830923 CET128245005218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:06.665113926 CET5005212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:06.792931080 CET128245005218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:08.108159065 CET128245005218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:08.108261108 CET5005212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:08.171894073 CET5005212824192.168.2.418.192.93.86
                                    Nov 25, 2024 17:40:08.299724102 CET128245005218.192.93.86192.168.2.4
                                    Nov 25, 2024 17:40:08.405019999 CET5005712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:08.532702923 CET128245005718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:08.532777071 CET5005712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:08.533670902 CET5005712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:08.661015034 CET128245005718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:08.661096096 CET5005712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:09.005068064 CET128245005718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:10.445595026 CET128245005718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:10.445677996 CET5005712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:10.513257027 CET5005712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:10.514971972 CET5006312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:10.641889095 CET128245005718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:10.642786026 CET128245006318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:10.642914057 CET5006312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:10.643778086 CET5006312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:10.772284031 CET128245006318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:10.776228905 CET5006312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:10.903362036 CET128245006318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:12.471092939 CET128245006318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:12.471165895 CET5006312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:12.527744055 CET5006312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:12.531426907 CET5006712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:12.769675016 CET128245006318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:12.769730091 CET128245006718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:12.769835949 CET5006712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:12.774897099 CET5006712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:12.902435064 CET128245006718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:12.902519941 CET5006712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:13.030119896 CET128245006718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:14.753621101 CET128245006718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:14.753736019 CET5006712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:14.809137106 CET5006712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:14.812228918 CET5007312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:14.936695099 CET128245006718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:14.939798117 CET128245007318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:14.939920902 CET5007312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:14.940732002 CET5007312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:15.068267107 CET128245007318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:15.068356991 CET5007312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:15.195729017 CET128245007318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:16.345058918 CET128245007318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:16.347992897 CET5007312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:16.402523041 CET5007312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:16.403546095 CET5007612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:16.530164957 CET128245007318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:16.530949116 CET128245007618.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:16.531044006 CET5007612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:16.531892061 CET5007612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:16.659363031 CET128245007618.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:16.660281897 CET5007612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:17.058660984 CET5007612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:17.075740099 CET128245007618.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:17.186923981 CET128245007618.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:18.725608110 CET128245007618.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:18.725687027 CET5007612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:18.787933111 CET5007612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:18.789253950 CET5007712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:18.915935040 CET128245007618.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:18.917151928 CET128245007718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:18.917268038 CET5007712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:18.918231964 CET5007712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:19.045728922 CET128245007718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:19.045815945 CET5007712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:19.173788071 CET128245007718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:20.743041039 CET128245007718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:20.743112087 CET5007712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:20.793117046 CET5007712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:20.793951035 CET5007812824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:20.921622038 CET128245007718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:20.922462940 CET128245007818.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:20.922569036 CET5007812824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:20.923445940 CET5007812824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:21.051188946 CET128245007818.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:21.051249027 CET5007812824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:21.179117918 CET128245007818.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:22.830573082 CET128245007818.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:22.830660105 CET5007812824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:22.871335030 CET5007812824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:22.872304916 CET5007912824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:22.998845100 CET128245007818.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:22.999588966 CET128245007918.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:22.999666929 CET5007912824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:23.003503084 CET5007912824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:23.132328033 CET128245007918.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:23.132400990 CET5007912824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:23.260003090 CET128245007918.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:24.794456005 CET128245007918.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:24.794550896 CET5007912824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:24.840085030 CET5007912824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:24.841017962 CET5008012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:24.967806101 CET128245007918.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:24.968645096 CET128245008018.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:24.968740940 CET5008012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:24.969657898 CET5008012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:25.371203899 CET5008012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:25.445442915 CET128245008018.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:25.445493937 CET5008012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:25.498776913 CET128245008018.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:25.573234081 CET128245008018.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:27.049484015 CET128245008018.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:27.049544096 CET5008012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:27.090954065 CET5008012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:27.096565962 CET5008112824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:27.173827887 CET128245008018.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:27.173878908 CET5008012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:27.218858004 CET128245008018.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:27.224298000 CET128245008118.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:27.224373102 CET5008112824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:27.229933977 CET5008112824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:27.357696056 CET128245008118.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:27.357762098 CET5008112824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:27.485213995 CET128245008118.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:29.009951115 CET128245008118.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:29.012279987 CET5008112824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:29.043216944 CET5008112824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:29.044122934 CET5008212824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:29.341320992 CET128245008118.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:29.341348886 CET128245008218.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:29.341434956 CET5008212824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:29.342284918 CET5008212824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:29.469703913 CET128245008218.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:29.469952106 CET5008212824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:29.597680092 CET128245008218.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:29.645754099 CET5008212824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:29.773510933 CET128245008218.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:31.172564030 CET128245008218.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:31.174407959 CET5008212824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:31.214983940 CET5008212824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:31.215917110 CET5008312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:31.342236996 CET128245008218.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:31.343431950 CET128245008318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:31.343517065 CET5008312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:31.344912052 CET5008312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:31.472635031 CET128245008318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:31.474569082 CET5008312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:31.602452040 CET128245008318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:32.752371073 CET128245008318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:32.752585888 CET5008312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:32.777534008 CET5008312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:32.778584957 CET5008412824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:32.905236959 CET128245008318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:32.906153917 CET128245008418.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:32.906251907 CET5008412824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:32.910358906 CET5008412824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:33.038032055 CET128245008418.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:33.038100958 CET5008412824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:33.166021109 CET128245008418.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:34.721967936 CET128245008418.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:34.722070932 CET5008412824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:34.817905903 CET5008412824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:34.892146111 CET5008512824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:34.945332050 CET128245008418.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:35.019556999 CET128245008518.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:35.019655943 CET5008512824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:35.020544052 CET5008512824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:35.148062944 CET128245008518.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:35.148132086 CET5008512824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:35.275700092 CET128245008518.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:36.855994940 CET128245008518.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:36.858661890 CET5008512824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:36.887092113 CET5008512824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:36.888009071 CET5008612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:37.014578104 CET128245008518.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:37.015594959 CET128245008618.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:37.015676975 CET5008612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:37.016661882 CET5008612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:37.144109964 CET128245008618.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:37.144188881 CET5008612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:37.271704912 CET128245008618.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:38.742012978 CET128245008618.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:38.742208004 CET5008612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:38.777592897 CET5008612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:38.778527975 CET5008712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:38.905015945 CET128245008618.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:38.905957937 CET128245008718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:38.906044960 CET5008712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:38.907186985 CET5008712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:39.034861088 CET128245008718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:39.034938097 CET5008712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:39.162708998 CET128245008718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:40.472007036 CET128245008718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:40.472223997 CET5008712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:40.496320009 CET5008712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:40.499422073 CET5008812824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:40.623822927 CET128245008718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:40.627109051 CET128245008818.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:40.627176046 CET5008812824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:40.630163908 CET5008812824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:40.758088112 CET128245008818.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:40.758167028 CET5008812824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:40.885642052 CET128245008818.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:42.132198095 CET128245008818.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:42.134763956 CET5008812824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:42.152554989 CET5008812824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:42.156302929 CET5008912824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:42.280759096 CET128245008818.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:42.284224033 CET128245008918.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:42.286700964 CET5008912824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:42.287463903 CET5008912824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:42.414838076 CET128245008918.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:42.418361902 CET5008912824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:42.545692921 CET128245008918.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:43.611201048 CET128245008918.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:43.611397982 CET5008912824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:43.638438940 CET5008912824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:43.640284061 CET5009012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:43.758900881 CET128245008918.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:43.760796070 CET128245009018.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:43.760881901 CET5009012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:43.761797905 CET5009012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:43.883095980 CET128245009018.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:43.883157969 CET5009012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:44.003876925 CET128245009018.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:45.319283962 CET128245009018.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:45.319475889 CET5009012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:45.340233088 CET5009012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:45.342407942 CET5009112824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:45.466466904 CET128245009018.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:45.467959881 CET128245009118.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:45.468143940 CET5009112824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:45.468544006 CET5009112824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:45.594609022 CET128245009118.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:45.594687939 CET5009112824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:45.722460032 CET128245009118.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:47.158221006 CET128245009118.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:47.162587881 CET5009112824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:47.183752060 CET5009112824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:47.184669018 CET5009212824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:47.310990095 CET128245009118.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:47.312133074 CET128245009218.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:47.312230110 CET5009212824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:47.313028097 CET5009212824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:47.440649986 CET128245009218.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:47.442322969 CET5009212824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:47.569730043 CET128245009218.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:48.942243099 CET128245009218.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:48.942480087 CET5009212824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:48.965398073 CET5009212824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:48.973364115 CET5009312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:49.092658997 CET128245009218.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:49.100004911 CET128245009318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:49.100080967 CET5009312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:49.100588083 CET5009312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:49.228106976 CET128245009318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:49.228173018 CET5009312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:49.355477095 CET128245009318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:49.387295961 CET5009312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:49.514708042 CET128245009318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:50.425286055 CET128245009318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:50.425367117 CET5009312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:50.449372053 CET5009312824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:50.450114012 CET5009412824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:50.576632023 CET128245009318.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:50.577827930 CET128245009418.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:50.577919960 CET5009412824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:50.578686953 CET5009412824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:50.705713987 CET128245009418.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:50.705801010 CET5009412824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:50.833033085 CET128245009418.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:52.308619022 CET128245009418.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:52.308712959 CET5009412824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:52.324384928 CET5009412824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:52.325290918 CET5009512824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:52.451710939 CET128245009418.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:52.452765942 CET128245009518.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:52.452857018 CET5009512824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:52.453488111 CET5009512824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:52.581407070 CET128245009518.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:52.581486940 CET5009512824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:52.708915949 CET128245009518.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:54.139373064 CET128245009518.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:54.139480114 CET5009512824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:54.152519941 CET5009512824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:54.153598070 CET5009612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:54.281439066 CET128245009518.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:54.282001972 CET128245009618.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:54.282098055 CET5009612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:54.282841921 CET5009612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:54.410201073 CET128245009618.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:54.410303116 CET5009612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:54.531039953 CET128245009618.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:55.743213892 CET128245009618.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:55.743289948 CET5009612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:55.761904001 CET5009612824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:55.762820005 CET5009712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:55.882289886 CET128245009618.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:55.883167982 CET128245009718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:55.883249998 CET5009712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:55.883918047 CET5009712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:56.005008936 CET128245009718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:56.005070925 CET5009712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:56.125752926 CET128245009718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:57.291414976 CET128245009718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:57.291620970 CET5009712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:57.308871031 CET5009712824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:57.309537888 CET5009812824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:57.429341078 CET128245009718.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:57.430080891 CET128245009818.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:57.430175066 CET5009812824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:57.433065891 CET5009812824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:57.553414106 CET128245009818.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:57.553667068 CET5009812824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:57.674401999 CET128245009818.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:59.156424999 CET128245009818.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:59.156634092 CET5009812824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:59.168160915 CET5009812824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:59.168987989 CET5009912824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:59.288480043 CET128245009818.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:59.289427996 CET128245009918.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:59.289520025 CET5009912824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:59.291685104 CET5009912824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:59.412029028 CET128245009918.197.239.5192.168.2.4
                                    Nov 25, 2024 17:40:59.412106037 CET5009912824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:40:59.532677889 CET128245009918.197.239.5192.168.2.4
                                    Nov 25, 2024 17:41:00.806189060 CET128245009918.197.239.5192.168.2.4
                                    Nov 25, 2024 17:41:00.806394100 CET5009912824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:41:00.825933933 CET5009912824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:41:00.827712059 CET5010012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:41:00.947448015 CET128245009918.197.239.5192.168.2.4
                                    Nov 25, 2024 17:41:00.949268103 CET128245010018.197.239.5192.168.2.4
                                    Nov 25, 2024 17:41:00.949584961 CET5010012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:41:00.949982882 CET5010012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:41:01.070864916 CET128245010018.197.239.5192.168.2.4
                                    Nov 25, 2024 17:41:01.071043968 CET5010012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:41:01.194720984 CET128245010018.197.239.5192.168.2.4
                                    Nov 25, 2024 17:41:02.406498909 CET128245010018.197.239.5192.168.2.4
                                    Nov 25, 2024 17:41:02.406755924 CET5010012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:41:02.418200016 CET5010012824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:41:02.418899059 CET5010112824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:41:02.538717985 CET128245010018.197.239.5192.168.2.4
                                    Nov 25, 2024 17:41:02.539289951 CET128245010118.197.239.5192.168.2.4
                                    Nov 25, 2024 17:41:02.539350986 CET5010112824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:41:02.550162077 CET5010112824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:41:02.670679092 CET128245010118.197.239.5192.168.2.4
                                    Nov 25, 2024 17:41:02.670922995 CET5010112824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:41:02.791506052 CET128245010118.197.239.5192.168.2.4
                                    Nov 25, 2024 17:41:04.138622999 CET128245010118.197.239.5192.168.2.4
                                    Nov 25, 2024 17:41:04.138830900 CET5010112824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:41:04.152571917 CET5010112824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:41:04.153666973 CET5010212824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:41:04.273144007 CET128245010118.197.239.5192.168.2.4
                                    Nov 25, 2024 17:41:04.273956060 CET128245010218.197.239.5192.168.2.4
                                    Nov 25, 2024 17:41:04.274064064 CET5010212824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:41:04.274776936 CET5010212824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:41:04.395170927 CET128245010218.197.239.5192.168.2.4
                                    Nov 25, 2024 17:41:04.398467064 CET5010212824192.168.2.418.197.239.5
                                    Nov 25, 2024 17:41:04.518831015 CET128245010218.197.239.5192.168.2.4
                                    Nov 25, 2024 17:41:05.951510906 CET128245010218.197.239.5192.168.2.4
                                    Nov 25, 2024 17:41:05.951566935 CET5010212824192.168.2.418.197.239.5

                                    UDP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Nov 25, 2024 17:37:05.084919930 CET5490653192.168.2.41.1.1.1
                                    Nov 25, 2024 17:37:05.387588024 CET53549061.1.1.1192.168.2.4
                                    Nov 25, 2024 17:38:06.819610119 CET5619853192.168.2.41.1.1.1
                                    Nov 25, 2024 17:38:07.042567015 CET53561981.1.1.1192.168.2.4
                                    Nov 25, 2024 17:39:08.012379885 CET5092653192.168.2.41.1.1.1
                                    Nov 25, 2024 17:39:08.246834040 CET53509261.1.1.1192.168.2.4
                                    Nov 25, 2024 17:40:08.172646999 CET5225353192.168.2.41.1.1.1
                                    Nov 25, 2024 17:40:08.404128075 CET53522531.1.1.1192.168.2.4

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                    Nov 25, 2024 17:37:05.084919930 CET192.168.2.41.1.1.10xb665Standard query (0)2.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                    Nov 25, 2024 17:38:06.819610119 CET192.168.2.41.1.1.10xa9e0Standard query (0)2.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                    Nov 25, 2024 17:39:08.012379885 CET192.168.2.41.1.1.10x8a57Standard query (0)2.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                    Nov 25, 2024 17:40:08.172646999 CET192.168.2.41.1.1.10xf61bStandard query (0)2.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                    Nov 25, 2024 17:37:05.387588024 CET1.1.1.1192.168.2.40xb665No error (0)2.tcp.eu.ngrok.io3.126.37.18A (IP address)IN (0x0001)false
                                    Nov 25, 2024 17:38:07.042567015 CET1.1.1.1192.168.2.40xa9e0No error (0)2.tcp.eu.ngrok.io18.156.13.209A (IP address)IN (0x0001)false
                                    Nov 25, 2024 17:39:08.246834040 CET1.1.1.1192.168.2.40x8a57No error (0)2.tcp.eu.ngrok.io18.192.93.86A (IP address)IN (0x0001)false
                                    Nov 25, 2024 17:40:08.404128075 CET1.1.1.1192.168.2.40xf61bNo error (0)2.tcp.eu.ngrok.io18.197.239.5A (IP address)IN (0x0001)false

                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:11:36:58
                                    Start date:25/11/2024
                                    Path:C:\Users\user\Desktop\W9UAjNR4L6.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\W9UAjNR4L6.exe"
                                    Imagebase:0x530000
                                    File size:93'184 bytes
                                    MD5 hash:25A598F19FC93ED7ABD222C542270070
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.1660962736.0000000000532000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                    • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000000.1660962736.0000000000532000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                    • Rule: Njrat, Description: detect njRAT in memory, Source: 00000000.00000000.1660962736.0000000000532000.00000002.00000001.01000000.00000003.sdmp, Author: JPCERT/CC Incident Response Group
                                    • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000002.4124195324.0000000002B51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                    Reputation:low
                                    Has exited:false

                                    General

                                    Target ID:1
                                    Start time:11:37:00
                                    Start date:25/11/2024
                                    Path:C:\Windows\SysWOW64\netsh.exe
                                    Wow64 process (32bit):true
                                    Commandline:netsh firewall add allowedprogram "C:\Users\user\Desktop\W9UAjNR4L6.exe" "W9UAjNR4L6.exe" ENABLE
                                    Imagebase:0x1560000
                                    File size:82'432 bytes
                                    MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:2
                                    Start time:11:37:00
                                    Start date:25/11/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff7699e0000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:3
                                    Start time:11:37:01
                                    Start date:25/11/2024
                                    Path:C:\Windows\SysWOW64\netsh.exe
                                    Wow64 process (32bit):true
                                    Commandline:netsh firewall delete allowedprogram "C:\Users\user\Desktop\W9UAjNR4L6.exe"
                                    Imagebase:0x1560000
                                    File size:82'432 bytes
                                    MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:4
                                    Start time:11:37:01
                                    Start date:25/11/2024
                                    Path:C:\Windows\SysWOW64\netsh.exe
                                    Wow64 process (32bit):true
                                    Commandline:netsh firewall add allowedprogram "C:\Users\user\Desktop\W9UAjNR4L6.exe" "W9UAjNR4L6.exe" ENABLE
                                    Imagebase:0x1560000
                                    File size:82'432 bytes
                                    MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:5
                                    Start time:11:37:01
                                    Start date:25/11/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff7699e0000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:6
                                    Start time:11:37:01
                                    Start date:25/11/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff7699e0000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    Disassembly

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:20.7%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:2.9%
                                      Total number of Nodes:102
                                      Total number of Limit Nodes:6
                                      execution_graph 19185 54c104a 19187 54c107f shutdown 19185->19187 19188 54c10a8 19187->19188 19245 c0a186 19246 c0a1f3 19245->19246 19247 c0a1bb send 19245->19247 19246->19247 19248 c0a1c9 19247->19248 19249 54c188a 19251 54c18c5 LoadLibraryA 19249->19251 19252 54c1902 19251->19252 19253 54c2906 19255 54c293b GetProcessWorkingSetSize 19253->19255 19256 54c2967 19255->19256 19257 c0b40e 19258 c0b443 RegSetValueExW 19257->19258 19260 c0b48f 19258->19260 19189 54c15de 19190 54c1613 WSAConnect 19189->19190 19192 54c1632 19190->19192 19261 c0b212 19262 c0b24a RegOpenKeyExW 19261->19262 19264 c0b2a0 19262->19264 19265 c0aa12 19266 c0aa67 19265->19266 19267 c0aa3e SetErrorMode 19265->19267 19266->19267 19268 c0aa53 19267->19268 19193 54c245a 19195 54c2483 select 19193->19195 19196 54c24b8 19195->19196 19269 c0a59a 19270 c0a610 19269->19270 19271 c0a5d8 DuplicateHandle 19269->19271 19270->19271 19272 c0a5e6 19271->19272 19273 c0b31a 19274 c0b34f RegQueryValueExW 19273->19274 19276 c0b3a3 19274->19276 19197 54c0752 19199 54c078a WSASocketW 19197->19199 19200 54c07c6 19199->19200 19201 c0a65e 19202 c0a6c0 19201->19202 19203 c0a68a CloseHandle 19201->19203 19202->19203 19204 c0a698 19203->19204 19277 54c1312 19280 54c1347 GetProcessTimes 19277->19280 19279 54c1379 19280->19279 19205 c0b7e2 19207 c0b80b SetFileAttributesW 19205->19207 19208 c0b827 19207->19208 19281 54c21ae 19282 54c21e6 RegCreateKeyExW 19281->19282 19284 54c2258 19282->19284 19285 54c26ae 19287 54c26dd AdjustTokenPrivileges 19285->19287 19288 54c26ff 19287->19288 19209 54c29ea 19212 54c2a1f SetProcessWorkingSetSize 19209->19212 19211 54c2a4b 19212->19211 19289 54c282a 19290 54c285f GetExitCodeProcess 19289->19290 19292 54c2888 19290->19292 19293 c0aaa6 19294 c0aade CreateFileW 19293->19294 19296 c0ab2d 19294->19296 19213 c0b06a 19215 c0b0a2 CreateMutexW 19213->19215 19216 c0b0e5 19215->19216 19217 c0ac6a 19218 c0ac9f GetFileType 19217->19218 19220 c0accc 19218->19220 19297 54c0da6 19299 54c0dde MapViewOfFile 19297->19299 19300 54c0e2d 19299->19300 19301 c0aeae 19304 c0aee3 WriteFile 19301->19304 19303 c0af15 19304->19303 19305 c0a72e 19306 c0a77e OleGetClipboard 19305->19306 19307 c0a78c 19306->19307 19308 c0b92e 19309 c0b95a FindClose 19308->19309 19310 c0b98c 19308->19310 19311 c0b96f 19309->19311 19310->19309 19221 54c237e 19223 54c23b3 ioctlsocket 19221->19223 19224 54c23df 19223->19224 19225 c0b9f2 19227 c0ba1b CopyFileW 19225->19227 19228 c0ba42 19227->19228 19229 54c13fe 19231 54c1439 getaddrinfo 19229->19231 19232 54c14ab 19231->19232 19233 c0b4f6 19235 c0b531 SendMessageTimeoutA 19233->19235 19236 c0b579 19235->19236 19237 54c0bf6 19238 54c0c2e ConvertStringSecurityDescriptorToSecurityDescriptorW 19237->19238 19240 54c0c6f 19238->19240 19315 c0b73a 19316 c0b769 WaitForInputIdle 19315->19316 19317 c0b79f 19315->19317 19318 c0b777 19316->19318 19317->19316

                                      Executed Functions

                                      Function 04D04298 Relevance: 3.2, Strings: 1, Instructions: 1950COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 0 4d04298-4d042c9 2 4d04352-4d0435a 0->2 3 4d042cf-4d04350 0->3 4 4d04366-4d0437a 2->4 3->2 30 4d0435c 3->30 5 4d04380-4d043bc 4->5 6 4d0452f-4d0467d 4->6 18 4d043ed-4d044ef 5->18 19 4d043be-4d043e6 5->19 44 4d04683-4d047d2 6->44 45 4d0480d-4d04821 6->45 18->6 19->18 30->4 44->45 46 4d04827-4d04934 45->46 47 4d0496f-4d04983 45->47 46->47 48 4d04985-4d0498b call 4d04210 47->48 49 4d049d6-4d049ea 47->49 57 4d04990-4d0499b 48->57 54 4d04a32-4d04a46 49->54 55 4d049ec-4d049f7 49->55 59 4d04b94-4d04ba8 54->59 60 4d04a4c-4d04b59 54->60 55->54 57->49 62 4d04cd4-4d04ce8 59->62 63 4d04bae-4d04bc2 59->63 60->59 67 4d04f74-4d04f88 62->67 68 4d04cee-4d04f2d 62->68 70 4d04bd0-4d04be4 63->70 71 4d04bc4-4d04bcb 63->71 73 4d04fe2-4d04ff6 67->73 74 4d04f8a-4d04f91 67->74 68->67 75 4d04be6-4d04bed 70->75 76 4d04bef-4d04c03 70->76 78 4d04c48-4d04c5c 71->78 84 4d05045-4d05059 73->84 85 4d04ff8 73->85 106 4d04f9b 74->106 75->78 82 4d04c05-4d04c0c 76->82 83 4d04c0e-4d04c22 76->83 86 4d04c76-4d04c82 78->86 87 4d04c5e-4d04c74 78->87 82->78 90 4d04c24-4d04c2b 83->90 91 4d04c2d-4d04c41 83->91 92 4d050a2-4d050b6 84->92 93 4d0505b 84->93 555 4d04ff8 call 4d072d1 85->555 556 4d04ff8 call 4d0717b 85->556 95 4d04c8d 86->95 87->95 90->78 91->78 102 4d04c43-4d04c45 91->102 103 4d050b8-4d050e1 92->103 104 4d0512d-4d05141 92->104 93->92 95->62 101 4d04ffe 101->84 102->78 103->104 107 4d053b4-4d053c8 104->107 108 4d05147-4d05363 104->108 106->73 109 4d0549e-4d054b2 107->109 110 4d053ce-4d05457 107->110 494 4d05365 108->494 495 4d05367 108->495 116 4d054b8-4d05628 109->116 117 4d0566f-4d05683 109->117 110->109 116->117 126 4d057e6-4d057fa 117->126 127 4d05689-4d0579f 117->127 130 4d05800-4d05916 126->130 131 4d0595d-4d05971 126->131 127->126 130->131 138 4d05ad4-4d05ae8 131->138 139 4d05977-4d05a8d 131->139 144 4d05c4b-4d05c5f 138->144 145 4d05aee-4d05c04 138->145 139->138 151 4d05dc2-4d05dd6 144->151 152 4d05c65-4d05d7b 144->152 145->144 158 4d05f39-4d05f4d 151->158 159 4d05ddc-4d05ef2 151->159 152->151 164 4d060b0-4d060c4 158->164 165 4d05f53-4d06069 158->165 159->158 173 4d06227-4d0623b 164->173 174 4d060ca-4d061e0 164->174 165->164 182 4d06241-4d06357 173->182 183 4d0639e-4d063b2 173->183 174->173 182->183 197 4d06536-4d0654a 183->197 198 4d063b8-4d063fd call 4d04278 183->198 204 4d06550-4d0656f 197->204 205 4d0668d-4d066a1 197->205 322 4d064bd-4d064df 198->322 238 4d06614-4d06636 204->238 217 4d066a7-4d067a7 205->217 218 4d067ee-4d06802 205->218 217->218 224 4d06808-4d06908 218->224 225 4d0694f-4d06963 218->225 224->225 242 4d06ab0-4d06ada 225->242 243 4d06969-4d06a69 225->243 249 4d06574-4d06583 238->249 250 4d0663c 238->250 266 4d06ae0-4d06b53 242->266 267 4d06b9a-4d06bae 242->267 243->242 263 4d06589-4d065bc 249->263 264 4d0663e 249->264 250->205 355 4d06603-4d0660c 263->355 356 4d065be-4d065f8 263->356 282 4d06643-4d0668b 264->282 266->267 278 4d06bb4-4d06c44 267->278 279 4d06c8b-4d06c9f 267->279 278->279 288 4d06de5-4d06df9 279->288 289 4d06ca5-4d06d97 279->289 282->205 299 4d0705c-4d07070 288->299 300 4d06dff-4d06e4f 288->300 527 4d06d9e 289->527 311 4d07076-4d07111 call 4d04278 * 2 299->311 312 4d07158-4d0715f 299->312 412 4d06e51-4d06e77 300->412 413 4d06ebd-4d06ee8 300->413 311->312 335 4d06402-4d06411 322->335 336 4d064e5 322->336 353 4d064e7 335->353 354 4d06417-4d064b5 335->354 336->197 377 4d064ec-4d06534 353->377 354->377 493 4d064b7 354->493 355->282 359 4d0660e 355->359 356->355 359->238 377->197 488 4d06eb8 412->488 489 4d06e79-4d06e99 412->489 486 4d06fc6-4d07057 413->486 487 4d06eee-4d06fc1 413->487 486->299 487->299 488->299 489->488 493->322 497 4d0536d 494->497 495->497 497->107 527->288 555->101 556->101
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: @
                                      • API String ID: 0-2766056989
                                      • Opcode ID: dd3257cfcc1e1bc52373d1fa937051cb7450e1c6148bcf5e973956dc1a92c08f
                                      • Instruction ID: 5d8e41b62196f9702959ad64829710cef117aa4ac7d4e9bd6aa4448d075ce88c
                                      • Opcode Fuzzy Hash: dd3257cfcc1e1bc52373d1fa937051cb7450e1c6148bcf5e973956dc1a92c08f
                                      • Instruction Fuzzy Hash: EC231A74A01228CFDB25EF34D954BADB7B1BB49308F1081E9D909A77A4DB35AE81CF50
                                      Function 04D044F1 Relevance: 2.9, Strings: 1, Instructions: 1624COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 557 4d044f1-4d0467d 578 4d04683-4d047d2 557->578 579 4d0480d-4d04821 557->579 578->579 580 4d04827-4d04934 579->580 581 4d0496f-4d04983 579->581 580->581 582 4d04985-4d0498b call 4d04210 581->582 583 4d049d6-4d049ea 581->583 590 4d04990-4d0499b 582->590 587 4d04a32-4d04a46 583->587 588 4d049ec-4d049f7 583->588 591 4d04b94-4d04ba8 587->591 592 4d04a4c-4d04b59 587->592 588->587 590->583 594 4d04cd4-4d04ce8 591->594 595 4d04bae-4d04bc2 591->595 592->591 599 4d04f74-4d04f88 594->599 600 4d04cee-4d04f2d 594->600 602 4d04bd0-4d04be4 595->602 603 4d04bc4-4d04bcb 595->603 604 4d04fe2-4d04ff6 599->604 605 4d04f8a-4d04f91 599->605 600->599 606 4d04be6-4d04bed 602->606 607 4d04bef-4d04c03 602->607 609 4d04c48-4d04c5c 603->609 615 4d05045-4d05059 604->615 616 4d04ff8 604->616 635 4d04f9b 605->635 606->609 613 4d04c05-4d04c0c 607->613 614 4d04c0e-4d04c22 607->614 617 4d04c76-4d04c82 609->617 618 4d04c5e-4d04c74 609->618 613->609 620 4d04c24-4d04c2b 614->620 621 4d04c2d-4d04c41 614->621 622 4d050a2-4d050b6 615->622 623 4d0505b 615->623 1081 4d04ff8 call 4d072d1 616->1081 1082 4d04ff8 call 4d0717b 616->1082 625 4d04c8d 617->625 618->625 620->609 621->609 631 4d04c43-4d04c45 621->631 632 4d050b8-4d050e1 622->632 633 4d0512d-4d05141 622->633 623->622 625->594 630 4d04ffe 630->615 631->609 632->633 636 4d053b4-4d053c8 633->636 637 4d05147-4d05363 633->637 635->604 638 4d0549e-4d054b2 636->638 639 4d053ce-4d05457 636->639 1020 4d05365 637->1020 1021 4d05367 637->1021 644 4d054b8-4d05628 638->644 645 4d0566f-4d05683 638->645 639->638 644->645 653 4d057e6-4d057fa 645->653 654 4d05689-4d0579f 645->654 657 4d05800-4d05916 653->657 658 4d0595d-4d05971 653->658 654->653 657->658 664 4d05ad4-4d05ae8 658->664 665 4d05977-4d05a8d 658->665 668 4d05c4b-4d05c5f 664->668 669 4d05aee-4d05c04 664->669 665->664 677 4d05dc2-4d05dd6 668->677 678 4d05c65-4d05d7b 668->678 669->668 684 4d05f39-4d05f4d 677->684 685 4d05ddc-4d05ef2 677->685 678->677 690 4d060b0-4d060c4 684->690 691 4d05f53-4d06069 684->691 685->684 699 4d06227-4d0623b 690->699 700 4d060ca-4d061e0 690->700 691->690 708 4d06241-4d06357 699->708 709 4d0639e-4d063b2 699->709 700->699 708->709 723 4d06536-4d0654a 709->723 724 4d063b8-4d063fd call 4d04278 709->724 730 4d06550-4d0656f 723->730 731 4d0668d-4d066a1 723->731 848 4d064bd-4d064df 724->848 764 4d06614-4d06636 730->764 743 4d066a7-4d067a7 731->743 744 4d067ee-4d06802 731->744 743->744 750 4d06808-4d06908 744->750 751 4d0694f-4d06963 744->751 750->751 768 4d06ab0-4d06ada 751->768 769 4d06969-4d06a69 751->769 775 4d06574-4d06583 764->775 776 4d0663c 764->776 792 4d06ae0-4d06b53 768->792 793 4d06b9a-4d06bae 768->793 769->768 789 4d06589-4d065bc 775->789 790 4d0663e 775->790 776->731 881 4d06603-4d0660c 789->881 882 4d065be-4d065f8 789->882 808 4d06643-4d0668b 790->808 792->793 804 4d06bb4-4d06c44 793->804 805 4d06c8b-4d06c9f 793->805 804->805 814 4d06de5-4d06df9 805->814 815 4d06ca5-4d06d97 805->815 808->731 825 4d0705c-4d07070 814->825 826 4d06dff-4d06e4f 814->826 1053 4d06d9e 815->1053 837 4d07076-4d07111 call 4d04278 * 2 825->837 838 4d07158-4d0715f 825->838 938 4d06e51-4d06e77 826->938 939 4d06ebd-4d06ee8 826->939 837->838 861 4d06402-4d06411 848->861 862 4d064e5 848->862 879 4d064e7 861->879 880 4d06417-4d064b5 861->880 862->723 903 4d064ec-4d06534 879->903 880->903 1019 4d064b7 880->1019 881->808 885 4d0660e 881->885 882->881 885->764 903->723 1014 4d06eb8 938->1014 1015 4d06e79-4d06e99 938->1015 1012 4d06fc6-4d07057 939->1012 1013 4d06eee-4d06fc1 939->1013 1012->825 1013->825 1014->825 1015->1014 1019->848 1023 4d0536d 1020->1023 1021->1023 1023->636 1053->814 1081->630 1082->630
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID: 0-3916222277
                                      • Opcode ID: 68366f2d0d972d0ef7ab773422aaf08aac5794eb085c30622d650bd160e06859
                                      • Instruction ID: 5db2065338258e0f76956a06351f947d754898c2ed31c7d9e07edb24aa3f842c
                                      • Opcode Fuzzy Hash: 68366f2d0d972d0ef7ab773422aaf08aac5794eb085c30622d650bd160e06859
                                      • Instruction Fuzzy Hash: A1032974A01228CFDB25EF34D994BADB7B1BB49308F1081E9D909A77A4DB359E81CF50
                                      Function 04D04544 Relevance: 2.9, Strings: 1, Instructions: 1618COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1083 4d04544-4d0467d 1101 4d04683-4d047d2 1083->1101 1102 4d0480d-4d04821 1083->1102 1101->1102 1103 4d04827-4d04934 1102->1103 1104 4d0496f-4d04983 1102->1104 1103->1104 1105 4d04985-4d0498b call 4d04210 1104->1105 1106 4d049d6-4d049ea 1104->1106 1113 4d04990-4d0499b 1105->1113 1110 4d04a32-4d04a46 1106->1110 1111 4d049ec-4d049f7 1106->1111 1114 4d04b94-4d04ba8 1110->1114 1115 4d04a4c-4d04b59 1110->1115 1111->1110 1113->1106 1117 4d04cd4-4d04ce8 1114->1117 1118 4d04bae-4d04bc2 1114->1118 1115->1114 1122 4d04f74-4d04f88 1117->1122 1123 4d04cee-4d04f2d 1117->1123 1125 4d04bd0-4d04be4 1118->1125 1126 4d04bc4-4d04bcb 1118->1126 1127 4d04fe2-4d04ff6 1122->1127 1128 4d04f8a-4d04f91 1122->1128 1123->1122 1129 4d04be6-4d04bed 1125->1129 1130 4d04bef-4d04c03 1125->1130 1132 4d04c48-4d04c5c 1126->1132 1138 4d05045-4d05059 1127->1138 1139 4d04ff8 1127->1139 1158 4d04f9b 1128->1158 1129->1132 1136 4d04c05-4d04c0c 1130->1136 1137 4d04c0e-4d04c22 1130->1137 1140 4d04c76-4d04c82 1132->1140 1141 4d04c5e-4d04c74 1132->1141 1136->1132 1143 4d04c24-4d04c2b 1137->1143 1144 4d04c2d-4d04c41 1137->1144 1145 4d050a2-4d050b6 1138->1145 1146 4d0505b 1138->1146 1604 4d04ff8 call 4d072d1 1139->1604 1605 4d04ff8 call 4d0717b 1139->1605 1148 4d04c8d 1140->1148 1141->1148 1143->1132 1144->1132 1154 4d04c43-4d04c45 1144->1154 1155 4d050b8-4d050e1 1145->1155 1156 4d0512d-4d05141 1145->1156 1146->1145 1148->1117 1153 4d04ffe 1153->1138 1154->1132 1155->1156 1159 4d053b4-4d053c8 1156->1159 1160 4d05147-4d05363 1156->1160 1158->1127 1161 4d0549e-4d054b2 1159->1161 1162 4d053ce-4d05457 1159->1162 1543 4d05365 1160->1543 1544 4d05367 1160->1544 1167 4d054b8-4d05628 1161->1167 1168 4d0566f-4d05683 1161->1168 1162->1161 1167->1168 1176 4d057e6-4d057fa 1168->1176 1177 4d05689-4d0579f 1168->1177 1180 4d05800-4d05916 1176->1180 1181 4d0595d-4d05971 1176->1181 1177->1176 1180->1181 1187 4d05ad4-4d05ae8 1181->1187 1188 4d05977-4d05a8d 1181->1188 1191 4d05c4b-4d05c5f 1187->1191 1192 4d05aee-4d05c04 1187->1192 1188->1187 1200 4d05dc2-4d05dd6 1191->1200 1201 4d05c65-4d05d7b 1191->1201 1192->1191 1207 4d05f39-4d05f4d 1200->1207 1208 4d05ddc-4d05ef2 1200->1208 1201->1200 1213 4d060b0-4d060c4 1207->1213 1214 4d05f53-4d06069 1207->1214 1208->1207 1222 4d06227-4d0623b 1213->1222 1223 4d060ca-4d061e0 1213->1223 1214->1213 1231 4d06241-4d06357 1222->1231 1232 4d0639e-4d063b2 1222->1232 1223->1222 1231->1232 1246 4d06536-4d0654a 1232->1246 1247 4d063b8-4d063fd call 4d04278 1232->1247 1253 4d06550-4d0656f 1246->1253 1254 4d0668d-4d066a1 1246->1254 1371 4d064bd-4d064df 1247->1371 1287 4d06614-4d06636 1253->1287 1266 4d066a7-4d067a7 1254->1266 1267 4d067ee-4d06802 1254->1267 1266->1267 1273 4d06808-4d06908 1267->1273 1274 4d0694f-4d06963 1267->1274 1273->1274 1291 4d06ab0-4d06ada 1274->1291 1292 4d06969-4d06a69 1274->1292 1298 4d06574-4d06583 1287->1298 1299 4d0663c 1287->1299 1315 4d06ae0-4d06b53 1291->1315 1316 4d06b9a-4d06bae 1291->1316 1292->1291 1312 4d06589-4d065bc 1298->1312 1313 4d0663e 1298->1313 1299->1254 1404 4d06603-4d0660c 1312->1404 1405 4d065be-4d065f8 1312->1405 1331 4d06643-4d0668b 1313->1331 1315->1316 1327 4d06bb4-4d06c44 1316->1327 1328 4d06c8b-4d06c9f 1316->1328 1327->1328 1337 4d06de5-4d06df9 1328->1337 1338 4d06ca5-4d06d97 1328->1338 1331->1254 1348 4d0705c-4d07070 1337->1348 1349 4d06dff-4d06e4f 1337->1349 1576 4d06d9e 1338->1576 1360 4d07076-4d07111 call 4d04278 * 2 1348->1360 1361 4d07158-4d0715f 1348->1361 1461 4d06e51-4d06e77 1349->1461 1462 4d06ebd-4d06ee8 1349->1462 1360->1361 1384 4d06402-4d06411 1371->1384 1385 4d064e5 1371->1385 1402 4d064e7 1384->1402 1403 4d06417-4d064b5 1384->1403 1385->1246 1426 4d064ec-4d06534 1402->1426 1403->1426 1542 4d064b7 1403->1542 1404->1331 1408 4d0660e 1404->1408 1405->1404 1408->1287 1426->1246 1537 4d06eb8 1461->1537 1538 4d06e79-4d06e99 1461->1538 1535 4d06fc6-4d07057 1462->1535 1536 4d06eee-4d06fc1 1462->1536 1535->1348 1536->1348 1537->1348 1538->1537 1542->1371 1546 4d0536d 1543->1546 1544->1546 1546->1159 1576->1337 1604->1153 1605->1153
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID: 0-3916222277
                                      • Opcode ID: f0e135c301fc9f06b58ef0bd1ef26ef81bd96d1a18f1598a99788652acb51991
                                      • Instruction ID: 1678aed830e35913065519b5cb31b0f3aedef4d1671c83605d61e3fce7d26cf0
                                      • Opcode Fuzzy Hash: f0e135c301fc9f06b58ef0bd1ef26ef81bd96d1a18f1598a99788652acb51991
                                      • Instruction Fuzzy Hash: 7C032974A01228CFDB25EF34D994BADB7B1BB49308F1081E9D909A77A4DB359E81CF50
                                      Function 04D04630 Relevance: 2.8, Strings: 1, Instructions: 1579COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1606 4d04630-4d0467d 1613 4d04683-4d047d2 1606->1613 1614 4d0480d-4d04821 1606->1614 1613->1614 1615 4d04827-4d04934 1614->1615 1616 4d0496f-4d04983 1614->1616 1615->1616 1617 4d04985-4d0498b call 4d04210 1616->1617 1618 4d049d6-4d049ea 1616->1618 1625 4d04990-4d0499b 1617->1625 1622 4d04a32-4d04a46 1618->1622 1623 4d049ec-4d049f7 1618->1623 1626 4d04b94-4d04ba8 1622->1626 1627 4d04a4c-4d04b59 1622->1627 1623->1622 1625->1618 1629 4d04cd4-4d04ce8 1626->1629 1630 4d04bae-4d04bc2 1626->1630 1627->1626 1634 4d04f74-4d04f88 1629->1634 1635 4d04cee-4d04f2d 1629->1635 1637 4d04bd0-4d04be4 1630->1637 1638 4d04bc4-4d04bcb 1630->1638 1639 4d04fe2-4d04ff6 1634->1639 1640 4d04f8a-4d04f91 1634->1640 1635->1634 1641 4d04be6-4d04bed 1637->1641 1642 4d04bef-4d04c03 1637->1642 1644 4d04c48-4d04c5c 1638->1644 1650 4d05045-4d05059 1639->1650 1651 4d04ff8 1639->1651 1670 4d04f9b 1640->1670 1641->1644 1648 4d04c05-4d04c0c 1642->1648 1649 4d04c0e-4d04c22 1642->1649 1652 4d04c76-4d04c82 1644->1652 1653 4d04c5e-4d04c74 1644->1653 1648->1644 1655 4d04c24-4d04c2b 1649->1655 1656 4d04c2d-4d04c41 1649->1656 1657 4d050a2-4d050b6 1650->1657 1658 4d0505b 1650->1658 2116 4d04ff8 call 4d072d1 1651->2116 2117 4d04ff8 call 4d0717b 1651->2117 1660 4d04c8d 1652->1660 1653->1660 1655->1644 1656->1644 1666 4d04c43-4d04c45 1656->1666 1667 4d050b8-4d050e1 1657->1667 1668 4d0512d-4d05141 1657->1668 1658->1657 1660->1629 1665 4d04ffe 1665->1650 1666->1644 1667->1668 1671 4d053b4-4d053c8 1668->1671 1672 4d05147-4d05363 1668->1672 1670->1639 1673 4d0549e-4d054b2 1671->1673 1674 4d053ce-4d05457 1671->1674 2055 4d05365 1672->2055 2056 4d05367 1672->2056 1679 4d054b8-4d05628 1673->1679 1680 4d0566f-4d05683 1673->1680 1674->1673 1679->1680 1688 4d057e6-4d057fa 1680->1688 1689 4d05689-4d0579f 1680->1689 1692 4d05800-4d05916 1688->1692 1693 4d0595d-4d05971 1688->1693 1689->1688 1692->1693 1699 4d05ad4-4d05ae8 1693->1699 1700 4d05977-4d05a8d 1693->1700 1703 4d05c4b-4d05c5f 1699->1703 1704 4d05aee-4d05c04 1699->1704 1700->1699 1712 4d05dc2-4d05dd6 1703->1712 1713 4d05c65-4d05d7b 1703->1713 1704->1703 1719 4d05f39-4d05f4d 1712->1719 1720 4d05ddc-4d05ef2 1712->1720 1713->1712 1725 4d060b0-4d060c4 1719->1725 1726 4d05f53-4d06069 1719->1726 1720->1719 1734 4d06227-4d0623b 1725->1734 1735 4d060ca-4d061e0 1725->1735 1726->1725 1743 4d06241-4d06357 1734->1743 1744 4d0639e-4d063b2 1734->1744 1735->1734 1743->1744 1758 4d06536-4d0654a 1744->1758 1759 4d063b8-4d063fd call 4d04278 1744->1759 1765 4d06550-4d0656f 1758->1765 1766 4d0668d-4d066a1 1758->1766 1883 4d064bd-4d064df 1759->1883 1799 4d06614-4d06636 1765->1799 1778 4d066a7-4d067a7 1766->1778 1779 4d067ee-4d06802 1766->1779 1778->1779 1785 4d06808-4d06908 1779->1785 1786 4d0694f-4d06963 1779->1786 1785->1786 1803 4d06ab0-4d06ada 1786->1803 1804 4d06969-4d06a69 1786->1804 1810 4d06574-4d06583 1799->1810 1811 4d0663c 1799->1811 1827 4d06ae0-4d06b53 1803->1827 1828 4d06b9a-4d06bae 1803->1828 1804->1803 1824 4d06589-4d065bc 1810->1824 1825 4d0663e 1810->1825 1811->1766 1916 4d06603-4d0660c 1824->1916 1917 4d065be-4d065f8 1824->1917 1843 4d06643-4d0668b 1825->1843 1827->1828 1839 4d06bb4-4d06c44 1828->1839 1840 4d06c8b-4d06c9f 1828->1840 1839->1840 1849 4d06de5-4d06df9 1840->1849 1850 4d06ca5-4d06d97 1840->1850 1843->1766 1860 4d0705c-4d07070 1849->1860 1861 4d06dff-4d06e4f 1849->1861 2088 4d06d9e 1850->2088 1872 4d07076-4d07111 call 4d04278 * 2 1860->1872 1873 4d07158-4d0715f 1860->1873 1973 4d06e51-4d06e77 1861->1973 1974 4d06ebd-4d06ee8 1861->1974 1872->1873 1896 4d06402-4d06411 1883->1896 1897 4d064e5 1883->1897 1914 4d064e7 1896->1914 1915 4d06417-4d064b5 1896->1915 1897->1758 1938 4d064ec-4d06534 1914->1938 1915->1938 2054 4d064b7 1915->2054 1916->1843 1920 4d0660e 1916->1920 1917->1916 1920->1799 1938->1758 2049 4d06eb8 1973->2049 2050 4d06e79-4d06e99 1973->2050 2047 4d06fc6-4d07057 1974->2047 2048 4d06eee-4d06fc1 1974->2048 2047->1860 2048->1860 2049->1860 2050->2049 2054->1883 2058 4d0536d 2055->2058 2056->2058 2058->1671 2088->1849 2116->1665 2117->1665
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID: 0-3916222277
                                      • Opcode ID: 401b9b994f84719d885f03417205c46d560438f4ed803afb982366f40a453f18
                                      • Instruction ID: 6ba32a14022d627194cb6456b6b21e72546834693116230d1051e157356227c6
                                      • Opcode Fuzzy Hash: 401b9b994f84719d885f03417205c46d560438f4ed803afb982366f40a453f18
                                      • Instruction Fuzzy Hash: AD033974A01228CFDB25EF34D994BADB7B1BB49308F1081E9D909A77A4DB359E81CF50
                                      Function 04D0470F Relevance: 2.8, Strings: 1, Instructions: 1544COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 2118 4d0470f-4d04821 2132 4d04827-4d04934 2118->2132 2133 4d0496f-4d04983 2118->2133 2132->2133 2134 4d04985-4d0498b call 4d04210 2133->2134 2135 4d049d6-4d049ea 2133->2135 2140 4d04990-4d0499b 2134->2140 2138 4d04a32-4d04a46 2135->2138 2139 4d049ec-4d049f7 2135->2139 2141 4d04b94-4d04ba8 2138->2141 2142 4d04a4c-4d04b59 2138->2142 2139->2138 2140->2135 2144 4d04cd4-4d04ce8 2141->2144 2145 4d04bae-4d04bc2 2141->2145 2142->2141 2148 4d04f74-4d04f88 2144->2148 2149 4d04cee-4d04f2d 2144->2149 2151 4d04bd0-4d04be4 2145->2151 2152 4d04bc4-4d04bcb 2145->2152 2153 4d04fe2-4d04ff6 2148->2153 2154 4d04f8a-4d04f91 2148->2154 2149->2148 2155 4d04be6-4d04bed 2151->2155 2156 4d04bef-4d04c03 2151->2156 2158 4d04c48-4d04c5c 2152->2158 2163 4d05045-4d05059 2153->2163 2164 4d04ff8 2153->2164 2184 4d04f9b 2154->2184 2155->2158 2161 4d04c05-4d04c0c 2156->2161 2162 4d04c0e-4d04c22 2156->2162 2165 4d04c76-4d04c82 2158->2165 2166 4d04c5e-4d04c74 2158->2166 2161->2158 2168 4d04c24-4d04c2b 2162->2168 2169 4d04c2d-4d04c41 2162->2169 2170 4d050a2-4d050b6 2163->2170 2171 4d0505b 2163->2171 2620 4d04ff8 call 4d072d1 2164->2620 2621 4d04ff8 call 4d0717b 2164->2621 2173 4d04c8d 2165->2173 2166->2173 2168->2158 2169->2158 2180 4d04c43-4d04c45 2169->2180 2174 4d050b8-4d050e1 2170->2174 2175 4d0512d-4d05141 2170->2175 2171->2170 2173->2144 2174->2175 2182 4d053b4-4d053c8 2175->2182 2183 4d05147-4d05363 2175->2183 2179 4d04ffe 2179->2163 2180->2158 2185 4d0549e-4d054b2 2182->2185 2186 4d053ce-4d05457 2182->2186 2559 4d05365 2183->2559 2560 4d05367 2183->2560 2184->2153 2190 4d054b8-4d05628 2185->2190 2191 4d0566f-4d05683 2185->2191 2186->2185 2190->2191 2197 4d057e6-4d057fa 2191->2197 2198 4d05689-4d0579f 2191->2198 2202 4d05800-4d05916 2197->2202 2203 4d0595d-4d05971 2197->2203 2198->2197 2202->2203 2205 4d05ad4-4d05ae8 2203->2205 2206 4d05977-4d05a8d 2203->2206 2212 4d05c4b-4d05c5f 2205->2212 2213 4d05aee-4d05c04 2205->2213 2206->2205 2221 4d05dc2-4d05dd6 2212->2221 2222 4d05c65-4d05d7b 2212->2222 2213->2212 2230 4d05f39-4d05f4d 2221->2230 2231 4d05ddc-4d05ef2 2221->2231 2222->2221 2232 4d060b0-4d060c4 2230->2232 2233 4d05f53-4d06069 2230->2233 2231->2230 2241 4d06227-4d0623b 2232->2241 2242 4d060ca-4d061e0 2232->2242 2233->2232 2249 4d06241-4d06357 2241->2249 2250 4d0639e-4d063b2 2241->2250 2242->2241 2249->2250 2263 4d06536-4d0654a 2250->2263 2264 4d063b8-4d063fd call 4d04278 2250->2264 2270 4d06550-4d0656f 2263->2270 2271 4d0668d-4d066a1 2263->2271 2387 4d064bd-4d064df 2264->2387 2303 4d06614-4d06636 2270->2303 2283 4d066a7-4d067a7 2271->2283 2284 4d067ee-4d06802 2271->2284 2283->2284 2289 4d06808-4d06908 2284->2289 2290 4d0694f-4d06963 2284->2290 2289->2290 2307 4d06ab0-4d06ada 2290->2307 2308 4d06969-4d06a69 2290->2308 2314 4d06574-4d06583 2303->2314 2315 4d0663c 2303->2315 2331 4d06ae0-4d06b53 2307->2331 2332 4d06b9a-4d06bae 2307->2332 2308->2307 2328 4d06589-4d065bc 2314->2328 2329 4d0663e 2314->2329 2315->2271 2420 4d06603-4d0660c 2328->2420 2421 4d065be-4d065f8 2328->2421 2347 4d06643-4d0668b 2329->2347 2331->2332 2343 4d06bb4-4d06c44 2332->2343 2344 4d06c8b-4d06c9f 2332->2344 2343->2344 2353 4d06de5-4d06df9 2344->2353 2354 4d06ca5-4d06d97 2344->2354 2347->2271 2364 4d0705c-4d07070 2353->2364 2365 4d06dff-4d06e4f 2353->2365 2592 4d06d9e 2354->2592 2376 4d07076-4d07111 call 4d04278 * 2 2364->2376 2377 4d07158-4d0715f 2364->2377 2477 4d06e51-4d06e77 2365->2477 2478 4d06ebd-4d06ee8 2365->2478 2376->2377 2400 4d06402-4d06411 2387->2400 2401 4d064e5 2387->2401 2418 4d064e7 2400->2418 2419 4d06417-4d064b5 2400->2419 2401->2263 2442 4d064ec-4d06534 2418->2442 2419->2442 2558 4d064b7 2419->2558 2420->2347 2424 4d0660e 2420->2424 2421->2420 2424->2303 2442->2263 2553 4d06eb8 2477->2553 2554 4d06e79-4d06e99 2477->2554 2551 4d06fc6-4d07057 2478->2551 2552 4d06eee-4d06fc1 2478->2552 2551->2364 2552->2364 2553->2364 2554->2553 2558->2387 2562 4d0536d 2559->2562 2560->2562 2562->2182 2592->2353 2620->2179 2621->2179
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID: 0-3916222277
                                      • Opcode ID: 323f11d75fff692ede2acc21f8611fd59295775a7c7873c10ae5baf0bf79fb29
                                      • Instruction ID: d38faff62525ec2b4706365053eed5c1f30eae5eb9e15cf8aac5976482c8e0e0
                                      • Opcode Fuzzy Hash: 323f11d75fff692ede2acc21f8611fd59295775a7c7873c10ae5baf0bf79fb29
                                      • Instruction Fuzzy Hash: D8F23A74A01228CFDB25EF34D994BADB7B1BB49308F1081E9D909A77A4DB359E81CF50
                                      Function 04D047D4 Relevance: 2.8, Strings: 1, Instructions: 1513COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 2622 4d047d4-4d04821 2629 4d04827-4d04934 2622->2629 2630 4d0496f-4d04983 2622->2630 2629->2630 2631 4d04985-4d0498b call 4d04210 2630->2631 2632 4d049d6-4d049ea 2630->2632 2637 4d04990-4d0499b 2631->2637 2635 4d04a32-4d04a46 2632->2635 2636 4d049ec-4d049f7 2632->2636 2638 4d04b94-4d04ba8 2635->2638 2639 4d04a4c-4d04b59 2635->2639 2636->2635 2637->2632 2641 4d04cd4-4d04ce8 2638->2641 2642 4d04bae-4d04bc2 2638->2642 2639->2638 2645 4d04f74-4d04f88 2641->2645 2646 4d04cee-4d04f2d 2641->2646 2648 4d04bd0-4d04be4 2642->2648 2649 4d04bc4-4d04bcb 2642->2649 2650 4d04fe2-4d04ff6 2645->2650 2651 4d04f8a-4d04f91 2645->2651 2646->2645 2652 4d04be6-4d04bed 2648->2652 2653 4d04bef-4d04c03 2648->2653 2655 4d04c48-4d04c5c 2649->2655 2660 4d05045-4d05059 2650->2660 2661 4d04ff8 2650->2661 2681 4d04f9b 2651->2681 2652->2655 2658 4d04c05-4d04c0c 2653->2658 2659 4d04c0e-4d04c22 2653->2659 2662 4d04c76-4d04c82 2655->2662 2663 4d04c5e-4d04c74 2655->2663 2658->2655 2665 4d04c24-4d04c2b 2659->2665 2666 4d04c2d-4d04c41 2659->2666 2667 4d050a2-4d050b6 2660->2667 2668 4d0505b 2660->2668 3117 4d04ff8 call 4d072d1 2661->3117 3118 4d04ff8 call 4d0717b 2661->3118 2670 4d04c8d 2662->2670 2663->2670 2665->2655 2666->2655 2677 4d04c43-4d04c45 2666->2677 2671 4d050b8-4d050e1 2667->2671 2672 4d0512d-4d05141 2667->2672 2668->2667 2670->2641 2671->2672 2679 4d053b4-4d053c8 2672->2679 2680 4d05147-4d05363 2672->2680 2676 4d04ffe 2676->2660 2677->2655 2682 4d0549e-4d054b2 2679->2682 2683 4d053ce-4d05457 2679->2683 3056 4d05365 2680->3056 3057 4d05367 2680->3057 2681->2650 2687 4d054b8-4d05628 2682->2687 2688 4d0566f-4d05683 2682->2688 2683->2682 2687->2688 2694 4d057e6-4d057fa 2688->2694 2695 4d05689-4d0579f 2688->2695 2699 4d05800-4d05916 2694->2699 2700 4d0595d-4d05971 2694->2700 2695->2694 2699->2700 2702 4d05ad4-4d05ae8 2700->2702 2703 4d05977-4d05a8d 2700->2703 2709 4d05c4b-4d05c5f 2702->2709 2710 4d05aee-4d05c04 2702->2710 2703->2702 2718 4d05dc2-4d05dd6 2709->2718 2719 4d05c65-4d05d7b 2709->2719 2710->2709 2727 4d05f39-4d05f4d 2718->2727 2728 4d05ddc-4d05ef2 2718->2728 2719->2718 2729 4d060b0-4d060c4 2727->2729 2730 4d05f53-4d06069 2727->2730 2728->2727 2738 4d06227-4d0623b 2729->2738 2739 4d060ca-4d061e0 2729->2739 2730->2729 2746 4d06241-4d06357 2738->2746 2747 4d0639e-4d063b2 2738->2747 2739->2738 2746->2747 2760 4d06536-4d0654a 2747->2760 2761 4d063b8-4d063fd call 4d04278 2747->2761 2767 4d06550-4d0656f 2760->2767 2768 4d0668d-4d066a1 2760->2768 2884 4d064bd-4d064df 2761->2884 2800 4d06614-4d06636 2767->2800 2780 4d066a7-4d067a7 2768->2780 2781 4d067ee-4d06802 2768->2781 2780->2781 2786 4d06808-4d06908 2781->2786 2787 4d0694f-4d06963 2781->2787 2786->2787 2804 4d06ab0-4d06ada 2787->2804 2805 4d06969-4d06a69 2787->2805 2811 4d06574-4d06583 2800->2811 2812 4d0663c 2800->2812 2828 4d06ae0-4d06b53 2804->2828 2829 4d06b9a-4d06bae 2804->2829 2805->2804 2825 4d06589-4d065bc 2811->2825 2826 4d0663e 2811->2826 2812->2768 2917 4d06603-4d0660c 2825->2917 2918 4d065be-4d065f8 2825->2918 2844 4d06643-4d0668b 2826->2844 2828->2829 2840 4d06bb4-4d06c44 2829->2840 2841 4d06c8b-4d06c9f 2829->2841 2840->2841 2850 4d06de5-4d06df9 2841->2850 2851 4d06ca5-4d06d97 2841->2851 2844->2768 2861 4d0705c-4d07070 2850->2861 2862 4d06dff-4d06e4f 2850->2862 3089 4d06d9e 2851->3089 2873 4d07076-4d07111 call 4d04278 * 2 2861->2873 2874 4d07158-4d0715f 2861->2874 2974 4d06e51-4d06e77 2862->2974 2975 4d06ebd-4d06ee8 2862->2975 2873->2874 2897 4d06402-4d06411 2884->2897 2898 4d064e5 2884->2898 2915 4d064e7 2897->2915 2916 4d06417-4d064b5 2897->2916 2898->2760 2939 4d064ec-4d06534 2915->2939 2916->2939 3055 4d064b7 2916->3055 2917->2844 2921 4d0660e 2917->2921 2918->2917 2921->2800 2939->2760 3050 4d06eb8 2974->3050 3051 4d06e79-4d06e99 2974->3051 3048 4d06fc6-4d07057 2975->3048 3049 4d06eee-4d06fc1 2975->3049 3048->2861 3049->2861 3050->2861 3051->3050 3055->2884 3059 4d0536d 3056->3059 3057->3059 3059->2679 3089->2850 3117->2676 3118->2676
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID: 0-3916222277
                                      • Opcode ID: 49da996b5de218fb8db5ccc518bb1dcd68b71fc3ffce5f7c523d1b72f59fe741
                                      • Instruction ID: dda5374e6790ee3e8d2ca485e3c98db299b2badee84ff6462ed0619c03a9eec9
                                      • Opcode Fuzzy Hash: 49da996b5de218fb8db5ccc518bb1dcd68b71fc3ffce5f7c523d1b72f59fe741
                                      • Instruction Fuzzy Hash: 9CF23A74A01228CFDB25EF34D954BADB7B1BB49308F1081E9D909A77A4DB359E81CF50
                                      Function 04D04936 Relevance: 2.7, Strings: 1, Instructions: 1456COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 3119 4d04936-4d04983 3126 4d04985-4d0498b call 4d04210 3119->3126 3127 4d049d6-4d049ea 3119->3127 3131 4d04990-4d0499b 3126->3131 3129 4d04a32-4d04a46 3127->3129 3130 4d049ec-4d049f7 3127->3130 3132 4d04b94-4d04ba8 3129->3132 3133 4d04a4c-4d04b59 3129->3133 3130->3129 3131->3127 3134 4d04cd4-4d04ce8 3132->3134 3135 4d04bae-4d04bc2 3132->3135 3133->3132 3138 4d04f74-4d04f88 3134->3138 3139 4d04cee-4d04f2d 3134->3139 3141 4d04bd0-4d04be4 3135->3141 3142 4d04bc4-4d04bcb 3135->3142 3143 4d04fe2-4d04ff6 3138->3143 3144 4d04f8a-4d04f91 3138->3144 3139->3138 3145 4d04be6-4d04bed 3141->3145 3146 4d04bef-4d04c03 3141->3146 3147 4d04c48-4d04c5c 3142->3147 3152 4d05045-4d05059 3143->3152 3153 4d04ff8 3143->3153 3171 4d04f9b 3144->3171 3145->3147 3150 4d04c05-4d04c0c 3146->3150 3151 4d04c0e-4d04c22 3146->3151 3154 4d04c76-4d04c82 3147->3154 3155 4d04c5e-4d04c74 3147->3155 3150->3147 3157 4d04c24-4d04c2b 3151->3157 3158 4d04c2d-4d04c41 3151->3158 3159 4d050a2-4d050b6 3152->3159 3160 4d0505b 3152->3160 3598 4d04ff8 call 4d072d1 3153->3598 3599 4d04ff8 call 4d0717b 3153->3599 3161 4d04c8d 3154->3161 3155->3161 3157->3147 3158->3147 3168 4d04c43-4d04c45 3158->3168 3162 4d050b8-4d050e1 3159->3162 3163 4d0512d-4d05141 3159->3163 3160->3159 3161->3134 3162->3163 3169 4d053b4-4d053c8 3163->3169 3170 4d05147-4d05363 3163->3170 3167 4d04ffe 3167->3152 3168->3147 3172 4d0549e-4d054b2 3169->3172 3173 4d053ce-4d05457 3169->3173 3537 4d05365 3170->3537 3538 4d05367 3170->3538 3171->3143 3177 4d054b8-4d05628 3172->3177 3178 4d0566f-4d05683 3172->3178 3173->3172 3177->3178 3183 4d057e6-4d057fa 3178->3183 3184 4d05689-4d0579f 3178->3184 3187 4d05800-4d05916 3183->3187 3188 4d0595d-4d05971 3183->3188 3184->3183 3187->3188 3190 4d05ad4-4d05ae8 3188->3190 3191 4d05977-4d05a8d 3188->3191 3197 4d05c4b-4d05c5f 3190->3197 3198 4d05aee-4d05c04 3190->3198 3191->3190 3205 4d05dc2-4d05dd6 3197->3205 3206 4d05c65-4d05d7b 3197->3206 3198->3197 3213 4d05f39-4d05f4d 3205->3213 3214 4d05ddc-4d05ef2 3205->3214 3206->3205 3217 4d060b0-4d060c4 3213->3217 3218 4d05f53-4d06069 3213->3218 3214->3213 3224 4d06227-4d0623b 3217->3224 3225 4d060ca-4d061e0 3217->3225 3218->3217 3231 4d06241-4d06357 3224->3231 3232 4d0639e-4d063b2 3224->3232 3225->3224 3231->3232 3244 4d06536-4d0654a 3232->3244 3245 4d063b8-4d063fd call 4d04278 3232->3245 3251 4d06550-4d0656f 3244->3251 3252 4d0668d-4d066a1 3244->3252 3365 4d064bd-4d064df 3245->3365 3282 4d06614-4d06636 3251->3282 3263 4d066a7-4d067a7 3252->3263 3264 4d067ee-4d06802 3252->3264 3263->3264 3269 4d06808-4d06908 3264->3269 3270 4d0694f-4d06963 3264->3270 3269->3270 3286 4d06ab0-4d06ada 3270->3286 3287 4d06969-4d06a69 3270->3287 3293 4d06574-4d06583 3282->3293 3294 4d0663c 3282->3294 3309 4d06ae0-4d06b53 3286->3309 3310 4d06b9a-4d06bae 3286->3310 3287->3286 3306 4d06589-4d065bc 3293->3306 3307 4d0663e 3293->3307 3294->3252 3398 4d06603-4d0660c 3306->3398 3399 4d065be-4d065f8 3306->3399 3325 4d06643-4d0668b 3307->3325 3309->3310 3321 4d06bb4-4d06c44 3310->3321 3322 4d06c8b-4d06c9f 3310->3322 3321->3322 3331 4d06de5-4d06df9 3322->3331 3332 4d06ca5-4d06d97 3322->3332 3325->3252 3342 4d0705c-4d07070 3331->3342 3343 4d06dff-4d06e4f 3331->3343 3570 4d06d9e 3332->3570 3354 4d07076-4d07111 call 4d04278 * 2 3342->3354 3355 4d07158-4d0715f 3342->3355 3455 4d06e51-4d06e77 3343->3455 3456 4d06ebd-4d06ee8 3343->3456 3354->3355 3378 4d06402-4d06411 3365->3378 3379 4d064e5 3365->3379 3396 4d064e7 3378->3396 3397 4d06417-4d064b5 3378->3397 3379->3244 3420 4d064ec-4d06534 3396->3420 3397->3420 3536 4d064b7 3397->3536 3398->3325 3402 4d0660e 3398->3402 3399->3398 3402->3282 3420->3244 3531 4d06eb8 3455->3531 3532 4d06e79-4d06e99 3455->3532 3529 4d06fc6-4d07057 3456->3529 3530 4d06eee-4d06fc1 3456->3530 3529->3342 3530->3342 3531->3342 3532->3531 3536->3365 3540 4d0536d 3537->3540 3538->3540 3540->3169 3570->3331 3598->3167 3599->3167
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID: 0-3916222277
                                      • Opcode ID: c9d528544ca8787e0d736ea0f4a4f6b7427564cab8d4727c1d0d3c9f7f55c02c
                                      • Instruction ID: cc339b4019f48444795ffd0afef2aa905a4b909b11d28fe0f0422ab0381ad794
                                      • Opcode Fuzzy Hash: c9d528544ca8787e0d736ea0f4a4f6b7427564cab8d4727c1d0d3c9f7f55c02c
                                      • Instruction Fuzzy Hash: 8AF23A74A01228CFDB25EF34D954BADB7B1BB49308F1081E9D909A77A4DB35AE81CF50
                                      Function 04D0499D Relevance: 2.7, Strings: 1, Instructions: 1447COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 3600 4d0499d-4d049ea 3607 4d04a32-4d04a46 3600->3607 3608 4d049ec-4d049f7 3600->3608 3609 4d04b94-4d04ba8 3607->3609 3610 4d04a4c-4d04b59 3607->3610 3608->3607 3611 4d04cd4-4d04ce8 3609->3611 3612 4d04bae-4d04bc2 3609->3612 3610->3609 3615 4d04f74-4d04f88 3611->3615 3616 4d04cee-4d04f2d 3611->3616 3617 4d04bd0-4d04be4 3612->3617 3618 4d04bc4-4d04bcb 3612->3618 3619 4d04fe2-4d04ff6 3615->3619 3620 4d04f8a-4d04f91 3615->3620 3616->3615 3621 4d04be6-4d04bed 3617->3621 3622 4d04bef-4d04c03 3617->3622 3623 4d04c48-4d04c5c 3618->3623 3628 4d05045-4d05059 3619->3628 3629 4d04ff8 3619->3629 3647 4d04f9b 3620->3647 3621->3623 3626 4d04c05-4d04c0c 3622->3626 3627 4d04c0e-4d04c22 3622->3627 3630 4d04c76-4d04c82 3623->3630 3631 4d04c5e-4d04c74 3623->3631 3626->3623 3633 4d04c24-4d04c2b 3627->3633 3634 4d04c2d-4d04c41 3627->3634 3635 4d050a2-4d050b6 3628->3635 3636 4d0505b 3628->3636 4074 4d04ff8 call 4d072d1 3629->4074 4075 4d04ff8 call 4d0717b 3629->4075 3637 4d04c8d 3630->3637 3631->3637 3633->3623 3634->3623 3644 4d04c43-4d04c45 3634->3644 3638 4d050b8-4d050e1 3635->3638 3639 4d0512d-4d05141 3635->3639 3636->3635 3637->3611 3638->3639 3645 4d053b4-4d053c8 3639->3645 3646 4d05147-4d05363 3639->3646 3643 4d04ffe 3643->3628 3644->3623 3648 4d0549e-4d054b2 3645->3648 3649 4d053ce-4d05457 3645->3649 4013 4d05365 3646->4013 4014 4d05367 3646->4014 3647->3619 3653 4d054b8-4d05628 3648->3653 3654 4d0566f-4d05683 3648->3654 3649->3648 3653->3654 3659 4d057e6-4d057fa 3654->3659 3660 4d05689-4d0579f 3654->3660 3663 4d05800-4d05916 3659->3663 3664 4d0595d-4d05971 3659->3664 3660->3659 3663->3664 3666 4d05ad4-4d05ae8 3664->3666 3667 4d05977-4d05a8d 3664->3667 3673 4d05c4b-4d05c5f 3666->3673 3674 4d05aee-4d05c04 3666->3674 3667->3666 3681 4d05dc2-4d05dd6 3673->3681 3682 4d05c65-4d05d7b 3673->3682 3674->3673 3689 4d05f39-4d05f4d 3681->3689 3690 4d05ddc-4d05ef2 3681->3690 3682->3681 3693 4d060b0-4d060c4 3689->3693 3694 4d05f53-4d06069 3689->3694 3690->3689 3700 4d06227-4d0623b 3693->3700 3701 4d060ca-4d061e0 3693->3701 3694->3693 3707 4d06241-4d06357 3700->3707 3708 4d0639e-4d063b2 3700->3708 3701->3700 3707->3708 3720 4d06536-4d0654a 3708->3720 3721 4d063b8-4d063fd call 4d04278 3708->3721 3727 4d06550-4d0656f 3720->3727 3728 4d0668d-4d066a1 3720->3728 3841 4d064bd-4d064df 3721->3841 3758 4d06614-4d06636 3727->3758 3739 4d066a7-4d067a7 3728->3739 3740 4d067ee-4d06802 3728->3740 3739->3740 3745 4d06808-4d06908 3740->3745 3746 4d0694f-4d06963 3740->3746 3745->3746 3762 4d06ab0-4d06ada 3746->3762 3763 4d06969-4d06a69 3746->3763 3769 4d06574-4d06583 3758->3769 3770 4d0663c 3758->3770 3785 4d06ae0-4d06b53 3762->3785 3786 4d06b9a-4d06bae 3762->3786 3763->3762 3782 4d06589-4d065bc 3769->3782 3783 4d0663e 3769->3783 3770->3728 3874 4d06603-4d0660c 3782->3874 3875 4d065be-4d065f8 3782->3875 3801 4d06643-4d0668b 3783->3801 3785->3786 3797 4d06bb4-4d06c44 3786->3797 3798 4d06c8b-4d06c9f 3786->3798 3797->3798 3807 4d06de5-4d06df9 3798->3807 3808 4d06ca5-4d06d97 3798->3808 3801->3728 3818 4d0705c-4d07070 3807->3818 3819 4d06dff-4d06e4f 3807->3819 4046 4d06d9e 3808->4046 3830 4d07076-4d07111 call 4d04278 * 2 3818->3830 3831 4d07158-4d0715f 3818->3831 3931 4d06e51-4d06e77 3819->3931 3932 4d06ebd-4d06ee8 3819->3932 3830->3831 3854 4d06402-4d06411 3841->3854 3855 4d064e5 3841->3855 3872 4d064e7 3854->3872 3873 4d06417-4d064b5 3854->3873 3855->3720 3896 4d064ec-4d06534 3872->3896 3873->3896 4012 4d064b7 3873->4012 3874->3801 3878 4d0660e 3874->3878 3875->3874 3878->3758 3896->3720 4007 4d06eb8 3931->4007 4008 4d06e79-4d06e99 3931->4008 4005 4d06fc6-4d07057 3932->4005 4006 4d06eee-4d06fc1 3932->4006 4005->3818 4006->3818 4007->3818 4008->4007 4012->3841 4016 4d0536d 4013->4016 4014->4016 4016->3645 4046->3807 4074->3643 4075->3643
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID: 0-3916222277
                                      • Opcode ID: 2765494053f7917042b889ad8b594cf339858a9a6706b6fc2a2ed75133b5a661
                                      • Instruction ID: 35244437e86bb56d4ee63af89db22a0b7a959b5f5f119d7304a811682134214e
                                      • Opcode Fuzzy Hash: 2765494053f7917042b889ad8b594cf339858a9a6706b6fc2a2ed75133b5a661
                                      • Instruction Fuzzy Hash: E2F23A74A01228CFDB25EF34D994BADB7B1BB49308F1081E9D909A77A4DB359E81CF50
                                      Function 04D049F9 Relevance: 2.7, Strings: 1, Instructions: 1440COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 4076 4d049f9-4d04a46 4083 4d04b94-4d04ba8 4076->4083 4084 4d04a4c-4d04b59 4076->4084 4085 4d04cd4-4d04ce8 4083->4085 4086 4d04bae-4d04bc2 4083->4086 4084->4083 4088 4d04f74-4d04f88 4085->4088 4089 4d04cee-4d04f2d 4085->4089 4090 4d04bd0-4d04be4 4086->4090 4091 4d04bc4-4d04bcb 4086->4091 4092 4d04fe2-4d04ff6 4088->4092 4093 4d04f8a-4d04f91 4088->4093 4089->4088 4094 4d04be6-4d04bed 4090->4094 4095 4d04bef-4d04c03 4090->4095 4096 4d04c48-4d04c5c 4091->4096 4101 4d05045-4d05059 4092->4101 4102 4d04ff8 4092->4102 4120 4d04f9b 4093->4120 4094->4096 4099 4d04c05-4d04c0c 4095->4099 4100 4d04c0e-4d04c22 4095->4100 4103 4d04c76-4d04c82 4096->4103 4104 4d04c5e-4d04c74 4096->4104 4099->4096 4106 4d04c24-4d04c2b 4100->4106 4107 4d04c2d-4d04c41 4100->4107 4108 4d050a2-4d050b6 4101->4108 4109 4d0505b 4101->4109 4547 4d04ff8 call 4d072d1 4102->4547 4548 4d04ff8 call 4d0717b 4102->4548 4110 4d04c8d 4103->4110 4104->4110 4106->4096 4107->4096 4117 4d04c43-4d04c45 4107->4117 4111 4d050b8-4d050e1 4108->4111 4112 4d0512d-4d05141 4108->4112 4109->4108 4110->4085 4111->4112 4118 4d053b4-4d053c8 4112->4118 4119 4d05147-4d05363 4112->4119 4116 4d04ffe 4116->4101 4117->4096 4121 4d0549e-4d054b2 4118->4121 4122 4d053ce-4d05457 4118->4122 4486 4d05365 4119->4486 4487 4d05367 4119->4487 4120->4092 4126 4d054b8-4d05628 4121->4126 4127 4d0566f-4d05683 4121->4127 4122->4121 4126->4127 4132 4d057e6-4d057fa 4127->4132 4133 4d05689-4d0579f 4127->4133 4136 4d05800-4d05916 4132->4136 4137 4d0595d-4d05971 4132->4137 4133->4132 4136->4137 4139 4d05ad4-4d05ae8 4137->4139 4140 4d05977-4d05a8d 4137->4140 4146 4d05c4b-4d05c5f 4139->4146 4147 4d05aee-4d05c04 4139->4147 4140->4139 4154 4d05dc2-4d05dd6 4146->4154 4155 4d05c65-4d05d7b 4146->4155 4147->4146 4162 4d05f39-4d05f4d 4154->4162 4163 4d05ddc-4d05ef2 4154->4163 4155->4154 4166 4d060b0-4d060c4 4162->4166 4167 4d05f53-4d06069 4162->4167 4163->4162 4173 4d06227-4d0623b 4166->4173 4174 4d060ca-4d061e0 4166->4174 4167->4166 4180 4d06241-4d06357 4173->4180 4181 4d0639e-4d063b2 4173->4181 4174->4173 4180->4181 4193 4d06536-4d0654a 4181->4193 4194 4d063b8-4d063fd call 4d04278 4181->4194 4200 4d06550-4d0656f 4193->4200 4201 4d0668d-4d066a1 4193->4201 4314 4d064bd-4d064df 4194->4314 4231 4d06614-4d06636 4200->4231 4212 4d066a7-4d067a7 4201->4212 4213 4d067ee-4d06802 4201->4213 4212->4213 4218 4d06808-4d06908 4213->4218 4219 4d0694f-4d06963 4213->4219 4218->4219 4235 4d06ab0-4d06ada 4219->4235 4236 4d06969-4d06a69 4219->4236 4242 4d06574-4d06583 4231->4242 4243 4d0663c 4231->4243 4258 4d06ae0-4d06b53 4235->4258 4259 4d06b9a-4d06bae 4235->4259 4236->4235 4255 4d06589-4d065bc 4242->4255 4256 4d0663e 4242->4256 4243->4201 4347 4d06603-4d0660c 4255->4347 4348 4d065be-4d065f8 4255->4348 4274 4d06643-4d0668b 4256->4274 4258->4259 4270 4d06bb4-4d06c44 4259->4270 4271 4d06c8b-4d06c9f 4259->4271 4270->4271 4280 4d06de5-4d06df9 4271->4280 4281 4d06ca5-4d06d97 4271->4281 4274->4201 4291 4d0705c-4d07070 4280->4291 4292 4d06dff-4d06e4f 4280->4292 4519 4d06d9e 4281->4519 4303 4d07076-4d07111 call 4d04278 * 2 4291->4303 4304 4d07158-4d0715f 4291->4304 4404 4d06e51-4d06e77 4292->4404 4405 4d06ebd-4d06ee8 4292->4405 4303->4304 4327 4d06402-4d06411 4314->4327 4328 4d064e5 4314->4328 4345 4d064e7 4327->4345 4346 4d06417-4d064b5 4327->4346 4328->4193 4369 4d064ec-4d06534 4345->4369 4346->4369 4485 4d064b7 4346->4485 4347->4274 4351 4d0660e 4347->4351 4348->4347 4351->4231 4369->4193 4480 4d06eb8 4404->4480 4481 4d06e79-4d06e99 4404->4481 4478 4d06fc6-4d07057 4405->4478 4479 4d06eee-4d06fc1 4405->4479 4478->4291 4479->4291 4480->4291 4481->4480 4485->4314 4489 4d0536d 4486->4489 4487->4489 4489->4118 4519->4280 4547->4116 4548->4116
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID: 0-3916222277
                                      • Opcode ID: 8730a1c4a7cb9ae5fbc166496ac00c4d09289ae880b419cabfc37d9ed83ffee7
                                      • Instruction ID: 3b1ba76468bc660ec5aff27355a63150b89080c58966079bee05fe3e76ee515c
                                      • Opcode Fuzzy Hash: 8730a1c4a7cb9ae5fbc166496ac00c4d09289ae880b419cabfc37d9ed83ffee7
                                      • Instruction Fuzzy Hash: 7AF23A74A01228CFDB25EF34D994BADB7B1BB49308F1081E9D909A77A4DB359E81CF50
                                      Function 04D04B5B Relevance: 2.6, Strings: 1, Instructions: 1383COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 4549 4d04b5b-4d04ba8 4556 4d04cd4-4d04ce8 4549->4556 4557 4d04bae-4d04bc2 4549->4557 4558 4d04f74-4d04f88 4556->4558 4559 4d04cee-4d04f2d 4556->4559 4560 4d04bd0-4d04be4 4557->4560 4561 4d04bc4-4d04bcb 4557->4561 4562 4d04fe2-4d04ff6 4558->4562 4563 4d04f8a-4d04f91 4558->4563 4559->4558 4564 4d04be6-4d04bed 4560->4564 4565 4d04bef-4d04c03 4560->4565 4566 4d04c48-4d04c5c 4561->4566 4570 4d05045-4d05059 4562->4570 4571 4d04ff8 4562->4571 4588 4d04f9b 4563->4588 4564->4566 4568 4d04c05-4d04c0c 4565->4568 4569 4d04c0e-4d04c22 4565->4569 4572 4d04c76-4d04c82 4566->4572 4573 4d04c5e-4d04c74 4566->4573 4568->4566 4575 4d04c24-4d04c2b 4569->4575 4576 4d04c2d-4d04c41 4569->4576 4577 4d050a2-4d050b6 4570->4577 4578 4d0505b 4570->4578 5004 4d04ff8 call 4d072d1 4571->5004 5005 4d04ff8 call 4d0717b 4571->5005 4579 4d04c8d 4572->4579 4573->4579 4575->4566 4576->4566 4585 4d04c43-4d04c45 4576->4585 4580 4d050b8-4d050e1 4577->4580 4581 4d0512d-4d05141 4577->4581 4578->4577 4579->4556 4580->4581 4586 4d053b4-4d053c8 4581->4586 4587 4d05147-4d05363 4581->4587 4584 4d04ffe 4584->4570 4585->4566 4589 4d0549e-4d054b2 4586->4589 4590 4d053ce-4d05457 4586->4590 4943 4d05365 4587->4943 4944 4d05367 4587->4944 4588->4562 4593 4d054b8-4d05628 4589->4593 4594 4d0566f-4d05683 4589->4594 4590->4589 4593->4594 4598 4d057e6-4d057fa 4594->4598 4599 4d05689-4d0579f 4594->4599 4602 4d05800-4d05916 4598->4602 4603 4d0595d-4d05971 4598->4603 4599->4598 4602->4603 4605 4d05ad4-4d05ae8 4603->4605 4606 4d05977-4d05a8d 4603->4606 4611 4d05c4b-4d05c5f 4605->4611 4612 4d05aee-4d05c04 4605->4612 4606->4605 4618 4d05dc2-4d05dd6 4611->4618 4619 4d05c65-4d05d7b 4611->4619 4612->4611 4626 4d05f39-4d05f4d 4618->4626 4627 4d05ddc-4d05ef2 4618->4627 4619->4618 4630 4d060b0-4d060c4 4626->4630 4631 4d05f53-4d06069 4626->4631 4627->4626 4637 4d06227-4d0623b 4630->4637 4638 4d060ca-4d061e0 4630->4638 4631->4630 4643 4d06241-4d06357 4637->4643 4644 4d0639e-4d063b2 4637->4644 4638->4637 4643->4644 4655 4d06536-4d0654a 4644->4655 4656 4d063b8-4d063fd call 4d04278 4644->4656 4662 4d06550-4d0656f 4655->4662 4663 4d0668d-4d066a1 4655->4663 4771 4d064bd-4d064df 4656->4771 4691 4d06614-4d06636 4662->4691 4673 4d066a7-4d067a7 4663->4673 4674 4d067ee-4d06802 4663->4674 4673->4674 4679 4d06808-4d06908 4674->4679 4680 4d0694f-4d06963 4674->4680 4679->4680 4695 4d06ab0-4d06ada 4680->4695 4696 4d06969-4d06a69 4680->4696 4702 4d06574-4d06583 4691->4702 4703 4d0663c 4691->4703 4717 4d06ae0-4d06b53 4695->4717 4718 4d06b9a-4d06bae 4695->4718 4696->4695 4714 4d06589-4d065bc 4702->4714 4715 4d0663e 4702->4715 4703->4663 4804 4d06603-4d0660c 4714->4804 4805 4d065be-4d065f8 4714->4805 4732 4d06643-4d0668b 4715->4732 4717->4718 4728 4d06bb4-4d06c44 4718->4728 4729 4d06c8b-4d06c9f 4718->4729 4728->4729 4738 4d06de5-4d06df9 4729->4738 4739 4d06ca5-4d06d97 4729->4739 4732->4663 4748 4d0705c-4d07070 4738->4748 4749 4d06dff-4d06e4f 4738->4749 4976 4d06d9e 4739->4976 4760 4d07076-4d07111 call 4d04278 * 2 4748->4760 4761 4d07158-4d0715f 4748->4761 4861 4d06e51-4d06e77 4749->4861 4862 4d06ebd-4d06ee8 4749->4862 4760->4761 4784 4d06402-4d06411 4771->4784 4785 4d064e5 4771->4785 4802 4d064e7 4784->4802 4803 4d06417-4d064b5 4784->4803 4785->4655 4826 4d064ec-4d06534 4802->4826 4803->4826 4942 4d064b7 4803->4942 4804->4732 4808 4d0660e 4804->4808 4805->4804 4808->4691 4826->4655 4937 4d06eb8 4861->4937 4938 4d06e79-4d06e99 4861->4938 4935 4d06fc6-4d07057 4862->4935 4936 4d06eee-4d06fc1 4862->4936 4935->4748 4936->4748 4937->4748 4938->4937 4942->4771 4946 4d0536d 4943->4946 4944->4946 4946->4586 4976->4738 5004->4584 5005->4584
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID: 0-3916222277
                                      • Opcode ID: ae89e7d4820cf47c0196708fb2492300e33cbb3073c34ae48240ef4098f3418c
                                      • Instruction ID: 62d5b59fe45410fb3a3b971eee851656c4088f208798f5a27c9bef38132c4640
                                      • Opcode Fuzzy Hash: ae89e7d4820cf47c0196708fb2492300e33cbb3073c34ae48240ef4098f3418c
                                      • Instruction Fuzzy Hash: FDE23A74A01228CFDB25EF34D994BADB7B1BB49308F1081E9D909A77A4DB359E81CF50
                                      Function 054C2677 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                      Download Yara Rule
                                      APIs
                                      • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 054C26F7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: AdjustPrivilegesToken
                                      • String ID:
                                      • API String ID: 2874748243-0
                                      • Opcode ID: 44f839e3cb6330391570e5ae72926048ebda9d8ff395ec4b5ebc02739a054865
                                      • Instruction ID: 27867078209075ce50734d7902537eae733c6ce18dd10d5e6440a1fc3fe58f70
                                      • Opcode Fuzzy Hash: 44f839e3cb6330391570e5ae72926048ebda9d8ff395ec4b5ebc02739a054865
                                      • Instruction Fuzzy Hash: 5F21B4755097809FDB228F25DC40B92BFB4AF46210F0884DAE9858F563D2709908CB61
                                      Function 054C26AE Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                      Download Yara Rule
                                      APIs
                                      • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 054C26F7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: AdjustPrivilegesToken
                                      • String ID:
                                      • API String ID: 2874748243-0
                                      • Opcode ID: 2938b7c8e97bf61805f9ecd657ad04981c87dab5b941cb1dcbd624b432451e78
                                      • Instruction ID: f86793b5caf8fdb5d3974ad43c37f4b713bba50b4d3b7c69f3335d40f0ba8cd5
                                      • Opcode Fuzzy Hash: 2938b7c8e97bf61805f9ecd657ad04981c87dab5b941cb1dcbd624b432451e78
                                      • Instruction Fuzzy Hash: 84119E796042009FDB60CF15D884BA6FBE4FF44220F0884AEED898BA52D3B5E418DF71
                                      Function 04D04C8F Relevance: 1.4, Instructions: 1362COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3e84cf2b0d03c36d436987d559049819e464b3dc1768a95be7fe6923edd232d3
                                      • Instruction ID: a6dab423a78dd6a5cf4e275af38bced07c0e75e4e421943ba1a361ff17bf40bc
                                      • Opcode Fuzzy Hash: 3e84cf2b0d03c36d436987d559049819e464b3dc1768a95be7fe6923edd232d3
                                      • Instruction Fuzzy Hash: 5BE23A74A01228CFDB25EF34D994BADB7B1BB49308F1081E9D909A77A4DB359E81CF50
                                      Function 04D04F2F Relevance: 1.2, Instructions: 1245COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c5145b419b4dfe4e93a00ba26175eff09a15d1e850c0937af75aae50bcd6b534
                                      • Instruction ID: a593a238a4845c2be12f69f71b5515e073c91ae7bc2865b4925c70ee3ca131fc
                                      • Opcode Fuzzy Hash: c5145b419b4dfe4e93a00ba26175eff09a15d1e850c0937af75aae50bcd6b534
                                      • Instruction Fuzzy Hash: 95D22974A01228CFDB25EF34D994BADB7B1BB49308F1081E9D809A77A4DB759E81CF50
                                      Function 04D04F9D Relevance: 1.2, Instructions: 1236COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c9fc1cc80c9fefe10c7d29432437dab749f2fd99ada2fa702e91fcbb2286585d
                                      • Instruction ID: 633d92e2926896f8c1d05ffbb9d88f63a082036b41991d784e5e8c6fb4077f9d
                                      • Opcode Fuzzy Hash: c9fc1cc80c9fefe10c7d29432437dab749f2fd99ada2fa702e91fcbb2286585d
                                      • Instruction Fuzzy Hash: 7BD22974A01228CFDB25EF34D994BADB7B1BB49308F1081E9D809A77A4DB759E81CF50
                                      Function 04D05000 Relevance: 1.2, Instructions: 1230COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 82f92c780f02fa99d8f6c61bf1425a8d15408446c7b3e5c284ac9a18e45f2cee
                                      • Instruction ID: 24fd09cbf78259c81164baa2c3dc1661e09116605954cace5998ffbfa16896cd
                                      • Opcode Fuzzy Hash: 82f92c780f02fa99d8f6c61bf1425a8d15408446c7b3e5c284ac9a18e45f2cee
                                      • Instruction Fuzzy Hash: E1D22974A01228CFDB25EF34D994BADB7B1BB49308F1081E9D809A77A4DB759E81CF50
                                      Function 04D0505D Relevance: 1.2, Instructions: 1225COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e9a982e87d71508942af39a58472dbbbf48338e13692569a28298bf31840ca7f
                                      • Instruction ID: 70e9d94684f6d4fcc95638135ab9fb9900f14e7ce30a21cd450c92b9e6c5c6aa
                                      • Opcode Fuzzy Hash: e9a982e87d71508942af39a58472dbbbf48338e13692569a28298bf31840ca7f
                                      • Instruction Fuzzy Hash: 4AD22874A01228CFDB25EF34D994BADB7B1BB49308F1081E9D809A77A4DB759E81CF50
                                      Function 04D050E3 Relevance: 1.2, Instructions: 1210COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ce7b3923c3302a3d3ba44484ac0d8f4d3cb8d4640b655f87577be72b4ec5f403
                                      • Instruction ID: 865161a11530570b4d41f8eb40394e4c650790088c833c3a9c2f3a7766eb71ab
                                      • Opcode Fuzzy Hash: ce7b3923c3302a3d3ba44484ac0d8f4d3cb8d4640b655f87577be72b4ec5f403
                                      • Instruction Fuzzy Hash: 7CD22974A01228CFDB25EF34D994BADB7B1BB49308F1081E9D809A77A4DB759E81CF50
                                      Function 04D0536F Relevance: 1.1, Instructions: 1071COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 17fa4fa8e6444f0d6f3b001e2ec3d960f84a3686b664c657c6d20a70793cd896
                                      • Instruction ID: 2b4a24681dd8c53d67b4832556870ea9df287a4644d31f3dbf534b61bf3cc4c1
                                      • Opcode Fuzzy Hash: 17fa4fa8e6444f0d6f3b001e2ec3d960f84a3686b664c657c6d20a70793cd896
                                      • Instruction Fuzzy Hash: 7BC22674A01228CFDB25EF34D954BADB7B1BB49308F1081E9D809A77A4DB75AE81CF50
                                      Function 04D05459 Relevance: 1.0, Instructions: 1040COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 366c48254edf5cbeb354e1f2ec7456bcb590444409c95edfa905bb166387063d
                                      • Instruction ID: 96a0720539ef28222f72acb5f6a24cd9d3dced0be6757050e36970f85f82380b
                                      • Opcode Fuzzy Hash: 366c48254edf5cbeb354e1f2ec7456bcb590444409c95edfa905bb166387063d
                                      • Instruction Fuzzy Hash: 47C22774A01228CFDB25EF34D954BADB7B1BB49308F1081E9D809A77A4DB75AE81CF50
                                      Function 054C214E Relevance: 1.6, APIs: 1, Instructions: 128registryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 5006 54c214e-54c2206 5010 54c2208 5006->5010 5011 54c220b-54c2217 5006->5011 5010->5011 5012 54c221c-54c2225 5011->5012 5013 54c2219 5011->5013 5014 54c222a-54c2241 5012->5014 5015 54c2227 5012->5015 5013->5012 5017 54c2283-54c2288 5014->5017 5018 54c2243-54c2256 RegCreateKeyExW 5014->5018 5015->5014 5017->5018 5019 54c2258-54c2280 5018->5019 5020 54c228a-54c228f 5018->5020 5020->5019
                                      APIs
                                      • RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 054C2249
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: f7403fb839fc75945e8f3e28e3f5983b66500ace6cfa0f5f04858557170d9459
                                      • Instruction ID: 90a47080ee0e357850176eb2867c524c2df3c4289ca86bdecd9bf9818d75909e
                                      • Opcode Fuzzy Hash: f7403fb839fc75945e8f3e28e3f5983b66500ace6cfa0f5f04858557170d9459
                                      • Instruction Fuzzy Hash: 30418E751093806FE7238B248C50FA2BFB8EF47214F0949DAE9C5CB663D264E809CB71
                                      Function 054C063F Relevance: 1.6, APIs: 1, Instructions: 98registryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 5025 54c063f-54c065f 5026 54c0681-54c06b3 5025->5026 5027 54c0661-54c0680 5025->5027 5031 54c06b6-54c070e RegQueryValueExW 5026->5031 5027->5026 5033 54c0714-54c072a 5031->5033
                                      APIs
                                      • RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 054C0706
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: QueryValue
                                      • String ID:
                                      • API String ID: 3660427363-0
                                      • Opcode ID: 46383b8836f6c8f9cb36ada8ba76c54780a27051f395c4587a8e73c5c24f4c3a
                                      • Instruction ID: af8d53eb4e70f8ed6720135e2a7360db42754e408f236c1972fd4294c3cc87fa
                                      • Opcode Fuzzy Hash: 46383b8836f6c8f9cb36ada8ba76c54780a27051f395c4587a8e73c5c24f4c3a
                                      • Instruction Fuzzy Hash: 4D319E6510E3C0AFD3138B258C65A61BFB4EF87610F0E45CBD8C48F6A3D2696909D7B2
                                      Function 00C0B1E6 Relevance: 1.6, APIs: 1, Instructions: 97registryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 5034 c0b1e6-c0b1e8 5035 c0b1f2-c0b26d 5034->5035 5036 c0b1ea-c0b1f1 5034->5036 5040 c0b272-c0b289 5035->5040 5041 c0b26f 5035->5041 5036->5035 5043 c0b2cb-c0b2d0 5040->5043 5044 c0b28b-c0b29e RegOpenKeyExW 5040->5044 5041->5040 5043->5044 5045 c0b2a0-c0b2c8 5044->5045 5046 c0b2d2-c0b2d7 5044->5046 5046->5045
                                      APIs
                                      • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 00C0B291
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: Open
                                      • String ID:
                                      • API String ID: 71445658-0
                                      • Opcode ID: 567ad62d30d60317cd9b574c1b2fb23bc6211fe3e711d0ed3bbe8bca86586cb6
                                      • Instruction ID: 989f8e5dd83201c64e4f467bc93496e2edb92854dbc931a3784e09191ce436df
                                      • Opcode Fuzzy Hash: 567ad62d30d60317cd9b574c1b2fb23bc6211fe3e711d0ed3bbe8bca86586cb6
                                      • Instruction Fuzzy Hash: BB318471409384AFD722CB65CC45FAABFB8EF16214F08849BE984CB5A3D324E919C771
                                      Function 054C13DC Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 5051 54c13dc-54c149b 5057 54c14ed-54c14f2 5051->5057 5058 54c149d-54c14a5 getaddrinfo 5051->5058 5057->5058 5059 54c14ab-54c14bd 5058->5059 5061 54c14bf-54c14ea 5059->5061 5062 54c14f4-54c14f9 5059->5062 5062->5061
                                      APIs
                                      • getaddrinfo.WS2_32(?,00000E24), ref: 054C14A3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: getaddrinfo
                                      • String ID:
                                      • API String ID: 300660673-0
                                      • Opcode ID: 778800aa53dc8e4b122450bda00161f8799be9b39ed3b0caf4723bd908d941fd
                                      • Instruction ID: 5fa1feb7f2fe5de912c019de6eabc01a088c0c99811f8a9da528e60586a79e77
                                      • Opcode Fuzzy Hash: 778800aa53dc8e4b122450bda00161f8799be9b39ed3b0caf4723bd908d941fd
                                      • Instruction Fuzzy Hash: 03318DB1504344AFEB31CB60DC84FA6FBACEF55314F04489AFA489B692D675A908CB71
                                      Function 00C0AA75 Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 5066 c0aa75-c0aafe 5070 c0ab00 5066->5070 5071 c0ab03-c0ab0f 5066->5071 5070->5071 5072 c0ab11 5071->5072 5073 c0ab14-c0ab1d 5071->5073 5072->5073 5074 c0ab6e-c0ab73 5073->5074 5075 c0ab1f-c0ab43 CreateFileW 5073->5075 5074->5075 5078 c0ab75-c0ab7a 5075->5078 5079 c0ab45-c0ab6b 5075->5079 5078->5079
                                      APIs
                                      • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00C0AB25
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID:
                                      • API String ID: 823142352-0
                                      • Opcode ID: 2a8772c3e11ffdcc743faf683558a373078739a857aeeee9f76a835b7e557852
                                      • Instruction ID: 933c9e0008183dec623cf2d60c8d27ee792e39ff710e4ae9fbd4a528fc7366ee
                                      • Opcode Fuzzy Hash: 2a8772c3e11ffdcc743faf683558a373078739a857aeeee9f76a835b7e557852
                                      • Instruction Fuzzy Hash: DB315071505340AFE721CF65DC45F56BBF8EF06314F08889EE9858B692D375E908CB61
                                      Function 00C0B2D9 Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegQueryValueExW.KERNELBASE(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 00C0B394
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: QueryValue
                                      • String ID:
                                      • API String ID: 3660427363-0
                                      • Opcode ID: db91e662fc97f08d11dbb8db11445fe6ea5ac5876d0c4d18939a2fb9abc30fae
                                      • Instruction ID: c77a69da8bbf2942a6fd025f0f32706012f9393aa5f78abd72df5ca2516a1d94
                                      • Opcode Fuzzy Hash: db91e662fc97f08d11dbb8db11445fe6ea5ac5876d0c4d18939a2fb9abc30fae
                                      • Instruction Fuzzy Hash: B031B3751083846FD722CB61CC44FA2BFB8EF06314F18849AE985CB2A3D764E908CB61
                                      Function 00C0B036 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateMutexW.KERNELBASE(?,?), ref: 00C0B0DD
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: CreateMutex
                                      • String ID:
                                      • API String ID: 1964310414-0
                                      • Opcode ID: 9ecb1418b8b80be046767f4bb58b4101933667fc429eaf3e5a102bad0fd5953c
                                      • Instruction ID: d42aac8938e273d0765e2574dc331c1b3ac20abfd002ef7ee6bf3df54a45a47d
                                      • Opcode Fuzzy Hash: 9ecb1418b8b80be046767f4bb58b4101933667fc429eaf3e5a102bad0fd5953c
                                      • Instruction Fuzzy Hash: 253172B15097805FE721CB25DD45B96BFB8EF06314F08849AE984CB293D375A909C762
                                      Function 054C0BD0 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                      Download Yara Rule
                                      APIs
                                      • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 054C0C67
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: DescriptorSecurity$ConvertString
                                      • String ID:
                                      • API String ID: 3907675253-0
                                      • Opcode ID: c62c9cd0eea5c999349f42f2d2c17c18e951778c61f534c339fc1dc38ed5a6d9
                                      • Instruction ID: f3aa701db880dad3f735c8a7eb8d84d5a2d3ecab0d81845d10f195b7f782e0bc
                                      • Opcode Fuzzy Hash: c62c9cd0eea5c999349f42f2d2c17c18e951778c61f534c339fc1dc38ed5a6d9
                                      • Instruction Fuzzy Hash: 64318171504384AFE721CB64DC45FABBFF8EF46210F0884AAE948DB652D234E918CB71
                                      Function 054C12D4 Relevance: 1.6, APIs: 1, Instructions: 88timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetProcessTimes.KERNELBASE(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 054C1371
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: ProcessTimes
                                      • String ID:
                                      • API String ID: 1995159646-0
                                      • Opcode ID: 4db8bf5cfc83550efabdf87a4bf349bf3cafc203b3e1ad99338a6db9b42a240a
                                      • Instruction ID: cbcfc16567022cb8d1c2155ee5d2d19ceaca10678e56628d4a7fb397781fc268
                                      • Opcode Fuzzy Hash: 4db8bf5cfc83550efabdf87a4bf349bf3cafc203b3e1ad99338a6db9b42a240a
                                      • Instruction Fuzzy Hash: 9731D4765053806FE7228F64DD45FA6BFB8EF46314F0884DBE9848B5A3D234A909CB71
                                      Function 00C0B99A Relevance: 1.6, APIs: 1, Instructions: 86fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CopyFileW.KERNELBASE(?,?,?), ref: 00C0BA3A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: CopyFile
                                      • String ID:
                                      • API String ID: 1304948518-0
                                      • Opcode ID: 576bc4deab97fea26af332e67caee378115ef7419e1a4536e9273d34c6c64fac
                                      • Instruction ID: 0c21343f4e57c76ce17d96d6071855ec078c08f31f960a77517c6861527e4221
                                      • Opcode Fuzzy Hash: 576bc4deab97fea26af332e67caee378115ef7419e1a4536e9273d34c6c64fac
                                      • Instruction Fuzzy Hash: 2431497160E3C09FD7128B259C55A52BFB4EF07210F0A84DBD985CF6A3D228AD09CB72
                                      Function 054C21AE Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 054C2249
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: c47e72f8d6b16ee8a1fecc4fd9576acdc6679f71b9989fa1fd15581cfab04960
                                      • Instruction ID: 14fc84a0fe6776f8698d66a90f950adefb74093da5899bb0c08c9ddd5837197d
                                      • Opcode Fuzzy Hash: c47e72f8d6b16ee8a1fecc4fd9576acdc6679f71b9989fa1fd15581cfab04960
                                      • Instruction Fuzzy Hash: 9421A27A504304AFEB71CE55CC40FA7FBECEF48214F0489AAE986C6651D7B0E5188AB1
                                      Function 00C0A6CE Relevance: 1.6, APIs: 1, Instructions: 85comclipboardCOMMON
                                      Download Yara Rule
                                      APIs
                                      • OleGetClipboard.OLE32(?,00000E24,?,?), ref: 00C0A77E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: Clipboard
                                      • String ID:
                                      • API String ID: 220874293-0
                                      • Opcode ID: 47e90581a6ba85d3f80fde827345a363033090d0324cfab41c2ee4195ff87af0
                                      • Instruction ID: 7b92eb9f33f1ab7a2b9b0a15c2f94d7605d3f8e9e6303cda5da355278bf917a5
                                      • Opcode Fuzzy Hash: 47e90581a6ba85d3f80fde827345a363033090d0324cfab41c2ee4195ff87af0
                                      • Instruction Fuzzy Hash: 28316D7104D3C06FD3138B259C61B62BFB4EF47614F0A40DBE884CB6A3D2296919D7B2
                                      Function 054C13FE Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                      Download Yara Rule
                                      APIs
                                      • getaddrinfo.WS2_32(?,00000E24), ref: 054C14A3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: getaddrinfo
                                      • String ID:
                                      • API String ID: 300660673-0
                                      • Opcode ID: 3e7ff9311b4a32415eb9f7a0622d0f1ab85ad1e32b99525939233162efbb7869
                                      • Instruction ID: d3a180bdbca21fe9fe90cc96ab6e247ff46d41c6f3f2f1f724c1d78e1bf09b8c
                                      • Opcode Fuzzy Hash: 3e7ff9311b4a32415eb9f7a0622d0f1ab85ad1e32b99525939233162efbb7869
                                      • Instruction Fuzzy Hash: 0121A371100304AEEB30DB64DD85FEAFBACEF44714F0448AAFA489A681D775E509CB75
                                      Function 00C0B4C8 Relevance: 1.6, APIs: 1, Instructions: 82windowtimeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageTimeoutA.USER32(?,00000E24), ref: 00C0B571
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: MessageSendTimeout
                                      • String ID:
                                      • API String ID: 1599653421-0
                                      • Opcode ID: 231c0c609d836ab4458f2197478e41d736b09b10e758e288116521a4cdb9a3d7
                                      • Instruction ID: 404dfe38d466f961cae31bff4fa232a61ee46e452fd507026639c04e8e1640ad
                                      • Opcode Fuzzy Hash: 231c0c609d836ab4458f2197478e41d736b09b10e758e288116521a4cdb9a3d7
                                      • Instruction Fuzzy Hash: 6021B971104740AFD7318F51DC44FA6FFB8EF46310F08849AE9845F552D375A909CB61
                                      Function 054C2421 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: select
                                      • String ID:
                                      • API String ID: 1274211008-0
                                      • Opcode ID: 37832347da05e3aabf9e78c03102a6acfe7eb8ceb005219565f0fed01e486daa
                                      • Instruction ID: a43b471f5f193b6a553d37867ac72c8149b649aab43474c54e61ddafbe403a37
                                      • Opcode Fuzzy Hash: 37832347da05e3aabf9e78c03102a6acfe7eb8ceb005219565f0fed01e486daa
                                      • Instruction Fuzzy Hash: 2C216F755087849FD762CF25DC44AA2BFF8FF46210F0884DAE984CB262D264A908DB61
                                      Function 054C27F9 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetExitCodeProcess.KERNELBASE(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 054C2880
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: CodeExitProcess
                                      • String ID:
                                      • API String ID: 3861947596-0
                                      • Opcode ID: ae8dc6eb7ffec404f84bea93c10589de2938bf6d0a152b2af937b233941b24c0
                                      • Instruction ID: a1c8124d1db93851748d408bb3a29bc906bd79e7e9f9d2029a2ee83e21a1d413
                                      • Opcode Fuzzy Hash: ae8dc6eb7ffec404f84bea93c10589de2938bf6d0a152b2af937b233941b24c0
                                      • Instruction Fuzzy Hash: 9A21B2755093806FE722CB15CC45FA6BFA8EF46314F0884EBE984CF292D274A908C771
                                      Function 00C0AE77 Relevance: 1.6, APIs: 1, Instructions: 78fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WriteFile.KERNELBASE(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 00C0AF0D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: FileWrite
                                      • String ID:
                                      • API String ID: 3934441357-0
                                      • Opcode ID: c3fb9b951e15d6c2c8b268eb2c93147fe3c9eda781045045dbf97729f28a2ea3
                                      • Instruction ID: 55c471908a18bea6f01dd15080294e73599985f7671d1dd7a1625a36d8fd8815
                                      • Opcode Fuzzy Hash: c3fb9b951e15d6c2c8b268eb2c93147fe3c9eda781045045dbf97729f28a2ea3
                                      • Instruction Fuzzy Hash: E121A6B1409380AFD722CB51DD44F96BFB8EF46314F08849AE9849F563D274A909CB71
                                      Function 00C0B3EA Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegSetValueExW.KERNELBASE(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 00C0B480
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: Value
                                      • String ID:
                                      • API String ID: 3702945584-0
                                      • Opcode ID: 63c1b912952b0477fddd9b39260eeaf37711b8cda3d74e3b094cbd80fb3c8757
                                      • Instruction ID: f51cd8e4a93dc88ab601a2bd3cb4edb83112452143e71b0e51cb61c518e8d17c
                                      • Opcode Fuzzy Hash: 63c1b912952b0477fddd9b39260eeaf37711b8cda3d74e3b094cbd80fb3c8757
                                      • Instruction Fuzzy Hash: 6221AE72504780AFD722CB51CC44FA7BFB8EF46314F08849AE9859B2A3D364E908CB71
                                      Function 054C0732 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WSASocketW.WS2_32(?,?,?,?,?), ref: 054C07BE
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: Socket
                                      • String ID:
                                      • API String ID: 38366605-0
                                      • Opcode ID: 847af94ea918f8d22a45ad14b06f70a6054c8c2da691c2cadd9e088a57d9fe5e
                                      • Instruction ID: b75ec90328dffbfbcf01ea1b9340408b860ff209eceff0d1cca2215157ed8f5c
                                      • Opcode Fuzzy Hash: 847af94ea918f8d22a45ad14b06f70a6054c8c2da691c2cadd9e088a57d9fe5e
                                      • Instruction Fuzzy Hash: B0219171405380AFE721CF55DD45F96FFB8EF0A214F04889EE9858B652D275A508CB72
                                      Function 054C0D86 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: FileView
                                      • String ID:
                                      • API String ID: 3314676101-0
                                      • Opcode ID: d27c8cd23e1bdfc739423bcaa6555d5ea0949a80bd43f3992dc6dc4a7792705f
                                      • Instruction ID: 63231c1bb45a952e00f4e3d8ec4b79822e7a7c5a3cc29c8125d84638a214b31d
                                      • Opcode Fuzzy Hash: d27c8cd23e1bdfc739423bcaa6555d5ea0949a80bd43f3992dc6dc4a7792705f
                                      • Instruction Fuzzy Hash: AB21A071404380AFE722CB15DD44F96FFF8EF0A214F04889EE9888B652D375A908CB62
                                      Function 00C0AAA6 Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00C0AB25
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID:
                                      • API String ID: 823142352-0
                                      • Opcode ID: be3da90be231c90b2d40f5a0f3969a06ede420f0fa63d46e5d8285fbe1b5fa61
                                      • Instruction ID: 0376126a48a1f437af2c4cd5932cc4de8ddcfd75e7496bcca894b5eef2978953
                                      • Opcode Fuzzy Hash: be3da90be231c90b2d40f5a0f3969a06ede420f0fa63d46e5d8285fbe1b5fa61
                                      • Instruction Fuzzy Hash: A5216D71600300AFEB21DF65DD45BA6FBE8EF09714F048869E9498A692D375E908CA72
                                      Function 054C0ADE Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegQueryValueExW.KERNELBASE(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 054C0B7C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: QueryValue
                                      • String ID:
                                      • API String ID: 3660427363-0
                                      • Opcode ID: 896495ea9c94c7a99d458eddd76be9012556a9c9e25c63eafacfe386c8718a16
                                      • Instruction ID: 8fea8eb5129111ed52580794f631d2e6a1f5244f0711a9101c491559464b4dc9
                                      • Opcode Fuzzy Hash: 896495ea9c94c7a99d458eddd76be9012556a9c9e25c63eafacfe386c8718a16
                                      • Instruction Fuzzy Hash: 35219F75509780AFD721CB55CC48FA7BFF8AF46314F0884DAE9898B692D324E908CB61
                                      Function 054C0BF6 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                      Download Yara Rule
                                      APIs
                                      • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 054C0C67
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: DescriptorSecurity$ConvertString
                                      • String ID:
                                      • API String ID: 3907675253-0
                                      • Opcode ID: df7a9df6b0b9fda30ece5e4e5d0d3cbb8e76150572e7dd5e5cb04178948f318d
                                      • Instruction ID: f68144ba45026b05f4e6757e8b09a86ada977a470c08f97325e7baaa424b15ea
                                      • Opcode Fuzzy Hash: df7a9df6b0b9fda30ece5e4e5d0d3cbb8e76150572e7dd5e5cb04178948f318d
                                      • Instruction Fuzzy Hash: 5521B076600204AFEB20DB24DD45FABFBE8EF44614F0488AAED49CB641D674E5188AB1
                                      Function 00C0B212 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 00C0B291
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: Open
                                      • String ID:
                                      • API String ID: 71445658-0
                                      • Opcode ID: ebaa3005c7ae1ce45eebbaa053f84d17d7cf8607b9a63e051d75569ef97af6ef
                                      • Instruction ID: f8bc46ba3298b026f1bc4f8d517055b64997b82744c6e0b77c16090fba11b5e5
                                      • Opcode Fuzzy Hash: ebaa3005c7ae1ce45eebbaa053f84d17d7cf8607b9a63e051d75569ef97af6ef
                                      • Instruction Fuzzy Hash: 0D219F72500304AEEB30DF55CD45FABFBACEF19314F04886AE9458A692D734E918CAB1
                                      Function 00C0AC37 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetFileType.KERNELBASE(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 00C0ACBD
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: FileType
                                      • String ID:
                                      • API String ID: 3081899298-0
                                      • Opcode ID: 4b49b1924b8d285b6cfbd594a6d68ba526ac65d39afb0948e2fb17cbab84abe2
                                      • Instruction ID: 2a870fd715b698d5b61ddfb478d3e411401c839c7bb6befedf5dbdbe21ef5ccd
                                      • Opcode Fuzzy Hash: 4b49b1924b8d285b6cfbd594a6d68ba526ac65d39afb0948e2fb17cbab84abe2
                                      • Instruction Fuzzy Hash: 2E21D5B54083806FE7228B15DC40BA6BFB8DF47314F0984DAE9848F293D274AD09D772
                                      Function 00C0A9BF Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetErrorMode.KERNELBASE(?), ref: 00C0AA44
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: ErrorMode
                                      • String ID:
                                      • API String ID: 2340568224-0
                                      • Opcode ID: 17ff563ada8f48e047ab657ca78966adc628368f803a757d67383e7293d0b445
                                      • Instruction ID: a22a2adaf434b4c990604171cf959cabae380709489a8bf85056ca2dfef0fe79
                                      • Opcode Fuzzy Hash: 17ff563ada8f48e047ab657ca78966adc628368f803a757d67383e7293d0b445
                                      • Instruction Fuzzy Hash: 1121486550E3C0AFD7138B258C64A51BFB4AF53624F0E80DBD9848F6A3D2685D09CB72
                                      Function 054C29C7 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetProcessWorkingSetSize.KERNEL32(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 054C2A43
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: ProcessSizeWorking
                                      • String ID:
                                      • API String ID: 3584180929-0
                                      • Opcode ID: c3eebca87a22720d64f9838ed2cbfb94c1db206fad1eb9fb423d590de463ef75
                                      • Instruction ID: a991b0f627469374fecf1407bb0ba966fa8150d08e4ad1e5db2767584dbd4c9f
                                      • Opcode Fuzzy Hash: c3eebca87a22720d64f9838ed2cbfb94c1db206fad1eb9fb423d590de463ef75
                                      • Instruction Fuzzy Hash: E021D4755093846FD721CB15CC44FABBFB8EF46314F0888ABE984DB252D274A908CBB1
                                      Function 054C28E3 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetProcessWorkingSetSize.KERNEL32(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 054C295F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: ProcessSizeWorking
                                      • String ID:
                                      • API String ID: 3584180929-0
                                      • Opcode ID: c3eebca87a22720d64f9838ed2cbfb94c1db206fad1eb9fb423d590de463ef75
                                      • Instruction ID: a1a09e34cc88c35fae62c2237fcc17dfcb8d6038fe72c2e2143dac050b460ce3
                                      • Opcode Fuzzy Hash: c3eebca87a22720d64f9838ed2cbfb94c1db206fad1eb9fb423d590de463ef75
                                      • Instruction Fuzzy Hash: 1D21C5755083806FD721CB15CC44FA7BFB8EF46214F0884ABE984CF252D274A908CB72
                                      Function 00C0B06A Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateMutexW.KERNELBASE(?,?), ref: 00C0B0DD
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: CreateMutex
                                      • String ID:
                                      • API String ID: 1964310414-0
                                      • Opcode ID: 51b3f43cdd5896ffa92a82655403029904c67d92ed7c571f5e4a3a080ae5d952
                                      • Instruction ID: 6368e4bca04b1f4471e2ceb7ea1dc654fbc383c66bc6e5b8474f2436d54b87d0
                                      • Opcode Fuzzy Hash: 51b3f43cdd5896ffa92a82655403029904c67d92ed7c571f5e4a3a080ae5d952
                                      • Instruction Fuzzy Hash: 642150B16002449FEB20DF65DD45BAAFBE8EF09314F048869E9498B782D775E908CB71
                                      Function 054C101D Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                      Download Yara Rule
                                      APIs
                                      • shutdown.WS2_32(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 054C10A0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: shutdown
                                      • String ID:
                                      • API String ID: 2510479042-0
                                      • Opcode ID: dbb195f577ec0981ec311bfe61d09c1a721d0a9df57d27102a645c78209328e1
                                      • Instruction ID: 5b4cf18856a2f34f25cb078fddcf8e33c68dffabb9260aea5fa020c0f0462512
                                      • Opcode Fuzzy Hash: dbb195f577ec0981ec311bfe61d09c1a721d0a9df57d27102a645c78209328e1
                                      • Instruction Fuzzy Hash: 21219871409384AFD7228B55CC45F96FFB8EF46214F0884DBE9849F653D278A948C771
                                      Function 00C0A140 Relevance: 1.6, APIs: 1, Instructions: 71networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: send
                                      • String ID:
                                      • API String ID: 2809346765-0
                                      • Opcode ID: ae3da315f953f8fb063e476f535defa71c56c30c7f4c6f62e3ba2ac876728865
                                      • Instruction ID: ebad62affc405f2aabb23de7174967e82a3f8fea77b908549a569c0ebea7a5ca
                                      • Opcode Fuzzy Hash: ae3da315f953f8fb063e476f535defa71c56c30c7f4c6f62e3ba2ac876728865
                                      • Instruction Fuzzy Hash: 2D21AC7240D7C09FDB238B20CC54A52BFB4EF07210F0988DBD9848F5A3D269A909CB62
                                      Function 00C0B31A Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegQueryValueExW.KERNELBASE(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 00C0B394
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: QueryValue
                                      • String ID:
                                      • API String ID: 3660427363-0
                                      • Opcode ID: 75e95dfc604d57ba8d9b8714f6ce7fbb48ab968101683fc6cbebcaaca15efe72
                                      • Instruction ID: 1cbd23b47cee2404c92589d0b46bed8f86df3a489db8bc65568473846b5a39c1
                                      • Opcode Fuzzy Hash: 75e95dfc604d57ba8d9b8714f6ce7fbb48ab968101683fc6cbebcaaca15efe72
                                      • Instruction Fuzzy Hash: 4E216D75600304AEEB30CE55CD44FA6F7ECEF04714F18846AE9498B6A1DB70ED08CAB1
                                      Function 054C235B Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                      Download Yara Rule
                                      APIs
                                      • ioctlsocket.WS2_32(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 054C23D7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: ioctlsocket
                                      • String ID:
                                      • API String ID: 3577187118-0
                                      • Opcode ID: e7d13bd897c58c3895807ff15e866e5585c5b2ae289086bf91a4c791bf1ba712
                                      • Instruction ID: bcd75acfe441fac242ad3fcb1b661ec3332d597c50c13ae50b36cf411553c7f0
                                      • Opcode Fuzzy Hash: e7d13bd897c58c3895807ff15e866e5585c5b2ae289086bf91a4c791bf1ba712
                                      • Instruction Fuzzy Hash: 3921A4754093846FD721CF54DC44FA6BFB8EF46314F0888EBE9849B652D274A908C7B5
                                      Function 054C0752 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WSASocketW.WS2_32(?,?,?,?,?), ref: 054C07BE
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: Socket
                                      • String ID:
                                      • API String ID: 38366605-0
                                      • Opcode ID: 4ad78ac3fd1520e7a9cc162503fc1f1a8aa1274d06fc3080183b2b33475c0fcb
                                      • Instruction ID: cca16ec259f2a07c0fe6e177035a5a2b9ed84da4bb57c7d4bfaefe54ffa0e020
                                      • Opcode Fuzzy Hash: 4ad78ac3fd1520e7a9cc162503fc1f1a8aa1274d06fc3080183b2b33475c0fcb
                                      • Instruction Fuzzy Hash: C721C271500300AFEB21DF55DD45FAAFBE4EF09314F0488AEE9498AA52D375E509CB71
                                      Function 054C15AE Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 054C162A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: Connect
                                      • String ID:
                                      • API String ID: 3144859779-0
                                      • Opcode ID: 8910dea1417c8b990a604096f788656214ac586eb8522fa712f523b03653cfa7
                                      • Instruction ID: 48f43017535d639f662fd228b168777ba20464f126d7eac00493258fc9ed8970
                                      • Opcode Fuzzy Hash: 8910dea1417c8b990a604096f788656214ac586eb8522fa712f523b03653cfa7
                                      • Instruction Fuzzy Hash: A4219275508380AFDB228F51DC44BA2FFF4EF46210F0885DEE9858B663D275A819DB61
                                      Function 054C0DA6 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: FileView
                                      • String ID:
                                      • API String ID: 3314676101-0
                                      • Opcode ID: fc8cfcf464788cdaf4974969b3b5d530f132374b016ebded985030beafba4fc5
                                      • Instruction ID: c037d066fd9169ffa26a5103b5d5fb9d0e79b15ca256c7d332bea408bd598708
                                      • Opcode Fuzzy Hash: fc8cfcf464788cdaf4974969b3b5d530f132374b016ebded985030beafba4fc5
                                      • Instruction Fuzzy Hash: 8E218E71500204AFEB21CF15DD45FAAFBE8EF0A324F0488AEE9498A651D375E509CBA1
                                      Function 00C0B4F6 Relevance: 1.6, APIs: 1, Instructions: 66windowtimeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageTimeoutA.USER32(?,00000E24), ref: 00C0B571
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: MessageSendTimeout
                                      • String ID:
                                      • API String ID: 1599653421-0
                                      • Opcode ID: 207f6226ffa646aeb8177073385a992fd933909b3f7a878b4e09451230c9c2b2
                                      • Instruction ID: 1df0feca42c6b47ed620b23c1f350b44ed78472ae04cf0898ce62544281d7bbe
                                      • Opcode Fuzzy Hash: 207f6226ffa646aeb8177073385a992fd933909b3f7a878b4e09451230c9c2b2
                                      • Instruction Fuzzy Hash: 6E21C371500300AFEB31CF55CD41FA6FBA8EF04314F148869E9459A691D375A908CB71
                                      Function 054C186A Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryA.KERNELBASE(?,00000E24), ref: 054C18F3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: 6d8c869ceb62c43b9f1aba3596a1a2362f9bf17ed273aa18ddff18abe4bc4ddb
                                      • Instruction ID: 68e460069fe4e60a9603ace3cbf52da273c488e9cd841425528230ae1c61f16b
                                      • Opcode Fuzzy Hash: 6d8c869ceb62c43b9f1aba3596a1a2362f9bf17ed273aa18ddff18abe4bc4ddb
                                      • Instruction Fuzzy Hash: 6311E4710043406FE721CB11DC85FA6FFB8DF46320F0884DAF9889F292D274A948CB62
                                      Function 00C0B40E Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegSetValueExW.KERNELBASE(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 00C0B480
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: Value
                                      • String ID:
                                      • API String ID: 3702945584-0
                                      • Opcode ID: 77b64623acc5808e8288a64ff174549c45ff8993212f7f6d601e14b168ec94ca
                                      • Instruction ID: 10f597cc91c337ce9094b7faa85fe0719b7c13b003f6f9aa91333119bc1eb397
                                      • Opcode Fuzzy Hash: 77b64623acc5808e8288a64ff174549c45ff8993212f7f6d601e14b168ec94ca
                                      • Instruction Fuzzy Hash: 8811AC76500704AFEB30CE55CD40FA6FBACEF04714F04886AE9459A692D774EA08CAB1
                                      Function 054C0B0A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegQueryValueExW.KERNELBASE(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 054C0B7C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: QueryValue
                                      • String ID:
                                      • API String ID: 3660427363-0
                                      • Opcode ID: 7eb8ca119fc39960d54463c7414fbd5c12042ac97e659cee8e25df932266b332
                                      • Instruction ID: 2a6eea507e610a6a095bb02c545b785d4e9777189337c5bc416fbcec0a98ed86
                                      • Opcode Fuzzy Hash: 7eb8ca119fc39960d54463c7414fbd5c12042ac97e659cee8e25df932266b332
                                      • Instruction Fuzzy Hash: 4D11AE75100600AEDB30CE55CC88FABFBE8AF44314F0484AAE9498A652E320E408CA71
                                      Function 00C0B7B5 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetFileAttributesW.KERNELBASE(?,?), ref: 00C0B81F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: AttributesFile
                                      • String ID:
                                      • API String ID: 3188754299-0
                                      • Opcode ID: 2a4211dd27a066780ed0c57fb0b2548b26b1cc8a76db85df34dd8b4875d928af
                                      • Instruction ID: ff7559282092c19a4ee4f65cb050f98f0c1ad66922486166c307f8ba69ffd23a
                                      • Opcode Fuzzy Hash: 2a4211dd27a066780ed0c57fb0b2548b26b1cc8a76db85df34dd8b4875d928af
                                      • Instruction Fuzzy Hash: AF2190715093C05FDB11CB25DC45B96BFE8EF06210F0984DAD989CF2A3D265A945CB61
                                      Function 054C1312 Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetProcessTimes.KERNELBASE(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 054C1371
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: ProcessTimes
                                      • String ID:
                                      • API String ID: 1995159646-0
                                      • Opcode ID: 43048607ab1297bacd159e3bc1e605ccfc1613268416ad6f2a2575a448705b43
                                      • Instruction ID: ec1c83c3a9a223b17b26b13eff8e6a6333942108140db9c9bc79048c32349c46
                                      • Opcode Fuzzy Hash: 43048607ab1297bacd159e3bc1e605ccfc1613268416ad6f2a2575a448705b43
                                      • Instruction Fuzzy Hash: 3211D376500300AFEB31CF55DD44FAAFBA8EF44314F0488AAE9498AA52D774A508CBB1
                                      Function 054C2906 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetProcessWorkingSetSize.KERNEL32(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 054C295F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: ProcessSizeWorking
                                      • String ID:
                                      • API String ID: 3584180929-0
                                      • Opcode ID: 95b35247fcd398ba30108eec1488ab66433972a912b87311d2c5cb07076752fe
                                      • Instruction ID: c440994888bfb53d5f776ac0b46eb06a53622cbe00b7cfaaff35e165936fdb6c
                                      • Opcode Fuzzy Hash: 95b35247fcd398ba30108eec1488ab66433972a912b87311d2c5cb07076752fe
                                      • Instruction Fuzzy Hash: 25110875604300AFEB20CF15CD44FAAFBA8EF45324F0488BAE948CF641D7B4A504CAB1
                                      Function 054C29EA Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetProcessWorkingSetSize.KERNEL32(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 054C2A43
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: ProcessSizeWorking
                                      • String ID:
                                      • API String ID: 3584180929-0
                                      • Opcode ID: 95b35247fcd398ba30108eec1488ab66433972a912b87311d2c5cb07076752fe
                                      • Instruction ID: 39fc3d2df4be199a8631ebf6c5cd594a5e73f0e93d4e2b3a73c64b7ce7ddd0c6
                                      • Opcode Fuzzy Hash: 95b35247fcd398ba30108eec1488ab66433972a912b87311d2c5cb07076752fe
                                      • Instruction Fuzzy Hash: E411E675504200AFEB30CF14CD44BAAFBA8EF45314F0484AAE948CB741D6B5A9048BB1
                                      Function 00C0A573 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                      Download Yara Rule
                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00C0A5DE
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: 4b85bcb92e1110027b18c828415ce3b317074318fb9d9d03e01114e089c2cf6a
                                      • Instruction ID: 7f591cccb8d2bccbbc802d5e1b80252e51ab7b51343757cb98088b78177d5194
                                      • Opcode Fuzzy Hash: 4b85bcb92e1110027b18c828415ce3b317074318fb9d9d03e01114e089c2cf6a
                                      • Instruction Fuzzy Hash: 60118771409780AFDB228F51DC44A62FFF4EF4A710F0888DAED858B552D275A918DB72
                                      Function 054C282A Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetExitCodeProcess.KERNELBASE(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 054C2880
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: CodeExitProcess
                                      • String ID:
                                      • API String ID: 3861947596-0
                                      • Opcode ID: 7219c52716dfff265dfa89b21a4cbd89c73c0868b6b5adaf73b4d7e0446ad506
                                      • Instruction ID: a6a7c5c4d2f5ae97ee6e3578a1d4cae44762e11577fda7b00c7af811bb64a54f
                                      • Opcode Fuzzy Hash: 7219c52716dfff265dfa89b21a4cbd89c73c0868b6b5adaf73b4d7e0446ad506
                                      • Instruction Fuzzy Hash: 6011C475504200AFEB20CF15DD45BAAFB98EF45324F0488AAE948CB641D7B4A9088AB1
                                      Function 00C0AEAE Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WriteFile.KERNELBASE(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 00C0AF0D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: FileWrite
                                      • String ID:
                                      • API String ID: 3934441357-0
                                      • Opcode ID: afc8a792f2df601e729bf5badd22c26ae92cf8fe431542de2d9e8b1dbb137e5c
                                      • Instruction ID: e166fe83b9339892352e294ba0b4fac88ffe57b7408ded0e078a944bdbe1a66d
                                      • Opcode Fuzzy Hash: afc8a792f2df601e729bf5badd22c26ae92cf8fe431542de2d9e8b1dbb137e5c
                                      • Instruction Fuzzy Hash: E311B271500300AFEB31CF95DD44FAAFBE8EF08314F04886AEA499B651D774A508CBB2
                                      Function 054C237E Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                      Download Yara Rule
                                      APIs
                                      • ioctlsocket.WS2_32(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 054C23D7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: ioctlsocket
                                      • String ID:
                                      • API String ID: 3577187118-0
                                      • Opcode ID: f71ad9e5a3e52d51e7ff178543e04875a1944485cc4087e240b60113796e81ce
                                      • Instruction ID: 80b67ed2f81cbc59307ff75dfe38d9afc35cf37d03d15fe047d568dedf206cf4
                                      • Opcode Fuzzy Hash: f71ad9e5a3e52d51e7ff178543e04875a1944485cc4087e240b60113796e81ce
                                      • Instruction Fuzzy Hash: E011E775504300AFEB30CF55DD44FA6FBA8EF44314F0488AAED889F651D3B4A508CAB5
                                      Function 054C104A Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                      Download Yara Rule
                                      APIs
                                      • shutdown.WS2_32(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 054C10A0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: shutdown
                                      • String ID:
                                      • API String ID: 2510479042-0
                                      • Opcode ID: 22c2237373fd1768cc66164fa1a67b854f5050f70a84b1d776bc4232547c0126
                                      • Instruction ID: d43acb6eb97ed6b6557f46e59eeae42fdcfb586d497463d0965fdc3867741ac4
                                      • Opcode Fuzzy Hash: 22c2237373fd1768cc66164fa1a67b854f5050f70a84b1d776bc4232547c0126
                                      • Instruction Fuzzy Hash: 81110A75500244AFEB30CF15CD45FAAFB98DF45314F0484AAED488FB42D274A505CAB1
                                      Function 054C188A Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryA.KERNELBASE(?,00000E24), ref: 054C18F3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: 7e51b7c4ef8bdbf930a8397ea2577e9e74df2d075265c0b69bfa52062fcf2ba1
                                      • Instruction ID: b31d9525c7e619c3f36b20a2987303ca56e7b3c6b7977c0894b4e7157f865435
                                      • Opcode Fuzzy Hash: 7e51b7c4ef8bdbf930a8397ea2577e9e74df2d075265c0b69bfa52062fcf2ba1
                                      • Instruction Fuzzy Hash: 9011E575500304AEEB30CB15DD81FF6FBA8DF45724F0484AAED485E782D2B4E908CAB1
                                      Function 054C245A Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: select
                                      • String ID:
                                      • API String ID: 1274211008-0
                                      • Opcode ID: 58679eb8ff378e8286210702940491f0f113fa7a79e47330bf2bb0cd7399e42b
                                      • Instruction ID: 991ee84b8be7a311c544ec77bbbf82f13824154bb8bf16ee45ec0e0aeb28cd6c
                                      • Opcode Fuzzy Hash: 58679eb8ff378e8286210702940491f0f113fa7a79e47330bf2bb0cd7399e42b
                                      • Instruction Fuzzy Hash: A1115E796046009FDB60CF19D984BA6FBE8FF44210F0884EADD89CB651D3B4E408DB71
                                      Function 00C0B9F2 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CopyFileW.KERNELBASE(?,?,?), ref: 00C0BA3A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: CopyFile
                                      • String ID:
                                      • API String ID: 1304948518-0
                                      • Opcode ID: 827677a519995fdd50a9460439801ed1f39f71c6cbff0043ca578cbb5118ea4d
                                      • Instruction ID: dc8565bc66b2f1db50ec2324c50b990536e8bc3bf600cf14a3a76d1db91a92a1
                                      • Opcode Fuzzy Hash: 827677a519995fdd50a9460439801ed1f39f71c6cbff0043ca578cbb5118ea4d
                                      • Instruction Fuzzy Hash: 0B113C716042409FDB60CF29D985B66FBE8EF14720F0884AADD49CB792E774E904DA61
                                      Function 00C0AC6A Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetFileType.KERNELBASE(?,00000E24,18BD6FD7,00000000,00000000,00000000,00000000), ref: 00C0ACBD
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: FileType
                                      • String ID:
                                      • API String ID: 3081899298-0
                                      • Opcode ID: 2fe735e15702fcc313cd8016f8fdbc96db36c9b040a7de087cc1e93bfb8b0506
                                      • Instruction ID: 3d7640c99d63855bdc06b3eb724544772b36e53c1d343f315bd63c1907d886e8
                                      • Opcode Fuzzy Hash: 2fe735e15702fcc313cd8016f8fdbc96db36c9b040a7de087cc1e93bfb8b0506
                                      • Instruction Fuzzy Hash: C301C471504304AFEB20CB05DD85BA6F7A8DF45724F1484A6ED088B791D675E908CAB2
                                      Function 00C0B90C Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: CloseFind
                                      • String ID:
                                      • API String ID: 1863332320-0
                                      • Opcode ID: c7f963ab321d06e269432ec257d018f31b8e4d999048c719ee99743c94ed315e
                                      • Instruction ID: bad11a0105760d1d808ffe77ccebc2eafa96b14c2f24f7006f6ea1db8628a62c
                                      • Opcode Fuzzy Hash: c7f963ab321d06e269432ec257d018f31b8e4d999048c719ee99743c94ed315e
                                      • Instruction Fuzzy Hash: E01182755093809FDB228B15DC84B56FFB4DF46220F0880DAED858B692D265AD08CB62
                                      Function 00C0B718 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                      Download Yara Rule
                                      APIs
                                      • WaitForInputIdle.USER32(?,?), ref: 00C0B76F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: IdleInputWait
                                      • String ID:
                                      • API String ID: 2200289081-0
                                      • Opcode ID: f39fc9e6627580285f3b18e5a9ec0e3f722f2aa985ba9b5ebacc37a6e935ecff
                                      • Instruction ID: 37d30aba8ac0eb2e77739d6246d7201a15f95d1125a45c824b906ec2c5626639
                                      • Opcode Fuzzy Hash: f39fc9e6627580285f3b18e5a9ec0e3f722f2aa985ba9b5ebacc37a6e935ecff
                                      • Instruction Fuzzy Hash: 0F119E714083809FDB21CF15DC84B56FFA4EF46320F09849AED888F262D279A908CB72
                                      Function 054C15DE Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 054C162A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: Connect
                                      • String ID:
                                      • API String ID: 3144859779-0
                                      • Opcode ID: 4156e933fa6fbf0647a44ea10939b9327b43281afef730adb21ef6675a8afc36
                                      • Instruction ID: 28bd8d0c3f0938df983a807ac1198b67a76b4e957a86a703ba8d694cbe47568a
                                      • Opcode Fuzzy Hash: 4156e933fa6fbf0647a44ea10939b9327b43281afef730adb21ef6675a8afc36
                                      • Instruction Fuzzy Hash: 1711A0756006009FDB20CF55C884BA6FBE4FF48210F0888AEDD898B612D335E408CF61
                                      Function 00C0B7E2 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetFileAttributesW.KERNELBASE(?,?), ref: 00C0B81F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: AttributesFile
                                      • String ID:
                                      • API String ID: 3188754299-0
                                      • Opcode ID: f43ec5914c3983aba2727f8e451b4817b1110b4d10c4a670f7fdcb270786f986
                                      • Instruction ID: 0c604d0a235f63531565d86da8808168b0db714a328540ea60fe576b0375fb3a
                                      • Opcode Fuzzy Hash: f43ec5914c3983aba2727f8e451b4817b1110b4d10c4a670f7fdcb270786f986
                                      • Instruction Fuzzy Hash: 7C019271A042449FEB20CF19D985766FBE8EF04724F08C9AADD49CB792D374E904CA61
                                      Function 00C0A59A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                      Download Yara Rule
                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00C0A5DE
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: 49432a8c9743fd13a5c2d9330b1f0f9dbab74c758ef31207cd7eeb945256e1fb
                                      • Instruction ID: 2963b5028139e6429e02c6d18b853e7317401a75b5b0c2217fe329fbade1715b
                                      • Opcode Fuzzy Hash: 49432a8c9743fd13a5c2d9330b1f0f9dbab74c758ef31207cd7eeb945256e1fb
                                      • Instruction Fuzzy Hash: 45018E714007009FDB208F55D944B66FBE0EF08710F0888AAEE894AA51D236E414DF62
                                      Function 00C0A72E Relevance: 1.5, APIs: 1, Instructions: 43comclipboardCOMMON
                                      Download Yara Rule
                                      APIs
                                      • OleGetClipboard.OLE32(?,00000E24,?,?), ref: 00C0A77E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: Clipboard
                                      • String ID:
                                      • API String ID: 220874293-0
                                      • Opcode ID: 8b89722ac39f818ceb9a4068dd2d95b3a3a4b163b14bedb058a99be6fd7abc35
                                      • Instruction ID: 747bd73b710115620a2bb37d81906b03444241ddff8c72ba8dd82cbf044b6358
                                      • Opcode Fuzzy Hash: 8b89722ac39f818ceb9a4068dd2d95b3a3a4b163b14bedb058a99be6fd7abc35
                                      • Instruction Fuzzy Hash: CC01D671540601AFD310DF1ACD46B66FBE8FB89A20F148159ED089BB41D731F915CBE5
                                      Function 054C06B6 Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 054C0706
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127897564.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_54c0000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: QueryValue
                                      • String ID:
                                      • API String ID: 3660427363-0
                                      • Opcode ID: cedf67e6faa49a526765075a1ca41eb92aa651c4179f1b755cf70c4b05994332
                                      • Instruction ID: 6dadeb4bc64fec0b0077aeb9b364b4ff9a98e88fac374be85db4e4fd3705fae7
                                      • Opcode Fuzzy Hash: cedf67e6faa49a526765075a1ca41eb92aa651c4179f1b755cf70c4b05994332
                                      • Instruction Fuzzy Hash: D401F271500200ABC210DF0ACC46B66FBE8FB89A20F14811AED088BB42D331F915CBE1
                                      Function 00C0A186 Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: send
                                      • String ID:
                                      • API String ID: 2809346765-0
                                      • Opcode ID: a5d6dde8e79903e4d2031d06a13e104e107024402a59beb257a846c506ef69e2
                                      • Instruction ID: dac03e1bc289f606bf9b6a8b3d3f08b571ef72f8d6240addfaf96c1cf0e107e3
                                      • Opcode Fuzzy Hash: a5d6dde8e79903e4d2031d06a13e104e107024402a59beb257a846c506ef69e2
                                      • Instruction Fuzzy Hash: D6019E71504340DFDB20CF55D944B6AFBE0EF08320F0888AADD898FA52D275A508DFB2
                                      Function 00C0B73A Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                      Download Yara Rule
                                      APIs
                                      • WaitForInputIdle.USER32(?,?), ref: 00C0B76F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: IdleInputWait
                                      • String ID:
                                      • API String ID: 2200289081-0
                                      • Opcode ID: 36145064530edb99f6ebdea66ed03bbe16d361e4e58c4450b11fa84ccddd1252
                                      • Instruction ID: 52ed2b44daeedba8cfa298bff3b105afd0e963c0eae62e54b578fa6ba1cf726a
                                      • Opcode Fuzzy Hash: 36145064530edb99f6ebdea66ed03bbe16d361e4e58c4450b11fa84ccddd1252
                                      • Instruction Fuzzy Hash: B3018F719042409FDB20CF19D984B65FBE4EF44320F08C8AADD488F796D379E904CAB1
                                      Function 00C0B92E Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: CloseFind
                                      • String ID:
                                      • API String ID: 1863332320-0
                                      • Opcode ID: 64f424fd56f4b8f7e225841de89388c7d6d612583415c717664101d22f36a7bc
                                      • Instruction ID: ccbc7897c8ca07c64f79b7c29095c1091d143259a5a52371833d4900c1665f3c
                                      • Opcode Fuzzy Hash: 64f424fd56f4b8f7e225841de89388c7d6d612583415c717664101d22f36a7bc
                                      • Instruction Fuzzy Hash: 8F01D1755042408FDB20CF1AD984765FBE4DF04320F08C0AADE498BB92D375EC08DEA2
                                      Function 00C0AA12 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetErrorMode.KERNELBASE(?), ref: 00C0AA44
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: ErrorMode
                                      • String ID:
                                      • API String ID: 2340568224-0
                                      • Opcode ID: a3af09a1e005f8f13a0026eb21bfd21d6a37fb096ae1a8cf6bcde3b0a6531719
                                      • Instruction ID: 80d57cfb60bfc52423f27fe532f3f31da45f83bdbf876e2866f68af5a22200dc
                                      • Opcode Fuzzy Hash: a3af09a1e005f8f13a0026eb21bfd21d6a37fb096ae1a8cf6bcde3b0a6531719
                                      • Instruction Fuzzy Hash: 34F0AF756043449FDB208F16DA84B65FBE4EF04724F08C0AADD494FB92D279E908DEA2
                                      Function 00C0AB7C Relevance: 1.3, APIs: 1, Instructions: 68COMMON
                                      Download Yara Rule
                                      APIs
                                      • CloseHandle.KERNELBASE(?), ref: 00C0ABF0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID:
                                      • API String ID: 2962429428-0
                                      • Opcode ID: 81212a5adda9e20954228301482711893664f6bee629a1a5d402f980e121ecb1
                                      • Instruction ID: 55aece38718a957ef91403b744ea7d1b2e66f4d49cef693bc9f4752a6ad76415
                                      • Opcode Fuzzy Hash: 81212a5adda9e20954228301482711893664f6bee629a1a5d402f980e121ecb1
                                      • Instruction Fuzzy Hash: 6321F3B15093809FD7128F25DD91752BFB8EF06320F0984DAED858F2A3D2359908CB62
                                      Function 00C0A61E Relevance: 1.3, APIs: 1, Instructions: 63COMMON
                                      Download Yara Rule
                                      APIs
                                      • CloseHandle.KERNELBASE(?), ref: 00C0A690
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID:
                                      • API String ID: 2962429428-0
                                      • Opcode ID: b669f09b1a52e2d07b35efc3c64c6471a2d366650661b28b3c84f59c94a90101
                                      • Instruction ID: df31830812648d8665e16ac5a50b43087857beafce500c042ef69da3425884ff
                                      • Opcode Fuzzy Hash: b669f09b1a52e2d07b35efc3c64c6471a2d366650661b28b3c84f59c94a90101
                                      • Instruction Fuzzy Hash: 94214D715093C45FDB128B25DD94752BFB4DF47220F0984DBE9849F1A3D2655908CBB2
                                      Function 00C0ABBE Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                      Download Yara Rule
                                      APIs
                                      • CloseHandle.KERNELBASE(?), ref: 00C0ABF0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID:
                                      • API String ID: 2962429428-0
                                      • Opcode ID: 2295f0e7f64daa8bec39874bbb623aa2f886b10519bacf3ecebbf3d3e12900b6
                                      • Instruction ID: c23a33f2b868ec4d55a8f1619b0dd434149400c7dac2d033de09d570393cc0ff
                                      • Opcode Fuzzy Hash: 2295f0e7f64daa8bec39874bbb623aa2f886b10519bacf3ecebbf3d3e12900b6
                                      • Instruction Fuzzy Hash: 510184715043449FEB20CF16D985765FBE4DF04320F08C4AADD498F796D275E904CA62
                                      Function 00C0A65E Relevance: 1.3, APIs: 1, Instructions: 39COMMON
                                      Download Yara Rule
                                      APIs
                                      • CloseHandle.KERNELBASE(?), ref: 00C0A690
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123633274.0000000000C0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c0a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID:
                                      • API String ID: 2962429428-0
                                      • Opcode ID: dfcaa6cc7dd27f9346b9ba3912c3e3936f1c5deef2becabbf702005959ad417c
                                      • Instruction ID: 64f3761f902c8ea7cefdd0ae2cac72c9075e3f29e910c477f36e020f8ba6cfd7
                                      • Opcode Fuzzy Hash: dfcaa6cc7dd27f9346b9ba3912c3e3936f1c5deef2becabbf702005959ad417c
                                      • Instruction Fuzzy Hash: 8C0162715043449FDB20CF55D984765FBE4DF44324F08C4AADD498F756D27AA504CEA2
                                      Function 04D07761 Relevance: 1.2, Instructions: 1241COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 84ea1b1450c32ab0a47e0fc5f2bcaaf52c560cee9f7638de89f20492bf523332
                                      • Instruction ID: cb9dbce5fa25f51863f403922041cd4e685b2c8ad60db67363605db61ccfa717
                                      • Opcode Fuzzy Hash: 84ea1b1450c32ab0a47e0fc5f2bcaaf52c560cee9f7638de89f20492bf523332
                                      • Instruction Fuzzy Hash: DFB28235700255DBEF21AB3DEA007AD77B2FB48308F0484A6A84597BA4DB74AE55DF30
                                      Function 04D077DC Relevance: 1.1, Instructions: 1079COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 89130becedabe643ab0f2853577076d61b781136d2612d5a266311065648dc46
                                      • Instruction ID: b0d7cd336b22867798705ff8347fd291fb601ccfca036aa6387147cafbcd3b4a
                                      • Opcode Fuzzy Hash: 89130becedabe643ab0f2853577076d61b781136d2612d5a266311065648dc46
                                      • Instruction Fuzzy Hash: DF928234700254DBEF216B3DDA107AD77B6BB8830CF148466A44593BA4EB74EE55EB30
                                      Function 04D07816 Relevance: 1.1, Instructions: 1076COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fbb209c503dbc94f4af14aaf8828afa74b6f448561e813f2cb99cfc0236dbab8
                                      • Instruction ID: d0ae3cfaf431d9e8d6cca99f3acaad937ca130b9f108de0cac35f21bee29fcdd
                                      • Opcode Fuzzy Hash: fbb209c503dbc94f4af14aaf8828afa74b6f448561e813f2cb99cfc0236dbab8
                                      • Instruction Fuzzy Hash: F5928234700254DBEF216B3DDA107AD7BB6BB8830CF148466A44593BA4EB74EE55EB30
                                      Function 04D07845 Relevance: 1.1, Instructions: 1075COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: eefcb980b8d44255082cd404779507c699bddaa62f5854eeba0a80a2aa6055ec
                                      • Instruction ID: b1ebf50354eaa2db24d5a98a3a4b812303ab681f2efa31170dae04f61c9b5f56
                                      • Opcode Fuzzy Hash: eefcb980b8d44255082cd404779507c699bddaa62f5854eeba0a80a2aa6055ec
                                      • Instruction Fuzzy Hash: 42928234700254DBEF216B3DDA107AD77B6BB8830CF148466A44593BA4EB74EE55EB30
                                      Function 04D0562A Relevance: 1.0, Instructions: 963COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 55f64f5644231aa99d6dce69fef15a0f05b6b2cdf37ce4360e4763543e0b9b6c
                                      • Instruction ID: 9b94b5d2e337d3d4f9ecbadd747352da0643d76c362437f4cd2eafab97904fd7
                                      • Opcode Fuzzy Hash: 55f64f5644231aa99d6dce69fef15a0f05b6b2cdf37ce4360e4763543e0b9b6c
                                      • Instruction Fuzzy Hash: 0DB22674A01228CFDB25EF34D954BADB7B1BB49308F1081E9D809A77A4DB75AE81CF50
                                      Function 04D057A1 Relevance: .9, Instructions: 906COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 63afec58dfde301b4f581803e9329914bd9fa958bf454b7c2c24911d24562475
                                      • Instruction ID: 1429286377aa96dd7aacd70d8e2c151495e96f35192d17e5d80b6b6574930344
                                      • Opcode Fuzzy Hash: 63afec58dfde301b4f581803e9329914bd9fa958bf454b7c2c24911d24562475
                                      • Instruction Fuzzy Hash: B3A22674A01228CFDB25EF34D954BADB7B1BB49308F1081E9D809A77A4DB75AE81CF50
                                      Function 04D05918 Relevance: .8, Instructions: 849COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 40ffa7ace56d493643e706666a5f515bb890313127a0d1ad786d93b39229a494
                                      • Instruction ID: 1c7b240f7a71ccae1c964567f7fc18aaca3684e906ff8ee74ff6e59ee40f2ef1
                                      • Opcode Fuzzy Hash: 40ffa7ace56d493643e706666a5f515bb890313127a0d1ad786d93b39229a494
                                      • Instruction Fuzzy Hash: 17922674A01228CFDB25EF34D954BADB7B1BB49308F1081E9D809A77A4DB75AE81CF50
                                      Function 04D05A8F Relevance: .8, Instructions: 792COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 306ba635bfaaa1b458efd4e19bc91694241cb98566e66d1bd8f48ddbd466f89c
                                      • Instruction ID: d16845715cc75a38f9424195675220ce866cca7e8df556e32028bfdf0cb6e79f
                                      • Opcode Fuzzy Hash: 306ba635bfaaa1b458efd4e19bc91694241cb98566e66d1bd8f48ddbd466f89c
                                      • Instruction Fuzzy Hash: 03922574A01228CFDB25EF34D954BADB7B1BB49308F1081E9D809A77A4DB75AE81CF50
                                      Function 04D05C06 Relevance: .7, Instructions: 735COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 76b5f414bb168378dcac37eb3dd079993e1835c9240b4421e5ca928b1648123e
                                      • Instruction ID: 05518974bd644347c4e9cc96a644ec885e0249bfc5ca902078956c4145cc1390
                                      • Opcode Fuzzy Hash: 76b5f414bb168378dcac37eb3dd079993e1835c9240b4421e5ca928b1648123e
                                      • Instruction Fuzzy Hash: C3822674A01228CFDB25EF34D954BADB7B1BB49308F1085E9D809A77A4DB35AE81CF50
                                      Function 04D05D7D Relevance: .7, Instructions: 678COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fb12782fe26d52e2003a6385a6bbb77a5dd51e48816d7d068b751a912eba12e3
                                      • Instruction ID: b54c6486935c08d7cf9b546716f83e977ee9796c211e665959a27914b0bb311c
                                      • Opcode Fuzzy Hash: fb12782fe26d52e2003a6385a6bbb77a5dd51e48816d7d068b751a912eba12e3
                                      • Instruction Fuzzy Hash: FF721574A01228CFDB25EF34D954BA9B7B1BB49308F1085E9D809A77A4DB35AE81CF50
                                      Function 04D05EF4 Relevance: .6, Instructions: 621COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b867396dd2e58fc025648c6f2e26e93719df1c1496c4328407ac534a23d5b428
                                      • Instruction ID: b6c4db3c7dc5fc3dd456c5bb4fac8207b632be5af6f99e803db310635a05dfe3
                                      • Opcode Fuzzy Hash: b867396dd2e58fc025648c6f2e26e93719df1c1496c4328407ac534a23d5b428
                                      • Instruction Fuzzy Hash: DE621674A01228CFDB25EF34D954BADB7B1BB49308F1085E9D809A77A4DB35AE81CF50
                                      Function 04D0606B Relevance: .6, Instructions: 564COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 10e7a0373d8306c6505e11f2b0e21fcc96bbd92f6921f3f73669ac0a172be25d
                                      • Instruction ID: a3194f395c9263caf6ac121f799ae8fccd815aadb5895413f912cfaf3591657a
                                      • Opcode Fuzzy Hash: 10e7a0373d8306c6505e11f2b0e21fcc96bbd92f6921f3f73669ac0a172be25d
                                      • Instruction Fuzzy Hash: DF521774A01228CFDB25EF34D954BADB7B5BB49308F1085E9D809A77A4DB35AE81CF40
                                      Function 04D061E2 Relevance: .5, Instructions: 507COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9075d1d6e90869917f9a7de98090f5804d2ec43cdd319a8d4f328886b8e973c6
                                      • Instruction ID: 25eb63083adde7092b24182720320e1a9a55d744e6ada815751ab223af518a73
                                      • Opcode Fuzzy Hash: 9075d1d6e90869917f9a7de98090f5804d2ec43cdd319a8d4f328886b8e973c6
                                      • Instruction Fuzzy Hash: E6420674A01228CFDB25EF34D954BADB7B1BB49308F1085E9D909A77A4DB35AE81CF40
                                      Function 04D03801 Relevance: .5, Instructions: 498COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8efcf032adc5d52814075354d7aacb62b79bea1f77d4c4fada62a5a6e70bbaa3
                                      • Instruction ID: f7f44f8abdbe11be8c89ef894843b24e70a03111ffe949f80c6d35f27caaedde
                                      • Opcode Fuzzy Hash: 8efcf032adc5d52814075354d7aacb62b79bea1f77d4c4fada62a5a6e70bbaa3
                                      • Instruction Fuzzy Hash: 38320530A00328CFDB24EF74D955BADB7B2BB49308F1045A9D509AB7A4DB799E81CF50
                                      Function 04D06359 Relevance: .4, Instructions: 450COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fdd663a837b751da8a043a691cb968d4429d46ef3034b9c5999f472a6ea809f1
                                      • Instruction ID: b0ab955c7903db3ad86725374cee988698465c4769c157709412b81ec7a3162e
                                      • Opcode Fuzzy Hash: fdd663a837b751da8a043a691cb968d4429d46ef3034b9c5999f472a6ea809f1
                                      • Instruction Fuzzy Hash: 2232F474A01228CFDB25EF34D954BADB7B5BB49308F1085E9D909A77A4DB35AE81CF00
                                      Function 04D06483 Relevance: .4, Instructions: 427COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4291ffc378474c2c8fc47a0b7a12634924b7d925542a37dead1db18891fece4c
                                      • Instruction ID: 54a6e24a50fcc8ab744f98e917920ea36a357ee18cee94c4e4a6ffda1d9466df
                                      • Opcode Fuzzy Hash: 4291ffc378474c2c8fc47a0b7a12634924b7d925542a37dead1db18891fece4c
                                      • Instruction Fuzzy Hash: 1222D574A01328CFDB25EF34D994BA9B7B5BB49308F1085E9D909A7794DB35AE81CF00
                                      Function 04D067A9 Relevance: .3, Instructions: 343COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ad2e71588624791e57a40e881c990f457f2cfd70412d093d71a3c6ca8fea1673
                                      • Instruction ID: 674318d3ac4be602f3690ec674238917a26ec540e621dcbab50fff238ebe170e
                                      • Opcode Fuzzy Hash: ad2e71588624791e57a40e881c990f457f2cfd70412d093d71a3c6ca8fea1673
                                      • Instruction Fuzzy Hash: C9020774A01228CFDB25EF34D954BADB7B2BB49308F1085E9D909A77A4DB359E81CF40
                                      Function 04D08D88 Relevance: .3, Instructions: 335COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0b2ba9b9396f64c1aea975a630c8fe833f6e7be93ac1fdc16747c8fac3b408b6
                                      • Instruction ID: 9a9b29706a54aec9cebf7f54e1324f1f8ee22c31989eb625f017a579b5665525
                                      • Opcode Fuzzy Hash: 0b2ba9b9396f64c1aea975a630c8fe833f6e7be93ac1fdc16747c8fac3b408b6
                                      • Instruction Fuzzy Hash: 81D13C31B01304DFCB09EFB5E95176E77B2BF88348B608529E416977A8DF39A941CB90
                                      Function 04D0690A Relevance: .3, Instructions: 287COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a18d58a1885564b0ed7dbb376a86cc0de9bf80b3743a656c5935e0e0a14ba488
                                      • Instruction ID: 611114241cb69ac0c94f2a46a53f6c89ca3ac2792d3ae5d2ead0573a8c9f4532
                                      • Opcode Fuzzy Hash: a18d58a1885564b0ed7dbb376a86cc0de9bf80b3743a656c5935e0e0a14ba488
                                      • Instruction Fuzzy Hash: 82D11974A01228CFDB25EF34D954BADB7B2BB49308F1085E9D509A77A4DB359E81CF40
                                      Function 04D07328 Relevance: .3, Instructions: 287COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 182033fb7e11aea91af7afd414119c98e33a773e15fa4317eed5f552d317194a
                                      • Instruction ID: 74f8a3b19be8330ce6b71e5735ea7df012611f943f164a3774c7f6a1a2f788de
                                      • Opcode Fuzzy Hash: 182033fb7e11aea91af7afd414119c98e33a773e15fa4317eed5f552d317194a
                                      • Instruction Fuzzy Hash: ABA1AC317003008BDB24AB39DA49BAD32E2BB85358F548A38D412DF7D5EB79F845CB61
                                      Function 04D0717B Relevance: .3, Instructions: 267COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7e15e68d97f76c96085a43869a31aec07937547f8f5291c6667b91a4dec8ad95
                                      • Instruction ID: c23145914e487df2b695a4fdafe2f2926918cec906f9254dce71d9ee094755ae
                                      • Opcode Fuzzy Hash: 7e15e68d97f76c96085a43869a31aec07937547f8f5291c6667b91a4dec8ad95
                                      • Instruction Fuzzy Hash: 3EA1CE307003008FDB15EB39C944BAD3BE2AB89318F588579D405DB2E5EB39E946CBA1
                                      Function 04D08E8D Relevance: .2, Instructions: 232COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f5a184401b61f95a796559c317f225e9b2e3f3206e88d5e724a0dee0e7513dae
                                      • Instruction ID: 6ede8107bfdfd54c1c31cac00d1e8ee6c22dc8873140a69f447d22af5fbff31d
                                      • Opcode Fuzzy Hash: f5a184401b61f95a796559c317f225e9b2e3f3206e88d5e724a0dee0e7513dae
                                      • Instruction Fuzzy Hash: B2914A30B01304EFCB19AF75E95176D77B2BF88308B608529E415977A8DF3AA841CF90
                                      Function 04D06A6B Relevance: .2, Instructions: 231COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f828f6b832b3f0918aa493b95c7534994ccd577b652d64a6bd986d3398427b52
                                      • Instruction ID: 08c98deec27836c24719bb73b5e20e1f13159aade80a7e303b79d907371f1da6
                                      • Opcode Fuzzy Hash: f828f6b832b3f0918aa493b95c7534994ccd577b652d64a6bd986d3398427b52
                                      • Instruction Fuzzy Hash: 1AB14B70A012288FDB25EB34C954BAD77B2BF89308F5085EDD509AB394DB399E81CF50
                                      Function 04D08EEB Relevance: .2, Instructions: 221COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: db28d508c3a44ad0443be3eab4d834f8c093ac5fdc488e6b6b656321b749157c
                                      • Instruction ID: 096c11d07175be83214679188dd9509aaf0bd3d68686157a192704c0a8bafd61
                                      • Opcode Fuzzy Hash: db28d508c3a44ad0443be3eab4d834f8c093ac5fdc488e6b6b656321b749157c
                                      • Instruction Fuzzy Hash: B1913A30B01304DFCB19AF75E95176D73B2BF88308B608569E4159BBA8DF3AA951CF90
                                      Function 04D08F3B Relevance: .2, Instructions: 214COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8a8bcf5d710a47b00c5933872c4424a32649f54bbe9bf4197b25329d7d84196c
                                      • Instruction ID: 786a975553156d082d86f5d1a0d60641a817db4510a3092c1894f4071e58a5e0
                                      • Opcode Fuzzy Hash: 8a8bcf5d710a47b00c5933872c4424a32649f54bbe9bf4197b25329d7d84196c
                                      • Instruction Fuzzy Hash: A6813930B01304DFCB19AF75E95176D73B2BF88308B608569E4159BBA8DB3AA941CF90
                                      Function 04D06B55 Relevance: .2, Instructions: 198COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f34de97be443a3a519a922ee647076a9c219b7ae1622e3343e8b8025da9fd0b7
                                      • Instruction ID: adfa0100b600a4f1012302249a4d5aa13560bed7b3152520b28290d8e70e2e87
                                      • Opcode Fuzzy Hash: f34de97be443a3a519a922ee647076a9c219b7ae1622e3343e8b8025da9fd0b7
                                      • Instruction Fuzzy Hash: 47914D70A002248FDB25EB34D955BAD73B2EF88308F1085ED9509AB7A4DF399E81CF50
                                      Function 04D03DCC Relevance: .2, Instructions: 193COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9d6136dc9218431ad5a59f2db111704b8a271e564a6340600cc7c6915f30bd52
                                      • Instruction ID: f9527ff02a62f3034e54a7e8b2cae1ab8cd4cea5406537a19d600101975d3576
                                      • Opcode Fuzzy Hash: 9d6136dc9218431ad5a59f2db111704b8a271e564a6340600cc7c6915f30bd52
                                      • Instruction Fuzzy Hash: BAA1B574A01328CFDB25EF74D951BADB7B2BB48308F1045A9D809AB794DB369E81CF40
                                      Function 04D08FBD Relevance: .2, Instructions: 193COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0cf5dcffc7c9e51f95c58b53bfb7a18053ab2d68d36687993496509a599402bd
                                      • Instruction ID: b360665f74067f8899436fb2ffe8c489a7c09676963efd1845225721216ebb21
                                      • Opcode Fuzzy Hash: 0cf5dcffc7c9e51f95c58b53bfb7a18053ab2d68d36687993496509a599402bd
                                      • Instruction Fuzzy Hash: 9F714B30B01304DFCB19AB79E55176E73B2AF8830CB608579E4059BBA8DB3A9841CF90
                                      Function 04D039BF Relevance: .2, Instructions: 182COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b4add98334c71c3779bfaebfc9d6144b22dd83750bdec85153fe641a04edda97
                                      • Instruction ID: a4a7b6a86f72547fb360d058ba12b69b0ddb9f52caceb681e3e746b11d362ab2
                                      • Opcode Fuzzy Hash: b4add98334c71c3779bfaebfc9d6144b22dd83750bdec85153fe641a04edda97
                                      • Instruction Fuzzy Hash: B8815A30A003588FDB24EFB8C955BEDB7B2BF49308F1085A9D409AB694DB799984CF51
                                      Function 04D06C46 Relevance: .2, Instructions: 163COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 090002492832514a26565fda0c6fc1976b58e5fd4ca11f4a84a1971a8758058a
                                      • Instruction ID: eee6ad36892415a33c8f5700cf1af309e0e192107dddcd102c630ced9af9d2f5
                                      • Opcode Fuzzy Hash: 090002492832514a26565fda0c6fc1976b58e5fd4ca11f4a84a1971a8758058a
                                      • Instruction Fuzzy Hash: DE611E70A00228CFEB25EF34C995BAD77B1AF89308F1085E995096B7D4DB399E81CF50
                                      Function 04D090AD Relevance: .1, Instructions: 146COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2d73d0b5277a738999c8804b4188e8e904646f4f9091bd1ad4d8fb84ca941bc8
                                      • Instruction ID: 13da3b63d3c20e825b9fa1cadaf91fdd4b14c777a3ecf2c4408df77fbc28a832
                                      • Opcode Fuzzy Hash: 2d73d0b5277a738999c8804b4188e8e904646f4f9091bd1ad4d8fb84ca941bc8
                                      • Instruction Fuzzy Hash: 44517030B003049FCF19AB79E95176E73A2AF88348F208579D8159B7E8DF39AD11CB90
                                      Function 04D07706 Relevance: .1, Instructions: 137COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8f92ae24ec32240ebb6f2c4a157d998a4f6c19c9032919f3fafd7f10dc5b406f
                                      • Instruction ID: c36aad8ece40c0c25512a3f24ea45e83ea502f25a3394c3267649711fb90910f
                                      • Opcode Fuzzy Hash: 8f92ae24ec32240ebb6f2c4a157d998a4f6c19c9032919f3fafd7f10dc5b406f
                                      • Instruction Fuzzy Hash: F141AD306013018BEB29EB3AD9057AD36E2BB85358F58C579D451DF2D1EB38F942CB20
                                      Function 04D03B18 Relevance: .1, Instructions: 111COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bb3cb203756c6aeb8e9f751514122842ab9f0229ef343b7723e481a278bb158d
                                      • Instruction ID: 84959b719d1aa6b64b146eee946ba7f708845e1183fbe85b77ea8220a5738d83
                                      • Opcode Fuzzy Hash: bb3cb203756c6aeb8e9f751514122842ab9f0229ef343b7723e481a278bb158d
                                      • Instruction Fuzzy Hash: CE414C30A003588FDB24EFB8C955BEDB7B1BF49308F1084AAD409AB694DB795E44CF61
                                      Function 04D00958 Relevance: .1, Instructions: 109COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b789db982232f90ae979d7721f33a71a68c637927a53d112e6e2f1b7c4efa2ce
                                      • Instruction ID: af8d5481ddf79fa518ec6941daaab55c661b92dc6c12fc16450d034a1c9291fc
                                      • Opcode Fuzzy Hash: b789db982232f90ae979d7721f33a71a68c637927a53d112e6e2f1b7c4efa2ce
                                      • Instruction Fuzzy Hash: C731C531B002119FEB15BB79E9117BE33A6EB8820CF14843A9505D77A4EF3D9D16C7A1
                                      Function 04D09688 Relevance: .1, Instructions: 107COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 16910fbfb0378f151ed1124b8ad09f8187a5408d3882a2c984b732ce6c1cf522
                                      • Instruction ID: 15f8865a14b676b5a3d7f447025f7b1d49a356216211ea47e02c71f20f9b246a
                                      • Opcode Fuzzy Hash: 16910fbfb0378f151ed1124b8ad09f8187a5408d3882a2c984b732ce6c1cf522
                                      • Instruction Fuzzy Hash: FD31BFB5B002059FDB14DF39D964BAEBBE6BF88204F148079E405EB3A1DB74AC058B90
                                      Function 04D000B8 Relevance: .1, Instructions: 97COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f91a5afae1a290533b47aef3ad2062d26e4e078118d661f8beb76586e6af3cf8
                                      • Instruction ID: d4be459dc3cdd02598ca3f387cd9b899ebc9aa589b9f93972b71715baf035ce6
                                      • Opcode Fuzzy Hash: f91a5afae1a290533b47aef3ad2062d26e4e078118d661f8beb76586e6af3cf8
                                      • Instruction Fuzzy Hash: 0431C2316043409FCB15EB78A8127AD3BA79B83258F2484BED001DB2D2DF799C05D3A2
                                      Function 04D036DF Relevance: .1, Instructions: 93COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1168699ba2414ced853c2ab7206f3745fef74cb7bd6f883e49005a3cd02cc269
                                      • Instruction ID: 45e54cd7ab005180c394853991fe6b160fa84f2a8e6430af5ce3907b21af7d2a
                                      • Opcode Fuzzy Hash: 1168699ba2414ced853c2ab7206f3745fef74cb7bd6f883e49005a3cd02cc269
                                      • Instruction Fuzzy Hash: 043180747012499FEB10DF69C850BAA77E5FF8A344F144869E501EB790E734ED0487A4
                                      Function 04D036F0 Relevance: .1, Instructions: 88COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fbb5bf1302e66ac20de00a2d141628e9687ca64cb6e2fc9ea6d1fcd1988029a2
                                      • Instruction ID: c065d90cb75cb687dd80e2f0714e144748d6b1f691f4b6ae791e4f093a4326ae
                                      • Opcode Fuzzy Hash: fbb5bf1302e66ac20de00a2d141628e9687ca64cb6e2fc9ea6d1fcd1988029a2
                                      • Instruction Fuzzy Hash: DD212D757412099FEB14DB69C880BAA73E9FFCA344F144868E501EB794EB34FD048B94
                                      Function 05511FE0 Relevance: .1, Instructions: 60COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4128027240.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5510000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 886c8a7877f87ae9d70792b9d993791e490d832f464bb7164016fc9f5cdabfa1
                                      • Instruction ID: 3a303f69c5a47644304ee7fa8561f625d014eb70a0e2ed438134d5813e9b0b87
                                      • Opcode Fuzzy Hash: 886c8a7877f87ae9d70792b9d993791e490d832f464bb7164016fc9f5cdabfa1
                                      • Instruction Fuzzy Hash: 2C11BAB5908341AFD350CF19D941A5BFBE4FB88664F04896EF998D7311E231E9048FA2
                                      Function 04D00118 Relevance: .1, Instructions: 60COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a6451b997db24c0f8f96f4faac5f907c2ce1b23cd5c3812a86ffe437c227b4d1
                                      • Instruction ID: 3ae456f69a1aa6147481544beddac070a2cf48725b6da3d634bf27911aa082e7
                                      • Opcode Fuzzy Hash: a6451b997db24c0f8f96f4faac5f907c2ce1b23cd5c3812a86ffe437c227b4d1
                                      • Instruction Fuzzy Hash: 2311A0326043405BCB29E778A5163AD2B979BC324CB2488BDD001CF391DFB98C0593A3
                                      Function 00E40814 Relevance: .1, Instructions: 59COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4124039755.0000000000E40000.00000040.00000020.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_e40000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bc878baaa95e68094904c360d55746834e67584a15a88b61c00a6ab2cb9869f3
                                      • Instruction ID: 4bb53f7f3858306fa819f5da0ec7f67aa6653303ec67f00c3ad927bfbf32831e
                                      • Opcode Fuzzy Hash: bc878baaa95e68094904c360d55746834e67584a15a88b61c00a6ab2cb9869f3
                                      • Instruction Fuzzy Hash: 7711B431604280DFC719CB14EA80B65B7A5AB9D70CF24C9BCE5492BB53C77BD802DA91
                                      Function 04D093A8 Relevance: .1, Instructions: 58COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 856a7d28db567117a4484f36c287e8a92ce6397f859b234bf7b95f459310c18d
                                      • Instruction ID: 1e7e6cbc6cf8b70f7e099c95925d2ee2b09ab4dcf8806bf11374c22e631e2098
                                      • Opcode Fuzzy Hash: 856a7d28db567117a4484f36c287e8a92ce6397f859b234bf7b95f459310c18d
                                      • Instruction Fuzzy Hash: 3A11C2B1A002058FCF14EF78991529E77FAAB89254B2045BDC41AE7794EB359E02CBD1
                                      Function 04D00007 Relevance: .1, Instructions: 57COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9d98b152344486abd7edf84317e7bee1cc37f6844f7573f9e14032c468914958
                                      • Instruction ID: 17eb4e115d57244357325d074ba385c495796712c865b43a5d06c7586ac07be2
                                      • Opcode Fuzzy Hash: 9d98b152344486abd7edf84317e7bee1cc37f6844f7573f9e14032c468914958
                                      • Instruction Fuzzy Hash: BE11CBA540F3C19FD7139334A8A16843F70AA43208B8F81DBC4D0CB5E7E218090ED362
                                      Function 05511E84 Relevance: .1, Instructions: 52COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4128027240.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5510000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1008302029625f5c4d5a6c9099a396833b02d1067b2e7e6f9f7c4547ef0415c9
                                      • Instruction ID: 0c5fdde69fa508f1df05e208a8e7957e6c857ef183a1976ae34862dd79b57d75
                                      • Opcode Fuzzy Hash: 1008302029625f5c4d5a6c9099a396833b02d1067b2e7e6f9f7c4547ef0415c9
                                      • Instruction Fuzzy Hash: 9F11FEB5508301AFD750CF09DC41E5BFBE8EB88660F04892EF99897711D231E9088FA2
                                      Function 00C1B128 Relevance: .1, Instructions: 52COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123698346.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c1a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6284ac1c21005bb616109bb9d05d073d7e9a6129a75b3770aa9476600b929705
                                      • Instruction ID: dd3cdab46fccfe477226fceef5da3c66590fc4e18bb863b2628824bfee3ff53b
                                      • Opcode Fuzzy Hash: 6284ac1c21005bb616109bb9d05d073d7e9a6129a75b3770aa9476600b929705
                                      • Instruction Fuzzy Hash: 9611BEB5508301AFD750CF09DD41E5BFBE8EB88660F14892EF99997711D271E9088FA2
                                      Function 00E407EA Relevance: .1, Instructions: 51COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4124039755.0000000000E40000.00000040.00000020.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_e40000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ef75dec4be0e178a52c089d9199e1bd124e56193775abb10320a25508aa2891a
                                      • Instruction ID: 66e639b4b4217cf6fae7e5dcf930cf7aa46ff6c1c6a4fe15f4af409bd8a271a9
                                      • Opcode Fuzzy Hash: ef75dec4be0e178a52c089d9199e1bd124e56193775abb10320a25508aa2891a
                                      • Instruction Fuzzy Hash: C02160345093C0CFC716CB10D990B15BFB1AF4A318F2986EED4895BAA3C33A9856CB51
                                      Function 00E405DF Relevance: .0, Instructions: 48COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4124039755.0000000000E40000.00000040.00000020.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_e40000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9e8a80384ef8b76f7742cd25621fbea521a0068859c1de704df574576fdcaa4b
                                      • Instruction ID: 4e7d1cab6c253eda0da8154aa80fa1b4b606b4973bd416c744af77b5d8bc3cfb
                                      • Opcode Fuzzy Hash: 9e8a80384ef8b76f7742cd25621fbea521a0068859c1de704df574576fdcaa4b
                                      • Instruction Fuzzy Hash: 7B01A7B650D7C06FD7228B16AC40862FFF8DE86620709C4EBE949CF652D1296809CB72
                                      Function 04D000A8 Relevance: .0, Instructions: 40COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 28e3d9c971220c27a534e24f097c753c23ae055bd31d546d1b0f99182b07dc3c
                                      • Instruction ID: 692b773d6bf3e1efc23f460c93cb4a63de50a42af5413283e4c24d3d272aecb2
                                      • Opcode Fuzzy Hash: 28e3d9c971220c27a534e24f097c753c23ae055bd31d546d1b0f99182b07dc3c
                                      • Instruction Fuzzy Hash: CEF0F632B45344ABDB04DFB09852BAE7BA69F81724F14856EE185DB1C2DA799841C740
                                      Function 04D00879 Relevance: .0, Instructions: 40COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fa666576111928dbc5b954e6a3fd9046ede05257a12fc739ea3c43d185d7c218
                                      • Instruction ID: 78198bbf133850e527fa9976ff418cad23c78c36ebb9c218131c3d30f59e2de9
                                      • Opcode Fuzzy Hash: fa666576111928dbc5b954e6a3fd9046ede05257a12fc739ea3c43d185d7c218
                                      • Instruction Fuzzy Hash: 19016174209341CFCB14EB78D55868D7BE1AFC530CB54882DE046C77A6EB348805DB52
                                      Function 00E408D0 Relevance: .0, Instructions: 31COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4124039755.0000000000E40000.00000040.00000020.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_e40000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e5ea9dab5dd5d1ef0c403e4a29202dcc4282872e17b0cfe76990cc76da85d1b3
                                      • Instruction ID: 3d7405738b890c36793534430e7beb3a46330f96acd695df2c374ca9807cdfd5
                                      • Opcode Fuzzy Hash: e5ea9dab5dd5d1ef0c403e4a29202dcc4282872e17b0cfe76990cc76da85d1b3
                                      • Instruction Fuzzy Hash: 03F0B635148644DFC716CF40DA80B15FBA2EB89718F24CAADE9491BA62C737A812DA81
                                      Function 00E40606 Relevance: .0, Instructions: 27COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4124039755.0000000000E40000.00000040.00000020.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_e40000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4308fb5e24508698b5876788325e3e980eaef636208b6665ff42607481eee08f
                                      • Instruction ID: acfb1d26ba5f96bc7c718e13fb0f5adcf2d4ce9bf7de189e79b659fbf561f56c
                                      • Opcode Fuzzy Hash: 4308fb5e24508698b5876788325e3e980eaef636208b6665ff42607481eee08f
                                      • Instruction Fuzzy Hash: 49E092B6605A405B9650CF0AEC41462F7D8EB84630B08C47FDC4D8BB01D239B909CEA5
                                      Function 0551204B Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4128027240.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5510000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6cd680d3e99adeb7ef6d224a397b248f874d179f16d0613a084a7b2429a88de7
                                      • Instruction ID: 967526ea0989022b5b0a252bcf2884d53a5fc017a7b27be7ee1475a24381f8fd
                                      • Opcode Fuzzy Hash: 6cd680d3e99adeb7ef6d224a397b248f874d179f16d0613a084a7b2429a88de7
                                      • Instruction Fuzzy Hash: F0E0D8F254030067D2208E069C46F62FB98DB44D31F04C567ED0C5B742E171B5148DF1
                                      Function 05511ED3 Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4128027240.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5510000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7425e9c952bda7951cc09368ab5247811119cedcd1584b196ba29fd4d69d65c9
                                      • Instruction ID: 128074bd9263ebdad97fcbbfc5f59d8d8bcd33deac985a4ba0681fb9928d75c0
                                      • Opcode Fuzzy Hash: 7425e9c952bda7951cc09368ab5247811119cedcd1584b196ba29fd4d69d65c9
                                      • Instruction Fuzzy Hash: 25E0D8B250030467D2609E069C46F63FBD8DB41D30F44C567ED0C5B702E172B5048DF1
                                      Function 055118F7 Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4128027240.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_5510000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 59bb789387d40f4c7a329c6b0cedffeb1ad01391dd0622f28bef413f2752c4f4
                                      • Instruction ID: b94ad9b1ab4818a565baa8c99a56ae977fd5d7ba9f249e4d6e1d655daa60aeba
                                      • Opcode Fuzzy Hash: 59bb789387d40f4c7a329c6b0cedffeb1ad01391dd0622f28bef413f2752c4f4
                                      • Instruction Fuzzy Hash: D0E0D8B250020067D2209E069C46F63FB98DB40D30F04C567ED0C5BB02E172B514CDF1
                                      Function 00C1B177 Relevance: .0, Instructions: 26COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123698346.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c1a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a9ea5969f9aa3dc05e3b05b23feec09f0408439515d52204d81da3a4d511fe9b
                                      • Instruction ID: 98e3833bca94793e44b6010db6b945aeecfbac30cb0ccd758c399b97e4a9f656
                                      • Opcode Fuzzy Hash: a9ea5969f9aa3dc05e3b05b23feec09f0408439515d52204d81da3a4d511fe9b
                                      • Instruction Fuzzy Hash: 49E0D8F254020467D2208E069C45F62FB98DB44931F04C567ED0C5B702E171B5048DF1
                                      Function 04D036A8 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 019dba8bc979ece4dff4c80929462bd8d704f4f3c740d720ff4bee6b72966150
                                      • Instruction ID: cad2e83fa1d9bf5fd553fdb384bd5a07f5b3bbd784aa440b05780ac81dcdb80f
                                      • Opcode Fuzzy Hash: 019dba8bc979ece4dff4c80929462bd8d704f4f3c740d720ff4bee6b72966150
                                      • Instruction Fuzzy Hash: 17E0C23110A350CFCB1A2B3590296483B31EB4730838404FDC8468B3A2DA7AD886CF80
                                      Function 04D09649 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9ea20c620f236459170afbf5d79770ca4c3e6e06bcd2d32f3243b1dfa5e8ec0d
                                      • Instruction ID: 73c39855805a987d20718b8f1a7f8baaf8c0da1b8d5987841dc5e489b9352334
                                      • Opcode Fuzzy Hash: 9ea20c620f236459170afbf5d79770ca4c3e6e06bcd2d32f3243b1dfa5e8ec0d
                                      • Instruction Fuzzy Hash: 3CD012B19062449FD7069B6199296A97F34DA13100B0441E6D896C72A2D9245E09D7F1
                                      Function 04D04200 Relevance: .0, Instructions: 20COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bee81edcbe2397bd724d414c309415e01aa6ca8393601d2eff5fff07172c89a5
                                      • Instruction ID: 45c3fa79c6b76a9d133ac6c67619e541912a9c29a85b338c74b2a99ab196da29
                                      • Opcode Fuzzy Hash: bee81edcbe2397bd724d414c309415e01aa6ca8393601d2eff5fff07172c89a5
                                      • Instruction Fuzzy Hash: C4E0C270A0A284EFC705DF74CD11A8C7FB0EB03304B0281E6D989CB2A2EA315E04DB92
                                      Function 04D094F8 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 677d06eb9359dee3cc2a1cdf60c7980bfae5521bc7a5f55d842892c0b6224ea5
                                      • Instruction ID: 4c8ded0d4a48ffc4f104bb1307e7abfcb416e1b5896189fedbeb11d85f1f3039
                                      • Opcode Fuzzy Hash: 677d06eb9359dee3cc2a1cdf60c7980bfae5521bc7a5f55d842892c0b6224ea5
                                      • Instruction Fuzzy Hash: F3D022B002E3444FC7060772283A3593F386A0300430081DAE88ACB1B3E9288C0483F9
                                      Function 00C023F4 Relevance: .0, Instructions: 15COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123612869.0000000000C02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C02000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c02000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5e35946aa9a22ed60fa895130d7835fd2a96bdf7bded551860ac7cb217fd4eef
                                      • Instruction ID: f1ef08f4f31ba5f2df31b79bd72e60fa3de0ba04a2f7839f33663fdda7192d81
                                      • Opcode Fuzzy Hash: 5e35946aa9a22ed60fa895130d7835fd2a96bdf7bded551860ac7cb217fd4eef
                                      • Instruction Fuzzy Hash: A6D05E792056D14FD3269A1CC6A8B9937D4AB51B14F4A44F9AC00CB7A3C768DA81E600
                                      Function 04D04210 Relevance: .0, Instructions: 14COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b275704204140e96e037271b676a2fa66f8d80ea8305ada57a3abe86f3e4e1fe
                                      • Instruction ID: 81ca52ad24643986e8aa4527147d434859955baf289fc9866e935a7aa09ab937
                                      • Opcode Fuzzy Hash: b275704204140e96e037271b676a2fa66f8d80ea8305ada57a3abe86f3e4e1fe
                                      • Instruction Fuzzy Hash: D1D0C971A15208EF8744EFA8DD0199DB7F9EB46319B1141AAA80AD3750EE325E04DB81
                                      Function 00C023BC Relevance: .0, Instructions: 14COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123612869.0000000000C02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C02000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c02000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9365664e1d67e91de23275c0a5272e2b64312bc58634eaf5d8ce89acde314ab5
                                      • Instruction ID: 4815a34f196efc660312cad243d0eb37574bacc51be0582cf427d618f3d167ee
                                      • Opcode Fuzzy Hash: 9365664e1d67e91de23275c0a5272e2b64312bc58634eaf5d8ce89acde314ab5
                                      • Instruction Fuzzy Hash: 31D05E342002814BCB25DA0CD2D8F5937D8AB40714F0644E8AC208B7B2C7B8D9C5DA00
                                      Function 04D09530 Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4127553232.0000000004D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D00000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4d00000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ae1f2b77ad89515a98c7bc2689050734049bca7b68edae70693e4950ad4cec43
                                      • Instruction ID: 627fdacd0446f7032439d0f2eccd0a0b43ebed9aaf5bb8aa5bba1868dcae3833
                                      • Opcode Fuzzy Hash: ae1f2b77ad89515a98c7bc2689050734049bca7b68edae70693e4950ad4cec43
                                      • Instruction Fuzzy Hash: EBC08C313001148BC610AB7CE004D96B3ECEF4E124B2145BAE14CC7311CE76AC0087E1

                                      Non-executed Functions

                                      Function 00C0247C Relevance: .2, Instructions: 198COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123612869.0000000000C02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C02000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c02000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b58ae974e835406bab3d62af0bf4a95a7619d7ea1d1b59caa0a68ff81c4385b1
                                      • Instruction ID: 7c6a870a37459ef2b12d056267983697c6bcf17fc55f6189ccb24c0a8d59d12f
                                      • Opcode Fuzzy Hash: b58ae974e835406bab3d62af0bf4a95a7619d7ea1d1b59caa0a68ff81c4385b1
                                      • Instruction Fuzzy Hash: 2891076150EBD58FD717CB3489AA144BF70AE1360078E82DFC895CF5EBE7295809CB62
                                      Function 00C1C0B0 Relevance: .1, Instructions: 97COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123698346.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c1a000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 219c1f133fa9d6bd7e0b59bbc9a622e262ba3864cbf857d30ef4fa10e60549b5
                                      • Instruction ID: 31a10f4cec3eddafd33d854b8673d8c574e179e25dff09ca4848d8a7212761d4
                                      • Opcode Fuzzy Hash: 219c1f133fa9d6bd7e0b59bbc9a622e262ba3864cbf857d30ef4fa10e60549b5
                                      • Instruction Fuzzy Hash: 29315A32808F49CBCF115F2A999A1CA7B20EF07275F16438AC2754F9E6E3204C8BD746
                                      Function 00C02BCF Relevance: .1, Instructions: 83COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123612869.0000000000C02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C02000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c02000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f30885ae77567cf37fb8bebedf7ae6310d1a867fb8aa8556cdffb152412fa0e1
                                      • Instruction ID: fe9a5b5b29c5700f878efc6af42a696853f2ae9495aa9322812978e7f471e889
                                      • Opcode Fuzzy Hash: f30885ae77567cf37fb8bebedf7ae6310d1a867fb8aa8556cdffb152412fa0e1
                                      • Instruction Fuzzy Hash: 9831456104EBD08FCB078B3448A6085BF71AE1360478A85DFC484CF5EBD71A990AC7A2
                                      Function 00C025FE Relevance: .1, Instructions: 61COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.4123612869.0000000000C02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C02000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_c02000_W9UAjNR4L6.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a826f23a0b9494ee4e2570d4ec60a8c7d3405de5e8dde0b8ae02debc49425b5b
                                      • Instruction ID: 38b75ad9802fbb4bb448aea92a7853867f19af5db3a52c6978f38e1ac013559b
                                      • Opcode Fuzzy Hash: a826f23a0b9494ee4e2570d4ec60a8c7d3405de5e8dde0b8ae02debc49425b5b
                                      • Instruction Fuzzy Hash: BD21B22140EBC48FDB178F3448A6054BF70AE2360038A82DFC895CF5EBD7294959CB62